On Feb 11, 1:37pm, Steve Bellovin wrote:
> In message <>, Greg A. Woods writes:
> > This is a *VERY* critical issue for SSH users to understand. You cannot
> > safely walk up to your mortal enemy's computer (or any other un-trusted
> > computer) and use it to open an SSH connection into your secure network
> > no matter how careful you are to do all the actual authentication on a
> > separate disconnected hardware device, or how unique your one-time
> > password is.
>
> Precisely. All the off-board hardware you can think of protects private
> keys; it does nothing to protect the actions taken under authority of
> those keys.
I understand Greg's and Steve's points and agree with them, but when I am
forced to use ssh on an unsecured client I still feel more comfortable using
off-board hardware authentication because it at least limits the kinds of
attacks that can be done and it limits vulnerability to attacks that
occurred before or during its use and leaves nothing like a private key
around to be exploited later. Not much, but better than nothing.
- Dave Dykstra
