Re: Securing ssh tunnels.
From: Brian Hatch (secure-shell_at_ifokr.org)
Date: 06/26/03
- Previous message: Brian Hatch: "Re: Securing ssh tunnels."
- In reply to: Ben Lindstrom: "Re: Securing ssh tunnels."
- Next in thread: Paul Newhouse: "Re: Securing ssh tunnels."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Jun 2003 10:25:06 -0700 To: Ben Lindstrom <mouring@etoh.eviladmin.org>
> There is SSL Telnet, but I have no references to that any more. Kinda a
> hack to the original telnet protocol to allow it to be encrypted. There
> is also stunnel, but I know zero about that.
Stunnel will let you encrypt arbitrary cleartext protocols inside SSL.
It's great for securing code to which you don't have the source,
or if you don't have the SSL knowledge to build in native SSL support.
For example if you want to SSLify your POP or IMAP server, Stunnel
is easy and secure[1].
However when something better is available, Stunnel is not the answer.
For example Apache has apache-ssl or mod_ssl - use one of those, they're
built in. For logging in remotely/secure file transfer/etc, use SSH.
Any wrapper has it's limitations. If your telnet uses OOB data, for
example, that'll get inlined in Stunnel, which could cause problems.
[1] When done right - you need to check certificates, of course.
-- Brian Hatch "Do you understand Systems and everything you say, sir?" Security Engineer "Yes, if I listen http://www.ifokr.org/bri/ attentively." Every message PGP signed
- application/pgp-signature attachment: stored
- Previous message: Brian Hatch: "Re: Securing ssh tunnels."
- In reply to: Ben Lindstrom: "Re: Securing ssh tunnels."
- Next in thread: Paul Newhouse: "Re: Securing ssh tunnels."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
