On Tue, Jan 3, 2012 at 12:48 AM, Bennett Haselton <bennett at peacefire.org> wrote: > >> You can also set up openvpn on the server and control ports like ssh to >> only be open to you if you are using an openvpn client to connect to the >> machine. > > True but I travel a lot and sometimes need to connect to the machines > from subnets that I don't know about in advance. Have you ever typed your password on a machine you didn't control? Or even one that was not completely secure (i.e. could have had a hardware keylogger attached, or a software key logger installed by a trojan, virus, or wifi hack)? If so, you might be missing the most likely possibility for someone having your password: simply grabbing it as you type before ssh gets a chance to encrypt it. -- Les Mikesell lesmikesell at gmail.com