Keylogging and SSH. A question.

General Questions
#1

No specifics, but nothing illegal or happening.

Most days my computer use involves using a PC outside my home. I know that keylogging is used from those computers. The keylogging is supposedly for security reasons only. This is understandable as a person could do some serious mayhem and they need to know about it if it does. However, for some things such as accessing my bank account and other sensitive content, I’d prefer passwords/etc to not be known by people I really don’t know.

Now, to everyone that’s going to say “Do it on your home computer”, let me say that there are days when a payment is due before I get home, and the money isn’t available until that morning after I leave home. The point is, nothing illegal, treasonous or underhanded.

Anyway, I use Putty and SSH to “tunnel” to my home system, then access any private stuff. What I’m wondering is this.

I know when I use this config, it’s undetected by the SysOp. It just looks like noise. But is the keylogging still able to pick up the passwords, etc.? Am I really keeping private info private doing this? Or am I just using a fancy way of giving away a lot of personal info?

#2

The keylogger still logs everything you type into your SSH terminal. It’s not encrypted until it goes out on the network.

#3

There’s no reason why the keylogger would NOT pick up your keystrokes, regardless of the type of remote session you have. Additionally, since your workstation is “compromised” (by the sysops) you should know it would be possible for them to decrypt your session information, since they would theoretically have access to the negotiated keys when your session is established. This may be unlikely, but it’s possible. SSH is designed to keep your session private from outside intrusion; once someone has complete access to your machine locally, all bets are off.

Short answer: there’s no way to be sure of anything on a work PC, and you have to assume they can always see everything.

#4

As others have said, you should assume the keylogger will pick up everything you type, no matter what program you’re typing it into.

You can hide your SSH password from the keylogger by using public key authentication instead of a password, carrying your private SSH key around on a USB flash drive or floppy disk - that is, if the computers you’re using have available USB ports or floppy drives. The logger will still catch your key passphrase if the key is encrypted (a good idea in case your disk gets stolen), so make up a new passphrase that you only use for the SSH key, and hope that if your disk does get stolen, the thief isn’t the same sysadmin who has access to your key logs. Also, hope that the system isn’t automatically making copies of the disk’s contents.

Anything you type into the SSH session will of course be logged, so if it’s possible, you should get the browser on your home system to memorize the passwords so you won’t have to type them while you’re away.

#5

Solution #3: Use a live CD (e.g., Knoppix) and store your settings and data on a USB drive. Insert CD, boot, plug in drive.

I work on “fixing” screwed up PCs from time to time and I never type personal info into such a machine. I always assume that there’s lots of Bad Things running on the machine.

Boot CDs and USB drives are the way to go.

#6

That might not work if it’s a hardware keylogger, or if the sysadmins notice you booting your own OS.

#7

If you are booting your own os on a machine will circumvent any software protection they have in place, problem is the lack of preconfigured security handling or an OS using non standard protocols for your company may be flagged as some kind of hack attempt and would get your IT people in a HUGE snit if detected and or backtracked. Hardware tracking could care less what your OS is, it will still have it.

Where I used to work, if anything like that happened everyone would be looking at me. Anyone else there would be lucky to get their email let alone load another OS.

#8

I fix PC’s for a living and I can’t think of one good reason to access any of my security risk personal data from a client machine.