In message <>, Greg A. Woods writes:
>
> This is a *VERY* critical issue for SSH users to understand. You cannot
> safely walk up to your mortal enemy's computer (or any other un-trusted
> computer) and use it to open an SSH connection into your secure network
> no matter how careful you are to do all the actual authentication on a
> separate disconnected hardware device, or how unique your one-time
> password is.
Precisely. All the off-board hardware you can think of protects private
keys; it does nothing to protect the actions taken under authority of
those keys.
