Hi Leslie, One solution you might want to consider would be to replace the server's telnet server with an SSL-enabled one. You can find at least one version of in.telnetd which will use OpenSSL's facilities.
That will provide you with the same level of security (cryptographically speaking) as OpenSSH. Except that you won't benefit from all its super-cool features such as the key mechanisms and generic i/o streaming. You can secure the connections by attaching x509 certificates to your server, making server hijacking impossible if strict certificate checking is enabled on the client side. Oh, yes, the client side. You might think that your telnet client will not support SSL. That's probably true, and that's where stunnel enters the dance. You can have an stunnel proxy running on the client's local host: [Power builder]-->[localhost:someport]>[stunnel]----------ssl--->[ssl telnetd] You might even be able to attach client certificates to your stunnel instance, allowing the server to validate the client's certificate authenticity. Below that, you have the vpn option. Those are my two cents. Jerome Oufella _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
