Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
I am not suggesting that you inspect the actual data passed (I know it is encrypted), but rather what packets are being passed? Are handshakes failing? Are responses missing? -- when compared to the working connection. Do the packets give you an additional clue as to what is failing? Technically, you are not making wireshark work with uvtelnetd. You would put a hub (not a switch) between the client and server, and plug a separate machine with wireshark into the hub. From this machine you could monitor traffic between the other two machines. Alternately, wireshark could be on the client machine monitoring traffic to/from the server IP. Wireshark may reveal nothing -- the problem could be within the encrypted data being passed. But typically protocols pass packets back and forth to establish the connection before sending the data, and if it is failing at this level wireshark may make it obvious. rex On Wed, Aug 3, 2011 at 6:27 PM, Michael Pflugfelder wrote: > Rex, > > How could I make Wireshark work with uvtelnetd. My understanding is that > uvtelnetd is passing encrypted data. I haven't used Wireshark a whole lot, > but I believe that it can't decrypt the data on the stream. ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
Rex, How could I make Wireshark work with uvtelnetd. My understanding is that uvtelnetd is passing encrypted data. I haven't used Wireshark a whole lot, but I believe that it can't decrypt the data on the stream. -Mike -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Rex Gozar Sent: Tuesday, August 02, 2011 3:17 PM To: U2 Users List Subject: Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix Michael, It may help to put a packet-sniffer (wireshark) on your network to see what packets are being exchanged when the vendor app attempts to connect to uvtelnetd. The requests/responses may help to determine the problem. It may also help to compare the traffic between the working (windows) and non-working (linux) connections. rex > We are working with our vendor to replace a front-end application written in > Delphi with a new front-end application written in .net. The vendor has > decided to remove support for SSH and telnet completely. The only connection > they will make is to a UniVerse server running uvtelnetd. The way I > understand this, it is simply Telnet over SSL. They have this process > working with a UniVerse server running on Windows. We are now trying to make > it work with our UniVerse server running on linux and it will not connect. ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
Michael, It may help to put a packet-sniffer (wireshark) on your network to see what packets are being exchanged when the vendor app attempts to connect to uvtelnetd. The requests/responses may help to determine the problem. It may also help to compare the traffic between the working (windows) and non-working (linux) connections. rex > We are working with our vendor to replace a front-end application written in > Delphi with a new front-end application written in .net. The vendor has > decided to remove support for SSH and telnet completely. The only connection > they will make is to a UniVerse server running uvtelnetd. The way I > understand this, it is simply Telnet over SSL. They have this process > working with a UniVerse server running on Windows. We are now trying to make > it work with our UniVerse server running on linux and it will not connect. ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
Just on the off chance that this helps, here are a few things we've run into in the past with SSL connectivity to Linux: 1. Depending on your Linux version, make sure that the firewall software is not blocking access to the uvtelnetd server. 2. Make sure that you have the certificate that uvtelnetd is using to secure communication in your client software's trust store. 3. Check that uvtelnetd is not doing a reverse DNS lookup - this can cause connections to time out. HTH, -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Michael Pflugfelder Sent: Tuesday, August 02, 2011 8:16 AM To: U2 Users List Subject: Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix Hi all, I work with Tom, and I'm more deeply entrenched in this project than he is, so let me try to "clarify" what Tom is asking for. Here's the facts: * We have a development server running RedHat Linux 5.6 and UniVerse 10.3.3. * The development server has the uvtelnetd service installed and running. * The development server has ssh installed and running. * We can use HostAccess to connect to the server using BOTH ssh and "Secure Sockets (SSL)" which makes an encrypted telnet session to the uvtelnetd backend. This proves to me that uvtelnetd is running successfully. Here's the task at hand: We are working with our vendor to replace a front-end application written in Delphi with a new front-end application