On Sun, 24 Jun 2001, Federico Sevilla III wrote:
>
> I also know that it is possible to use SSL-wrapped telnet daemons (tama
> ba?) which allow normal telnet connections to go through SSL. I don't know
> how secure this is. Maybe you (eric pareja) can expound on this? I'm sure
> this would be nifty for those with boxes that have to connect to the
> server shell remotely and don't have (or don't want to have to go through
> the hassle of installing) SSH clients.
>
In all probability installing an SSL/TLS aware telnet daemon would be even
more difficult than installing SSH! And obviously, your Telnet clients
would have to be aware of the SSL in the same way web browsers need to
know about SSL-enabled web servers. I haven't yet seen such a client.
The solution would be something like what they use to transparently
SOCKSify programs, intercepting insecure socket calls with secure socket
calls. If such a program exists, it would be even more tedious than
installing an SSH client. If a telnet client exists that understands SSL,
then what's the difference with SSH as far as installation is concerned?
I suppose all of this is just a matter of taste.
Oh, and while we're at it, use SSH version 2. Please. Version 1 uses a
flawed protocol that anyone with dsniff can exploit to perform a MITM
attack.
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311
Programmer, InterdotNet Philippines +63(917) 4458925
http://dido.engr.internet.org.ph/
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GAT d- s:- a- C++++ UL+++ P+++ L+++ E++ W++ N+ o K- w---
O- M-- V- PS+ PE Y+ PGP++ t+ 5 X+ R tv+ b+++ DI++ D+
G e++ h! r++ y+
------END GEEK CODE BLOCK------
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
