[techtalk] Almost arrested for using telnet
Mary Gardiner
linuxchix at puzzling.org
Mon May 14 15:42:20 EST 2001
On Mon, May 14, 2001 at 01:07:07AM -0400, Christian MacAuley wrote:
> About accessing SSH from any old place ...
>
> One of my friends is using a Java applet called Mindterm to use SSH from any
> web browser. He just goes to a web page where the applet is embedded. It's
> pretty cool, but i don't know what added security risks are involved. Anyone
> else know?
> http://www.mindbright.se/mindterm/
>
> ~Christian
It would have two problems that I can see:
1) If you connect to it remotely in http, not https, your password/phrase will
pass to the webserver in clear text, negating the whole point of ssh.
2) There is an untrusted middle party involved - even if you connect to the
website in https, they decrypt your password/phrase and the ssh connection from
them to server reencrypts and sends. Hence the server has a chance to grab
the passphrse. They do talk about 'tunneling' in their FAQ, so perhaps they
are avoiding this.
Does MindTerm solve these?
Mary.
--
Mary Gardiner
<mary at puzzling.org>
GPG Key ID: 77625870
More information about the Techtalk
mailing list