Marcel Duchamp wrote:
> Jake Anderson wrote:
>
>   
>> I'm with rolf on this one
>> setup SSH, it gives you lots of flexibility in addition to generic file 
>> transfer. It will also let you tunnel connections through it and the 
>> like which might be handy.
>>     
>
> Innocent bystander question... suppose Russell goes to China and needs 
> to get some files from his box back home.  He (for the sake of my 
> question) has lost his laptop, didn't bring it, etc. and the only 
> accessible computer is a cyber-cafe with possible keystroke logger, etc.
>
> Does the SSH technique prevent others from capturing passwords and such? 
>   How does the idea work to keep outsiders out of his box back home?
>
> Enquiring minds want to know...
>
> Me: total newby minus one.
>   
If he uses password authentication then your hosed.
If you use certificate auth then its ok, of course the certificate is 
more than likley on the laptop.
The only way around it is some kind of jumping screen keyboard that you 
enter your password on with a mouse.
Of course if they record the screen your still hosed.

Pretty much the same with all encryption techniques. They only prevent 
somebody between the two end points gaining access. If an end point is 
compromised then all bets are off.


I spose the only way around it would be a challenge response type 
password question.
you memorise some formula (or use a physical doohickey), the remote end 
gives you the challenge in the form of a number (or two). You perform 
some maths on that number and you reply with the answer.

Same way passwords are authenticated now without sending the password 
over the network, you just take the hashing functions from the computer 
and perform them in your head or on some "trusted" device.
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist