Re: how to ssh to a linux box from an internet cafe
On Wed, Jul 25, 2007 at 05:14:22PM +0300, Nick Demou wrote: I'll soon be on vacations without my PC. I believe that internet access from an internet cafe will be my best option. If things go for the worse how can I ssh to my debian server? I suppose that a PC in most internet cafes will be willing to download and run putty.exe but am I right? If not is there any other option? Just to mention the obvious, most access is through client-server programs like ssh. So, before you leave, you need to install the ssh server on your home machine, then test it with the ssh client program on localhost first and if you have a chance, from a remote host. If not a client-server program, then maybe a web-based control panel, although then you have to install apache and make sure that works remotely then. -K -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal |mysite.verizon.net/kevin.mark/| | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keyserver: subkeys.pgp.net | my NPO: cfsg.org | |join the new debian-community.org to help Debian! | |___ Unless I ask to be CCd, assume I am subscribed ___| -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to ssh to a linux box from an internet cafe
On Fri, Jul 27, 2007 at 02:02:36AM -0400, Kevin Mark wrote: On Wed, Jul 25, 2007 at 05:14:22PM +0300, Nick Demou wrote: I'll soon be on vacations without my PC. I believe that internet access from an internet cafe will be my best option. If things go for the worse how can I ssh to my debian server? I suppose that a PC in most internet cafes will be willing to download and run putty.exe but am I right? If not is there any other option? Just to mention the obvious, most access is through client-server programs like ssh. So, before you leave, you need to install the ssh server on your home machine, then test it with the ssh client program on localhost first and if you have a chance, from a remote host. If not a client-server program, then maybe a web-based control panel, although then you have to install apache and make sure that works remotely then. The other issue to consider is the method you use to authenticate from the cafe. Assume that anything you type in (or attach via USB) will remain on the cafe's box. You may want to set up a series of one-time passwords for ssh. I've never ssh'd in from the internet so I haven't needed the feature but I think its there. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to ssh to a linux box from an internet cafe
On Fri, Jul 27, 2007 at 08:34:08AM -0400, Douglas Allan Tutty wrote: On Fri, Jul 27, 2007 at 02:02:36AM -0400, Kevin Mark wrote: On Wed, Jul 25, 2007 at 05:14:22PM +0300, Nick Demou wrote: I'll soon be on vacations without my PC. I believe that internet access from an internet cafe will be my best option. If things go for the worse how can I ssh to my debian server? I suppose that a PC in most internet cafes will be willing to download and run putty.exe but am I right? If not is there any other option? Just to mention the obvious, most access is through client-server programs like ssh. So, before you leave, you need to install the ssh server on your home machine, then test it with the ssh client program on localhost first and if you have a chance, from a remote host. If not a client-server program, then maybe a web-based control panel, although then you have to install apache and make sure that works remotely then. The other issue to consider is the method you use to authenticate from the cafe. Assume that anything you type in (or attach via USB) will remain on the cafe's box. You may want to set up a series of one-time passwords for ssh. I've never ssh'd in from the internet so I haven't needed the feature but I think its there. on the assumption that the cafe box is rooted, add an abstraction layer. Get a shell account somewhere (google free shells) and activate it (usually only a few dollars) so you can use the network tools. Then setup pubkey authentication from that shell account to your box (maybe encrypt the keys too with a one time pgp key, probably do the encryption on your local box so that its not done on an account of unknown security). Then log into the shell account from the cafe box and then from the shell account ssh in to your system. First thing after you log in, delete the pubkey used to get access. That makes it a one time transaction. When you're done with the session, delete the keys from the shell account and then cancel the shell account. Done. Any keylogger on the cafe box only gets access to your login to the shell account. Everything else is safe from that cafe box. Of course, whatever you type in the cafe box will be snopped, so you'll want to avoid subsequently using passwords for stuff on your box, if possible, but the keys won't be accessible to that cafe box. Then when you delete the ssh keys from the shell account, there is no longer any access to your box from that account. The cancellation of the shell account is probably not needed, but is the right thing to do since we assume that account is compromised. hmmm... as i review this, it also occurs to me that just putting a set of keys on a floppy, or usb key or whatever is fine provided the first thing you do when you login using that key is delete it from the .ssh/authorised_keys file. Then you are stuck at the one session. You could even create a single-use user for this purpose. Set up the user with whatever stuff you need in sudo (the sudo password will get snooped, but that's okay) and put one key in the authorised-keys file. write a custom .bashrc (or is it .profile? i can never remember) that will delete the authorised_keys file upon login. That's it. You get to use it once and its done. I like that one. Anyone care to comment on it? A signature.asc Description: Digital signature
