>Couldn't you set up iptables on yourdomain.com to drop all
>incoming packets that don't originate from your work desktop?

Most likely your work machine sits behind a firewall, so everybody connecting from work (including a curious admin) will look like they're originating from the same place.

Given that the OpenSSH server and client are both open source, it wouldn't be *too* hard to modify the code so that they no longer exactly implement the SSH protocol. If you telnet to a ssh daemon, the first thing it does is identify itself as an ssh daemon. You get the string "OpenSSH" passed to you in plaintext. All you'd need to "disguise" your ssh service is to replace that string with some unintelligible ASCII garbage, then modify your client to detect the same sequence of bytes.

>I put my laptop pr0n in a password protected zip file like
>that in a last-minute stint of paranoia when I went to
>thailand (it's illegal there). Much to my dismay, the contents
>of the folder could still be listed...

Wow. That's really dumb. Of the zip guys, not you. I had no idea it worked that way. Easy workaround: put a zipfile inside a zipfile. Unfortunately, password protection isn't supported in the win32 port of "zip" that I use. Would need to get an old command-line version of PKZIP.