written in .net. The vendor has decided to remove support for SSH and telnet completely. The only connection they will make is to a UniVerse server running uvtelnetd. The way I understand this, it is simply Telnet over SSL. They have this process working with a UniVerse server running on Windows. We are now trying to make it work with our UniVerse server running on linux and it will not connect. Has anyone gone through something like this before? If so, can you help us understand why it will connect to Windows uvtelnetd, and not linux uvtelnetd? Thanks, -Mike -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach Sent: Tuesday, August 02, 2011 10:05 AM To: U2 Users List Subject: Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix cd `cat /.uvhome`/bin ls -ls uvtelnetd But you only need this one is if you want to use their own secure telnet. Brian Sent from my ASUS Eee Pad Tom Whitmore wrote: >Actually, Universe ships a telnet for Window but not *nix. The reason, >according to U2 support, is that *nix provides telnet and Windows does not. >Tom > >-Original Message- >From: u2-users-boun...@listserver.u2ug.org >[mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach >Sent: Monday, August 01, 2011 6:34 PM >To: John Thompson; u2-users@listserver.u2ug.org >Subject: Re: [U2] Using SSL, with .Net to make a connection to >Linux/Unix > >John > >Universe ships with its own secure telnet daemon for *nix running telnet over >ssl (uvtelnetd). That's what you need to configure. > >Brian > >Sent from my HTC > >- Reply message - >From: "John Thompson" >Date: Mon, Aug 1, 2011 21:44 >Subject: [U2] Using SSL, with .Net to make a connection to Linux/Unix >To: "U2 Users List" > >Another thing to think about is that by default most Linux distro's heavily >restrict telnet. > >My first question would be, are your Universe users using telnet or ssh? > >If they are using ssh only, then I doubt a telnet system is even installed on >the Linux machine. > >If they are using telnet, you might try checking the following files to see if >there are any security restrictions set: > >One place might be /etc/hosts.allow AND /etc/hosts.deny Here is a >random blog entry on tcpwrappers (One package that can restrict telnet >access) >http://linuxhelp.blogspot.com/2005/10/using-tcp-wrappers-to-secure-linu >x.html > >I think also many linux distro's use xinetd (instead of inetd) to run their >telnet daemon. > >So, there may be some restrictions there also. >I think the config file is called: >xinetd.conf >http://www.xinetd.org/sample.shtml > >>From a root prompt... do a: >find / -name xinetd.conf > >Other than that, I've never done a .NET telnet connection, but, I have worked >with configuring telnet on Linux. > > > >On Sun, Jul 31, 2011 at 8:49 PM, Tom Whitmore wrote: > >> Thank you everyone. I'll let you know how things progress this week. >> Tom >> >> -Original Message- >> From: u2-users-boun...@listserver.u2ug.org [mailto: >> u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach &g
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
Hi all, I work with Tom, and I'm more deeply entrenched in this project than he is, so let me try to "clarify" what Tom is asking for. Here's the facts: * We have a development server running RedHat Linux 5.6 and UniVerse 10.3.3. * The development server has the uvtelnetd service installed and running. * The development server has ssh installed and running. * We can use HostAccess to connect to the server using BOTH ssh and "Secure Sockets (SSL)" which makes an encrypted telnet session to the uvtelnetd backend. This proves to me that uvtelnetd is running successfully. Here's the task at hand: We are working with our vendor to replace a front-end application written in Delphi with a new front-end application written in .net. The vendor has decided to remove support for SSH and telnet completely. The only connection they will make is to a UniVerse server running uvtelnetd. The way I understand this, it is simply Telnet over SSL. They have this process working with a UniVerse server running on Windows. We are now trying to make it work with our UniVerse server running on linux and it will not connect. Has anyone gone through something like this before? If so, can you help us understand why it will connect to Windows uvtelnetd, and not linux uvtelnetd? Thanks, -Mike -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach Sent: Tuesday, August 02, 2011 10:05 AM To: U2 Users List Subject: Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix cd `cat /.uvhome`/bin ls -ls uvtelnetd But you only need this one is if you want to use their own secure telnet. Brian Sent from my ASUS Eee Pad Tom Whitmore wrote: >Actually, Universe ships a telnet for Window but not *nix. The reason, >according to U2 support, is that *nix provides telnet and Windows does not. >Tom > >-Original Message- >From: u2-users-boun...