Re: [techtalk] Almost arrested for using telnet

Sun, 13 May 2001 22:09:17 -0700 

On Mon, May 14, 2001 at 01:07:07AM -0400, Christian MacAuley wrote:
> About accessing SSH from any old place ...
> 
> One of my friends is using a Java applet called Mindterm to use SSH from any
> web browser. He just goes to a web page where the applet is embedded. It's
> pretty cool, but i don't know what added security risks are involved. Anyone
> else know?
> http://www.mindbright.se/mindterm/
> 
> ~Christian

It would have two problems that I can see:

1) If you connect to it remotely in http, not https, your password/phrase will
pass to the webserver in clear text, negating the whole point of ssh.

2) There is an untrusted middle party involved - even if you connect to the
website in https, they decrypt your password/phrase and the ssh connection from
them to server reencrypts and sends. Hence the server has a chance to grab
the passphrse. They do talk about 'tunneling' in their FAQ, so perhaps they
are avoiding this.

Does MindTerm solve these?

Mary.

-- 
Mary Gardiner
<[EMAIL PROTECTED]>
GPG Key ID: 77625870

_______________________________________________
techtalk mailing list
[EMAIL PROTECTED]
http://www.linux.org.uk/mailman/listinfo/techtalk

Reply via email to