Re: how to ssh to a linux box from an internet cafe
On Fri, Jul 27, 2007 at 11:22:47AM -0700, Andrew Sackville-West wrote: On Fri, Jul 27, 2007 at 08:34:08AM -0400, Douglas Allan Tutty wrote: The other issue to consider is the method you use to authenticate from the cafe. Assume that anything you type in (or attach via USB) will remain on the cafe's box. You may want to set up a series of one-time passwords for ssh. I've never ssh'd in from the internet so I haven't needed the feature but I think its there. on the assumption that the cafe box is rooted, add an abstraction layer. Get a shell account somewhere (google free shells) and activate it (usually only a few dollars) so you can use the network tools. Then setup pubkey authentication from that shell account to your box (maybe encrypt the keys too with a one time pgp key, probably do the encryption on your local box so that its not done on an account of unknown security). Then log into the shell account from the cafe box and then from the shell account ssh in to your system. First thing after you log in, delete the pubkey used to get access. That makes it a one time transaction. When you're done with the session, delete the keys from the shell account and then cancel the shell account. Done. Any keylogger on the cafe box only gets access to your login to the shell account. Everything else is safe from that cafe box. Of course, whatever you type in the cafe box will be snopped, so you'll want to avoid subsequently using passwords for stuff on your box, if possible, but the keys won't be accessible to that cafe box. Then when you delete the ssh keys from the shell account, there is no longer any access to your box from that account. The cancellation of the shell account is probably not needed, but is the right thing to do since we assume that account is compromised. hmmm... as i review this, it also occurs to me that just putting a set of keys on a floppy, or usb key or whatever is fine provided the first thing you do when you login using that key is delete it from the .ssh/authorised_keys file. Then you are stuck at the one session. You could even create a single-use user for this purpose. Set up the user with whatever stuff you need in sudo (the sudo password will get snooped, but that's okay) and put one key in the authorised-keys file. write a custom .bashrc (or is it .profile? i can never remember) that will delete the authorised_keys file upon login. That's it. You get to use it once and its done. I like that one. Anyone care to comment on it? I haven't got it installed so I can't read the docs, but what about libpam-opie? From the description in aptitude: Use OPIE one time passwords for PAM authentication. A one time password is usefull to avoid having your password sniffed and reused if you log in via an unencrypted channel or from a compromised system. The PAM module enables OPIE for programs such as SSH which use PAM for authentication. There are probably lots of different ways to securly log in from an unsecured box over an unsecured network, however, there are probably many more ways to think you are doing so securely when in fact you are not. Knowing one from the other depends on knowing exactly what you want to do on your own box via an unsecured one. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
how to ssh to a linux box from an internet cafe
I'll soon be on vacations without my PC. I believe that internet access from an internet cafe will be my best option. If things go for the worse how can I ssh to my debian server? I suppose that a PC in most internet cafes will be willing to download and run putty.exe but am I right? If not is there any other option? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to ssh to a linux box from an internet cafe
Try this... http://www.webssh.org/?t=webssh Slow, and not running on https, But if in dire need, it can suffice... Later, Larry - Original Message - From: Nick Demou [EMAIL PROTECTED] To: debian-user@lists.debian.org Sent: Wednesday, July 25, 2007 10:14 AM Subject: how to ssh to a linux box from an internet cafe I'll soon be on vacations without my PC. I believe that internet access from an internet cafe will be my best option. If things go for the worse how can I ssh to my debian server? I suppose that a PC in most internet cafes will be willing to download and run putty.exe but am I right? If not is there any other option? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to ssh to a linux box from an internet cafe
Use a USB thumb disk. I got a brand new 1GB stick from Best Buy for fairly cheap. Install all necessary programs on it -- Putty, Firefox, Emacs/Vim, GIMP, etc. The more the better. If you have room, install Cygwin (I'd suggest getting a 2GB stick for that, though). It is almost certain that an Internet cafe will let you plug in a USB disk, and then you have a nice set of programs to work with. Cheers! -- Leonid Grinberg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to ssh to a linux box from an internet cafe
On Wed, 25 Jul 2007 17:14:22 +0300 Nick Demou [EMAIL PROTECTED] wrote: I'll soon be on vacations without my PC. I believe that internet access from an internet cafe will be my best option. If things go for the worse how can I ssh to my debian server? I suppose that a PC in most internet cafes will be willing to download and run putty.exe but am I right? If not is there any other option? I don't know whether they will, but here's [0] a very useful list of options for when you can't install a proper ssh client. Note that *whatever* you do from a public computer that isn't under your control is fundamentally insecure; the machine could be keylogging, and even if you're using ssh key based login, if someone else is controlling the machine, any data entering the machine can in principle be sniffed and captured. I admit that I would still access my machine from a public terminal if the consequences of a compromise weren't that high and / or if I had some modicum of trust in the operator. [0] http://anyterm.org/compared.html Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to ssh to a linux box from an internet cafe