@listserver.u2ug.org >[mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach >Sent: Monday, August 01, 2011 6:34 PM >To: John Thompson; u2-users@listserver.u2ug.org >Subject: Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix > >John > >Universe ships with its own secure telnet daemon for *nix running telnet over >ssl (uvtelnetd). That's what you need to configure. > >Brian > >Sent from my HTC > >- Reply message - >From: "John Thompson" >Date: Mon, Aug 1, 2011 21:44 >Subject: [U2] Using SSL, with .Net to make a connection to Linux/Unix >To: "U2 Users List" > >Another thing to think about is that by default most Linux distro's heavily >restrict telnet. > >My first question would be, are your Universe users using telnet or ssh? > >If they are using ssh only, then I doubt a telnet system is even installed on >the Linux machine. > >If they are using telnet, you might try checking the following files to see if >there are any security restrictions set: > >One place might be /etc/hosts.allow AND /etc/hosts.deny Here is a random blog >entry on tcpwrappers (One package that can restrict telnet access) >http://linuxhelp.blogspot.com/2005/10/using-tcp-wrappers-to-secure-linux.html > >I think also many linux distro's use xinetd (instead of inetd) to run their >telnet daemon. > >So, there may be some restrictions there also. >I think the config file is called: >xinetd.conf >http://www.xinetd.org/sample.shtml > >>From a root prompt... do a: >find / -name xinetd.conf > >Other than that, I've never done a .NET telnet connection, but, I have worked >with configuring telnet on Linux. > > > >On Sun, Jul 31, 2011 at 8:49 PM, Tom Whitmore wrote: > >> Thank you everyone. I'll let you know how things progress this week. >> Tom >> >> -Original Message- >> From: u2-users-boun...@listserver.u2ug.org [mailto: >> u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach >> Sent: Saturday, July 30, 2011 11:43 AM >> To: 'U2 Users List' >> Subject: Re: [U2] Using SSL, with .Net to make a connection to >> Linux/Unix >> >> Tom >> >> I don't know what '.NET TELNET tool' you refer to - but I wrote a >> customized terminal emulator in .NET for a client that makes a >> connection Telnet/SSL connection to UniVerse on Solaris and tested fine on >> Linux. >> >> For the server configuration and details on setting up the secure >> telnet daemon take a look at my blog (you can get to it from my website). >> >> As far as the client is concerned, I can't give too much away as I >> don't own it - it was funded by a custom
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
Tom, I am curious: what are you trying to do? Are you trying to start a telnet session within a .NET application so your customer can "login" to your legacy application, thus using *existing* programs? I wonder what the requirements are that are driving your technology selection. Why didn't you choose ssh? Why didn't you choose web services? rex On Fri, Jul 29, 2011 at 1:40 PM, Tom Whitmore wrote: > Hi, > We are having problems making the .NET telnet tool make an SSL connection to > UniVerse on a Linux server. > Has anyone been successful in making this type of connection? > If so, did you use the .NET telnet tool or a third-party product? > (We are able to connect to UniVerse on a Windows server.) > Thanks, > Tom Whitmore > RATEX Business Solutions > ___ > U2-Users mailing list > U2-Users@listserver.u2ug.org > http://listserver.u2ug.org/mailman/listinfo/u2-users > ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
cd `cat /.uvhome`/bin ls -ls uvtelnetd But you only need this one is if you want to use their own secure telnet. Brian Sent from my ASUS Eee Pad Tom Whitmore wrote: >Actually, Universe ships a telnet for Window but not *nix. The reason, >according to U2 support, is that *nix provides telnet and Windows does not. >Tom > >-Original Message- >From: u2-users-boun...@listserver.u2ug.org >[mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach >Sent: Monday, August 01, 2011 6:34 PM >To: John Thompson; u2-users@listserver.u2ug.org >Subject: Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix > >John > >Universe ships with its own secure telnet daemon for *nix running telnet over >ssl (uvtelnetd). That's what you need to configure. > >Brian > >Sent from my HTC > >- Reply message - >From: "John Thompson" >Date: Mon, Aug 1, 2011 21:44 >Subject: [U2] Using SSL, with .Net to make a connection to Linux/Unix >To: "U2 Users List" > >Another thing to think about is that by default most Linux distro's heavily >restrict telnet. > >My first question would be, are your Universe users using telnet or ssh? > >If they are using ssh only, then I doubt a telnet system is even installed on >the Linux machine. > >If they are using telnet, you might try checking the following files to see if >there are any security restrictions set: > >One place might be /etc/hosts.allow AND /etc/hosts.deny Here is a random blog >entry on tcpwrappers (One package that can restrict telnet access) >http://linuxhelp.blogspot.com/2005/10/using-tcp-wrappers-to-secure-linux.html > >I think also many linux distro's use xinetd (instead of inetd) to run their >telnet daemon. > >So, there may be some restrictions there also. >I think the config file is called: >xinetd.conf >http://www.xinetd.org/sample.shtml > >>From a root prompt... do a: >find / -name xinetd.conf > >Other than that, I've never done a .NET telnet connection, but, I have worked >with configuring telnet on Linux. > > > >On Sun, Jul 31, 2011 at 8:49 PM, Tom Whitmore wrote: > >> Thank you everyone. I'll let you know how things progress this week. >> Tom >> >> -----Original Message- >> From: u2-users-boun...