Richard Adams wrote in a message to Mike Bilow:
RA> Another way round the problem is to have "node" answer
RA> telnet requests, of course if you want to login to a shell
RA> account then "node" is not your answer.
Another suggestion worth mentioning is to bypass the telnet/login facility
entirely, using something like ssh instead. Although primarily used for
encrypted communications as a secure replacement for telnet, it can be set to
disable encryption ("ssh -c none") for use over radio links where this is a
legal issue. At least in the U.S., cryptographic authentication (such as RSA)
is not regarded as prohibited, since it is not for the purpose of obscuring the
meaning of communications, but has the signiificant benefit of preventing
disclosure of a password on the air. My understanding is that enabling
compression ("ssh -C") likewise is not prohibited under U.S. regulations.
If you use sshd over radio links where encryption is prohibited, it should be
configured on the server side to disallow all encryption methods except "none"
in order to prevent an ssh client from accidentally logging in with encryption
enabled. That is, I consider it unwise to regard it as the responsibility of
the client to disable encryption. If you are using ssh only for your own
convenience, then I recommend disallowing all except RSA authentication, too.
By default, ssh will attempt Berkeley (rhosts) authentication if RSA fails, and
finally will revert to text passwords. Ordinarily, ssh will convey the text
passwords using the encrypted data stream, but text passwords combined with the
"none" encryption method will result in their public disclosure.
Aside from the canonical Unix ssh distribution, there are server/client ports
of the Unix tools to OS/2 and there is at least one quite good freeware client
("cigaly") for Windows:
Primary: http://www.doc.ic.ac.uk/~ci2/ssh/
Mirror: http://www.geocities.com/SiliconValley/Bay/1692/ssh-index.html
Mirror: http://public.srce.hr/~cigaly/ssh/
The cigaly Windows client is freely redistributable under U.S. export laws
because all of its encryptions routines are encapsulated in an external DLL
which must be separately downloaded from non-U.S. sites.
-- Mike
