Date sent: Mon, 05 Mar 2001 16:01:29 -0800
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
From: Rodney Thayer <[EMAIL PROTECTED]>
Subject: Re: Secure Telnet
Send reply to: [EMAIL PROTECTED]
I agree, even though we support both telnet/SSL/TLS and both
"vendors" of SSH. The SRP package I mentioned earlier is about
as state of the art as you can get, offers a variety of authentication
methods such as Kerberos 4, Kerberos 5, PKI, SRP and of course,
for those installations which must keep around the "old" telnet
because of the 30 or 40 thousand workstations (windows and UNIX)
based around the world, it supports plain old password also.
It offers all the encryption available in OpenSSL, and I am glad to
say, allows a company to use self signed certs for authentication. A
big plus for large companies. The ability to plug in a new telnet
server with advanced authentication/encryption features, yet still be
usable to the current installed base is in itself critical. And although
I probably should not mention it, the most important fact is that
current client telnet programs can work with it. If you take a serious
look at SSH, from a user point of view, the emulation on SSH based
Windows workstation clients is in most cases a toy at best.
Sufficient for those that are used to running simple command line
type stuff, but not for business related applications. And if you think
about it, the vast majority of all workstations in the world are
Windows based, like it or not.
And the sad fact is, I would bet that 80% or more of all the
commercial companies in world still use telnet instead of SSH.
I was convinced three years ago that sales of our Windows based,
non secure, telent client would be zero in a couple of years. And
here we are in 2001 and sales are the highest they have ever been.
Ken
given the recent noise about "the S word" (ssh, which may or may
not be a trademark in some places), I think the whole question of
SSH vs. Telnet with TLS should be reconsidered.
What's the state of the art? STUNNEL with Telnet?
At 04:01 PM 3/5/01 -0500, Michael T. Babcock wrote:
>http://www.openssh.com/portable.html
>
>SSH is the only* way to get good secure telnet to a remote machine -- it
>_isn't_ telnet, but provides the same functionality using strong security
>and public key authentication on top of passwords (if you want).
>
>* The only way I'll consider secure, at least.
>
>[EMAIL PROTECTED] wrote:
>
> > Can anyone outline what is necessary to make telnet work securely?
> > What do I need to get and where do I need to get the components?
> > A different Apache? mod ssl? openSSL? telnet?
>
>--
>Michael T. Babcock (PGP: 0xBE6C1895)
>http://www.fibrespeed.net/~mbabcock/
>
>
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__________________________________________________
Support
InterSoft International, Inc.
Voice: 888-823-1541, International 281-398-7060
Fax: 888-823-1542, International 281-560-9170
[EMAIL PROTECTED]
http://www.securenetterm.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