@listserver.u2ug.org [mailto: >> u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach >> Sent: Saturday, July 30, 2011 11:43 AM >> To: 'U2 Users List' >> Subject: Re: [U2] Using SSL, with .Net to make a connection to >> Linux/Unix >> >> Tom >> >> I don't know what '.NET TELNET tool' you refer to - but I wrote a >> customized terminal emulator in .NET for a client that makes a >> connection Telnet/SSL connection to UniVerse on Solaris and tested fine on >> Linux. >> >> For the server configuration and details on setting up the secure >> telnet daemon take a look at my blog (you can get to it from my website). >> >> As far as the client is concerned, I can't give too much away as I >> don't own it - it was funded by a customer - but I can probably share >> the following if you're tempted to roll your own! >> >> 1. for the low level connection I use a SecureTCPClient that wraps an >> SslStream - here are the salient pieces: >> >> public delegate void SecureConnectionResultsCallback(object sender, >> SecureConnectionResults args); >>public delegate void ReceivedDataEvent( object sender, string data); >>public delegate void ReceiveErrorEvent( object sender ); >> >>public class SecureTcpState >>{ > > >___ >U2-Users mailing list >U2-Users@listserver.u2ug.org >http://listserver.u2ug.org/mailman/listinfo/u2-users >___ >U2-Users mailing list >U2-Users@listserver.u2ug.org >http://listserver.u2ug.org/mailman/listinfo/u2-users ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
Actually, Universe ships a telnet for Window but not *nix. The reason, according to U2 support, is that *nix provides telnet and Windows does not. Tom -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach Sent: Monday, August 01, 2011 6:34 PM To: John Thompson; u2-users@listserver.u2ug.org Subject: Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix John Universe ships with its own secure telnet daemon for *nix running telnet over ssl (uvtelnetd). That's what you need to configure. Brian Sent from my HTC - Reply message - From: "John Thompson" Date: Mon, Aug 1, 2011 21:44 Subject: [U2] Using SSL, with .Net to make a connection to Linux/Unix To: "U2 Users List" Another thing to think about is that by default most Linux distro's heavily restrict telnet. My first question would be, are your Universe users using telnet or ssh? If they are using ssh only, then I doubt a telnet system is even installed on the Linux machine. If they are using telnet, you might try checking the following files to see if there are any security restrictions set: One place might be /etc/hosts.allow AND /etc/hosts.deny Here is a random blog entry on tcpwrappers (One package that can restrict telnet access) http://linuxhelp.blogspot.com/2005/10/using-tcp-wrappers-to-secure-linux.html I think also many linux distro's use xinetd (instead of inetd) to run their telnet daemon. So, there may be some restrictions there also. I think the config file is called: xinetd.conf http://www.xinetd.org/sample.shtml >From a root prompt... do a: find / -name xinetd.conf Other than that, I've never done a .NET telnet connection, but, I have worked with configuring telnet on Linux. On Sun, Jul 31, 2011 at 8:49 PM, Tom Whitmore wrote: > Thank you everyone. I'll let you know how things progress this week. > Tom > > -Original Message- > From: u2-users-boun...@listserver.u2ug.org [mailto: > u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach > Sent: Saturday, July 30, 2011 11:43 AM > To: 'U2 Users List' > Subject: Re: [U2] Using SSL, with .Net to make a connection to > Linux/Unix > > Tom > > I don't know what '.NET TELNET tool' you refer to - but I wrote a > customized terminal emulator in .NET for a client that makes a > connection Telnet/SSL connection to UniVerse on Solaris and tested fine on > Linux. > > For the server configuration and details on setting up the secure > telnet daemon take a look at my blog (you can get to it from my website). > > As far as the client is concerned, I can't give too much away as I > don't own it - it was funded by a customer - but I can probably share > the following if you're tempted to roll your own! > > 1. for the low level connection I use a SecureTCPClient that wraps an > SslStream - here are the salient pieces: > > public delegate void SecureConnectionResultsCallback(object sender, > SecureConnectionResults args); >public delegate void ReceivedDataEvent( object sender, string data); >public delegate void ReceiveErrorEvent( object sender ); > >public class SecureTcpState >{ ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
