IB> But can I trust that program ? How do I know the guy that posted IB> that binary didn't hacked it and every time I connect, my IB> password and account isn't e-mailed to him ? Actually this is my IB> concern. Run a web server on the same box as your sshd. Install MindTerm (a GPLed Java SSH-1 client, http://www.mindbright.se/mindterm/ ) somewhere on the site, and run a Java-capable browser on your friend's OS instead of his installed binary. This downloads the MindTerm applet, and allows you to connect to the sshd. It works for me, and it's as secure as the Java browser and your web connection (use SSL to download the applet!). I think fewer people are willing to try hacking a backdoor into Java than they are into a binary that they know will be used for the specific purpose of secure logins. Boycott ssh! Use MindTerm and help with lsh (an SSH-2 implementation, http://www.lysator.liu.se/~nisse/archive/ ), that is if you can understand the wacky homegrown C object system it uses. ;)