Re: making telnet secure
- From: Steve Acheson <satch@xxxxxxxxx>
- Date: Fri, 17 Oct 2008 09:59:01 -0700
Actually, this is exactly what IPSec was designed for. Since it happens at
a lower layer than telnet, your service doesn't even know about it.
The downside to IPSec is setting it up. It was really designed to be on all
the time and every host would have it's own globally recognized cert, etc.
Still, if you only have a couple of machines that need to do the telnet
session, IPSec is a perfect fit, and you don't have to mess with ports, etc.
If you have unknown/random or just lots of remote machines connecting into
your telnet server, then the overhead of IPSec setup will probably move you
back to stunnel or ssh tunneling.
steve
On 10/17/08 7:51 AM, "Sudarshan Soma" <sudarshan12s@xxxxxxxxx> wrote:
Thanks all for your valuable inputs.
My telnet server application has its own way of handling
authentication, commands supported,..
Hence i cant easily move to ssh. I know i can use SSH to use my own
authentication using PAM, but the other things such as commands
supported are all not easily done just by moving to ssh server.
Based on my requirements , i think tunelling(either stunnel or ssh
tuneling) is the best option to go with, if not please suggest any
other way you could think of?
With tunneling, Can i somehow avoid the client side setup of
specifying a non-standard port which will forward requests to sshd.
Can it be as easy as below: (I think its not possible, but i just want
to confirm that )
on the server:
- A tunneling port (7778) listens , which forward connections to my
application running at port 4050.
on the client:
use ssh to connect to port 7778. This will make the server port 7778
forward the connections to my application port 4050 and back in the
same way.
Please advice.
Best Regards,
Pavan.
On Fri, Oct 17, 2008 at 12:26 AM, Bob Rasmussen <ras@xxxxxxxxx> wrote:
On Thu, 16 Oct 2008, Sudarshan Soma wrote:
HI ,
I have telnet server implemented on the server. Now i want the ssh
client to connect to this modified telnet server by adding
encryption/decryption functions in it.
Can I do this easily by just putting the appropriate encrypt/decrypt
functions , session key establishment code from ssh server to telnet
server.
Tunelling is one solution , i can think of . Is there any other easy
alternative for this apart from changing the telnet server code.
It is not a trivial thing to add encryption to the telnet protocol. It
would have to be added on both ends (client and server), and it was not
widely done. One approach was called SRP, from Stanford University. I
haven't heard anything from them for a long time, since SSH became common.
Other ideas:
1. Use telnet with SSL. I have heard that there are SSL implementations of
the client and server sides of telnet, but I have not worked with them.
2. Use SSH to establish a secure connection to a) the same server, or b)
one nearby, inside the site's firewall. Establish client-side tunnelling
on port 23. Then on the client machine, telnet to localhost, so that it is
tunnelled to the server.
This can be useful for Windows-based server-side systems that accept
telnet connections but not SSH connections. I have even considered adding
a special telnet-over-ssh mode for our terminal emulation client, Anzio.
Regards,
....Bob Rasmussen, President, Rasmussen Software, Inc.
personal e-mail: ras@xxxxxxxxx
company e-mail: rsi@xxxxxxxxx
voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
fax: (US) 503-624-0760
web: http://www.anzio.com
street address: Rasmussen Software, Inc.
10240 SW Nimbus, Suite L9
Portland, OR 97223 USA
- References:
- Re: making telnet secure
- From: Sudarshan Soma
- Re: making telnet secure
- Prev by Date: Re: is ssh tunneling a security risk?
- Next by Date: Re: is ssh tunneling a security risk?
- Previous by thread: Re: making telnet secure
- Next by thread: Re: making telnet secure
- Index(es):
Relevant Pages
|
