On Fri, Jul 27, 2007 at 11:22:47AM -0700, Andrew Sackville-West wrote:
> On Fri, Jul 27, 2007 at 08:34:08AM -0400, Douglas Allan Tutty wrote:
>
> > The other issue to consider is the method you use to authenticate from
> > the cafe. Assume that anything you type in (or attach via USB) will
> > remain on the cafe's box. You may want to set up a series of one-time
> > passwords for ssh. I've never ssh'd in from the internet so I haven't
> > needed the feature but I think its there.
>
> on the assumption that the cafe box is rooted, add an abstraction
> layer. Get a shell account somewhere (google free shells) and activate
> it (usually only a few dollars) so you can use the network tools. Then
> setup pubkey authentication from that shell account to your box (maybe
> encrypt the
> keys too with a one time pgp key, probably do the encryption on your
> local box so that its not done on an account of unknown
> security). Then log into the shell account from the cafe box and then
> from the shell account ssh in to your system. First thing after you
> log in, delete the pubkey used to get access. That makes it a one time
> transaction. When you're done with the session, delete the keys from
> the shell account and then cancel the shell account. Done.
>
> Any keylogger on the cafe box only gets access to your login to the
> shell account. Everything else is safe from that cafe box. Of course,
> whatever you type in the cafe box will be snopped, so you'll want to
> avoid subsequently using passwords for stuff on your box, if possible,
> but the keys won't be accessible to that cafe box. Then when you
> delete the ssh keys from the shell account, there is no longer any
> access to your box from that account. The cancellation of the shell
> account is probably not needed, but is the right thing to do since we
> assume that account is compromised.
>
> hmmm... as i review this, it also occurs to me that just putting a
> set of keys on a floppy, or usb key or whatever is fine provided the
> first thing you do when you login using that key is delete it from the
> .ssh/authorised_keys file. Then you are stuck at the one session.
>
> You could even create a single-use user for this purpose. Set up the
> user with whatever stuff you need in sudo (the sudo password will get
> snooped, but that's okay) and put one key in the authorised-keys
> file. write a custom .bashrc (or is it .profile? i can never remember)
> that will delete the authorised_keys file upon login. That's it. You
> get to use it once and its done. I like that one. Anyone care to
> comment on it?
I haven't got it installed so I can't read the docs, but what about
libpam-opie? From the description in aptitude:
Use OPIE one time passwords for PAM authentication. A one time
password is usefull to avoid having your password sniffed and
reused if you log in via an unencrypted channel or from a
compromised system. The PAM module enables OPIE for programs
such as SSH which use PAM for authentication.
There are probably lots of different ways to securly log in from an
unsecured box over an unsecured network, however, there are probably
many more ways to think you are doing so securely when in fact you are
not. Knowing one from the other depends on knowing exactly what you
want to do on your own box via an unsecured one.
Doug.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
