Timothy Bolz wrote: > Wouldn't cygwin and sshd be insecure because it's on a windows box. Because > in windows you can run keyborard loggers and other programs. Just Curious.
I already read Cory's reply to this question, and I'm going to take the opposite viewpoint. Yes, you should always be careful where you run the ssh client. Every time you run the client, you make it possible for anyone who 0wnz the client host to also 0wn the remote host. It's dangerous to run ssh on a computer whose software you haven't audited or installed, such as a public workstation. It's dangerous to daisychain ssh connections, i.e., sit at A, ssh into B, then from B ssh into C. It's dangerous to run ssh clients whose origin you don't know, such as the free Java ssh that's floating around, or one that just happens to be on the box already. And since Windows boxes, especially 9X and ME, are inherently hard to secure, yes, you're taking an extra risk running ssh on Windows rather than on a Unix box. On the other hand, it's not guaranteed that you'll get hacked when you do one of those unsafe things. You might get away with it for years. I don't know anyone who practices 100% safe computing all the time. -- Bob Miller K<bob> kbobsoft software consulting http://kbobsoft.com [EMAIL PROTECTED]