John Universe ships with its own secure telnet daemon for *nix running telnet over ssl (uvtelnetd). That's what you need to configure. Brian Sent from my HTC - Reply message - From: "John Thompson" Date: Mon, Aug 1, 2011 21:44 Subject: [U2] Using SSL, with .Net to make a connection to Linux/Unix To: "U2 Users List" Another thing to think about is that by default most Linux distro's heavily restrict telnet. My first question would be, are your Universe users using telnet or ssh? If they are using ssh only, then I doubt a telnet system is even installed on the Linux machine. If they are using telnet, you might try checking the following files to see if there are any security restrictions set: One place might be /etc/hosts.allow AND /etc/hosts.deny Here is a random blog entry on tcpwrappers (One package that can restrict telnet access) http://linuxhelp.blogspot.com/2005/10/using-tcp-wrappers-to-secure-linux.html I think also many linux distro's use xinetd (instead of inetd) to run their telnet daemon. So, there may be some restrictions there also. I think the config file is called: xinetd.conf http://www.xinetd.org/sample.shtml >From a root prompt... do a: find / -name xinetd.conf Other than that, I've never done a .NET telnet connection, but, I have worked with configuring telnet on Linux. On Sun, Jul 31, 2011 at 8:49 PM, Tom Whitmore wrote: > Thank you everyone. I'll let you know how things progress this week. > Tom > > -Original Message- > From: u2-users-boun...@listserver.u2ug.org [mailto: > u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach > Sent: Saturday, July 30, 2011 11:43 AM > To: 'U2 Users List' > Subject: Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix > > Tom > > I don't know what '.NET TELNET tool' you refer to - but I wrote a > customized terminal emulator in .NET for a client that makes a connection > Telnet/SSL connection to UniVerse on Solaris and tested fine on Linux. > > For the server configuration and details on setting up the secure telnet > daemon take a look at my blog (you can get to it from my website). > > As far as the client is concerned, I can't give too much away as I don't > own it - it was funded by a customer - but I can probably share the > following if you're tempted to roll your own! > > 1. for the low level connection I use a SecureTCPClient that wraps an > SslStream - here are the salient pieces: > > public delegate void SecureConnectionResultsCallback(object sender, > SecureConnectionResults args); >public delegate void ReceivedDataEvent( object sender, string data); >public delegate void ReceiveErrorEvent( object sender ); > >public class SecureTcpState >{ ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
Hi, At this point, we are using an internal development server and our Admin does have SSL, and SSH, turned on and it works with our terminal emulator. Changing from SSH to SSL Telnet won't be a problem with our customers. The critical piece is that it must be an encrypted pipe. Thanks for the thought. Tom RATEX Business Solutions -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of John Thompson Sent: Monday, August 01, 2011 4:44 PM To: U2 Users List Subject: Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix Another thing to think about is that by default most Linux distro's heavily restrict telnet. My first question would be, are your Universe users using telnet or ssh? If they are using ssh only, then I doubt a telnet system is even installed on the Linux machine. If they are using telnet, you might try checking the following files to see if there are any security restrictions set: One place might be /etc/hosts.allow AND /etc/hosts.deny Here is a random blog entry on tcpwrappers (One package that can restrict telnet access) http://linuxhelp.blogspot.com/2005/10/using-tcp-wrappers-to-secure-linux.html I think also many linux distro's use xinetd (instead of inetd) to run their telnet daemon. So, there may be some restrictions there also. I think the config file is called: xinetd.conf http://www.xinetd.org/sample.shtml >From a root prompt... do a: find / -name xinetd.conf Other than that, I've never done a .NET telnet connection, but, I have worked with configuring telnet on Linux. On Sun, Jul 31, 2011 at 8:49 PM, Tom Whitmore wrote: > Thank you everyone. I'll let you know how things progress this week. > Tom > > -Original Message- > From: u2-users-boun...