* Leonid Grinberg [EMAIL PROTECTED] 2007-07-25 Use a USB thumb disk. A portable hard drive has much better value-for-money. But it is not as resistant to shock. http://research.iiit.ac.in/~masatran/gadgets/external-drive. -- Masatran, R. Deepak http://research.iiit.ac.in/~masatran/ pgpW3aEIaaJHz.pgp Description: PGP signature
Re: how to ssh to a linux box from an internet cafe
hi, On 7/25/07, Nick Demou [EMAIL PROTECTED] wrote: I'll soon be on vacations without my PC. I believe that internet access from an internet cafe will be my best option. If things go for the worse how can I ssh to my debian server? I suppose that a PC in most internet cafes will be willing to download and run putty.exe but am I right? If not is there any other option? how about ajaxterm? http://antony.lesuisse.org/qweb/trac/wiki/AjaxTerm martin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to ssh to a linux box from an internet cafe
On Wed, 25 Jul 2007 20:31:38 +0530 Masatran, R. Deepak [EMAIL PROTECTED] wrote: * Leonid Grinberg [EMAIL PROTECTED] 2007-07-25 Use a USB thumb disk. A portable hard drive has much better value-for-money. But it is not as resistant to shock. http://research.iiit.ac.in/~masatran/gadgets/external-drive. But flash is cheaper on an absolute basis; 1 GB sticks can be readily had for $10 US or less after rebates. It's also much smaller. Masatran, R. Deepak http://research.iiit.ac.in/~masatran/ Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to ssh to a linux box from an internet cafe
On Wed, 25 Jul 2007 17:14:22 +0300 Nick Demou [EMAIL PROTECTED] wrote: I'll soon be on vacations without my PC. I believe that internet access from an internet cafe will be my best option. If things go for the worse how can I ssh to my debian server? I suppose that a PC in most internet cafes will be willing to download and run putty.exe but am I right? If not is there any other option? Nick - DO NOT access any meaningful device from an internet cafe. They tend (not all) to be infected boxen even down to key loggers. I hang out on DALnet and se many, many users complaining that they lost nicks and channels do to ID'ing to DALnet services via cafe's. Most of the time it comes down to compromised cafe boxen and key loggers. Just my .02 worth. -- Best regards, Chris Registerd Linux user number 448639 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to ssh to a linux box from an internet cafe
On 7/25/07, Chris [EMAIL PROTECTED] wrote: [...] DO NOT access any meaningful device from an internet cafe. They tend (not all) to be infected boxen even down to key loggers. I'll only do it if things go for the worst and I've allready setup a simple one-time-password mechanism which allthough it can't deter a determined hacker it is more than enough to deter automated attacks: I've setup a temporary user account to the one and only server I will be directly SSHing. I will delete the account as soon as I am back. Also the login shell for this account is a simple python program that implements my childish one-time-password mechanism. After three consequent failed attempts from the same IP the program kills the account. ... I think this is good enough. Good enough in the sense that they're probably gonna get me anyway some day but it wont be easy :). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to ssh to a linux box from an internet cafe
On 7/25/07, Celejar [EMAIL PROTECTED] wrote: On Wed, 25 Jul 2007 17:14:22 +0300 Nick Demou [EMAIL PROTECTED] wrote: I'll soon be on vacations without my PC. I believe that internet access from an internet cafe will be my best option. If things go for the worse how can I ssh to my debian server? [...] I don't know whether they will, but here's [0] a very useful list of options for when you can't install a proper ssh client. [...] Thanks... *very* comprehensive list [0] http://anyterm.org/compared.html I quote from that page: This page compares Anyterm with other methods of providing remote access to a computer. These methods vary in their requirements of the server and client computers and the nature of the network between them (firewalls!) and the security and type of access that they provide. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to ssh to a linux box from an internet cafe
Nick Demou wrote: I'll soon be on vacations without my PC. I believe that internet access from an internet cafe will be my best option. If things go for the worse how can I ssh to my debian server? I suppose that a PC in most internet cafes will be willing to download and run putty.exe but am I right? If not is there any other option? Are you bent upon using ssh? If not, give vnc a try. You will be running VNC server on your home machine. In the internet cafe (or from any machine for that matter), you can use a web browser to connect to that vnc session. No software to install on the client side except a java enabled web browser. The downside of using VNC is that you will be using tons of bandwidth as opposed to using say an ssh client or nxclient. hth raju -- Kamaraju S Kusumanchi http://www.people.cornell.edu/pages/kk288/ http://malayamaarutham.blogspot.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]