@listserver.u2ug.org [mailto: > u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach > Sent: Saturday, July 30, 2011 11:43 AM > To: 'U2 Users List' > Subject: Re: [U2] Using SSL, with .Net to make a connection to > Linux/Unix > > Tom > > I don't know what '.NET TELNET tool' you refer to - but I wrote a > customized terminal emulator in .NET for a client that makes a > connection Telnet/SSL connection to UniVerse on Solaris and tested fine on > Linux. > > For the server configuration and details on setting up the secure > telnet daemon take a look at my blog (you can get to it from my website). > > As far as the client is concerned, I can't give too much away as I > don't own it - it was funded by a customer - but I can probably share > the following if you're tempted to roll your own! > > 1. for the low level connection I use a SecureTCPClient that wraps an > SslStream - here are the salient pieces: > > public delegate void SecureConnectionResultsCallback(object sender, > SecureConnectionResults args); >public delegate void ReceivedDataEvent( object sender, string data); >public delegate void ReceiveErrorEvent( object sender ); > >public class SecureTcpState >{ > public SslStream stream; >public System.Byte[] Buffer; > >public SecureTcpState() >{ >this.Buffer = new System.Byte[8192]; >} >} > >public class SecureConnectionResults >{ >private SslStream secureStream; >private Exception asyncException; > >internal SecureConnectionResults(SslStream sslStream) >{ >this.secureStream = sslStream; >} > >internal SecureConnectionResults(Exception exception) >{ >this.asyncException = exception; >} > >public Exception AsyncException { get { return asyncException; } } >public SslStream SecureStream { get { return secureStream; } } >} > >/// >/// SecureTcpClient: a TCP client socket with ssl streaming >/// >public class SecureTcpClient: IDisposable >{ >X509CertificateCollection clientCertificates = null; >RemoteCertificateValidationCallback certValidationCallback= null; >SecureConnectionResultsCallback connectionCallback = null; >bool checkCertificateRevocation = true; >SslStream sslStream = null; >TcpClient client = null; >IPEndPoint remoteEndPoint = null; >string remoteHostName = string.Empty; >SslProtocols protocols = SslProtocols.None; >protected int disposed = 0; >protected Semaphore _sendLock = null; // guard against possible > BeginSend clashes >protected uint _keepAlive = 0; >protected System.Text.Encoding _encoding = > System.Text.Encoding.GetEncoding(1252); > &g
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
Another thing to think about is that by default most Linux distro's heavily restrict telnet. My first question would be, are your Universe users using telnet or ssh? If they are using ssh only, then I doubt a telnet system is even installed on the Linux machine. If they are using telnet, you might try checking the following files to see if there are any security restrictions set: One place might be /etc/hosts.allow AND /etc/hosts.deny Here is a random blog entry on tcpwrappers (One package that can restrict telnet access) http://linuxhelp.blogspot.com/2005/10/using-tcp-wrappers-to-secure-linux.html I think also many linux distro's use xinetd (instead of inetd) to run their telnet daemon. So, there may be some restrictions there also. I think the config file is called: xinetd.conf http://www.xinetd.org/sample.shtml >From a root prompt... do a: find / -name xinetd.conf Other than that, I've never done a .NET telnet connection, but, I have worked with configuring telnet on Linux. On Sun, Jul 31, 2011 at 8:49 PM, Tom Whitmore wrote: > Thank you everyone. I'll let you know how things progress this week. > Tom > > -Original Message- > From: u2-users-boun...@listserver.u2ug.org [mailto: > u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach > Sent: Saturday, July 30, 2011 11:43 AM > To: 'U2 Users List' > Subject: Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix > > Tom > > I don't know what '.NET TELNET tool' you refer to - but I wrote a > customized terminal emulator in .NET for a client that makes a connection > Telnet/SSL connection to UniVerse on Solaris and tested fine on Linux. > > For the server configuration and details on setting up the secure telnet > daemon take a look at my blog (you can get to it from my website). > > As far as the client is concerned, I can't give too much away as I don't > own it - it was funded by a customer - but I can probably share the > following if you're tempted to roll your own! > > 1. for the low level connection I use a SecureTCPClient that wraps an > SslStream - here are the salient pieces: > > public delegate void SecureConnectionResultsCallback(object sender, > SecureConnectionResults args); >public delegate void ReceivedDataEvent( object sender, string data); >public delegate void ReceiveErrorEvent( object sender ); > >public class SecureTcpState >{ > public SslStream stream; >public System.Byte[] Buffer; > >public SecureTcpState() >{ >this.Buffer = new System.Byte[8192]; >} >} > >public class SecureConnectionResults >{ >private SslStream secureStream; >private Exception asyncException; > >internal SecureConnectionResults(SslStream sslStream) >{ >this.secureStream = sslStream; >} > >internal SecureConnectionResults(Exception exception) >{ >this.asyncException = exception; >} > >public Exception AsyncException { get { return asyncException; } } >public SslStream SecureStream { get { return secureStream; } } >} > >/// >/// SecureTcpClient: a TCP client socket with ssl streaming >/// >public class SecureTcpClient: IDisposable >{ >X509CertificateCollection clientCertificates = null; >RemoteCertificateValidationCallback certValidationCallback= null; >SecureConnectionResultsCallback connectionCallback = null; >bool checkCertificateRevocation = true; >SslStream sslStream = null; >TcpClient client = null; >IPEndPoint remoteEndPoint = null; >string remoteHostName = string.Empty; >SslProtocols protocols = SslProtocols.None; >protected int disposed = 0; >protected Semaphore _sendLock = null; // guard against possible > BeginSend clashes >protected uint _keepAlive = 0; >protected System.Text.Encoding _encoding = > System.Text.Encoding.GetEncoding(1252); > >// async callbacks for connection and authentication >AsyncCallback onConnected; >AsyncCallback onAuthenticateAsClient; > >// async callback for receiving >private AsyncCallback callbackProc = null; >private AsyncCallback callbackEndDispatch = null; > >public event ReceivedDataEvent onReceived = null; >public event ReceiveErrorEvent onReceiveError = null; > >public SecureTcpClient(SecureConnectionResultsCallback callback) >: this(callback,null,SslProtocols.Default){ >} >public SecureTcpCli
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
Thank you everyone. I'll let you know how things progress this week. Tom -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Brian Leach Sent: Saturday, July 30, 2011 11:43 AM To: 'U2 Users List' Subject: Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix Tom I don't know what '.NET TELNET tool' you refer to - but I wrote a customized terminal emulator in .NET for a client that makes a connection Telnet/SSL connection to UniVerse on Solaris and tested fine on Linux. For the server configuration and details on setting up the secure telnet daemon take a look at my blog (you can get to it from my website). As far as the client is concerned, I can't give too much away as I don't own it - it was funded by a customer - but I can probably share the following if you're tempted to roll your own! 1. for the low level connection I use a SecureTCPClient that wraps an SslStream - here are the salient pieces: public delegate void SecureConnectionResultsCallback(object sender, SecureConnectionResults args); public delegate void ReceivedDataEvent( object sender, string data); public delegate void ReceiveErrorEvent( object sender ); public class SecureTcpState { public SslStream stream; public System.Byte[] Buffer; public SecureTcpState() { this.Buffer = new System.Byte[8192]; } } public class SecureConnectionResults { private SslStream secureStream; private Exception asyncException; internal SecureConnectionResults(SslStream sslStream) { this.secureStream = sslStream; } internal SecureConnectionResults(Exception exception) { this.asyncException = exception; } public Exception AsyncException { get { return asyncException; } } public SslStream SecureStream { get { return secureStream; } } } /// /// SecureTcpClient: a TCP client socket with ssl streaming /// public class SecureTcpClient: IDisposable { X509CertificateCollection clientCertificates = null; RemoteCertificateValidationCallback certValidationCallback= null; SecureConnectionResultsCallback connectionCallback = null; bool checkCertificateRevocation = true; SslStream sslStream = null; TcpClient client = null; IPEndPoint remoteEndPoint = null; string remoteHostName = string.Empty; SslProtocols protocols = SslProtocols.None; protected int disposed = 0; protected Semaphore _sendLock = null; // guard against possible BeginSend clashes protected uint _keepAlive = 0; protected System.Text.Encoding _encoding = System.Text.Encoding.GetEncoding(1252); // async callbacks for connection and authentication AsyncCallback onConnected; AsyncCallback onAuthenticateAsClient; // async callback for receiving private AsyncCallback callbackProc = null; private AsyncCallback callbackEndDispatch = null; public event ReceivedDataEvent onReceived = null; public event ReceiveErrorEvent onReceiveError = null; public SecureTcpClient(SecureConnectionResultsCallback callback) : this(callback,null,SslProtocols.Default){ } public SecureTcpClient(SecureConnectionResultsCallback callback, RemoteCertificateValidationCallback certValidationCallback) : this(callback, certValidationCallback, SslProtocols.Default){ } public SecureTcpClient(SecureConnectionResultsCallback callback, RemoteCertificateValidationCallback certValidationCallback, SslProtocols sslProtocols){ if (callback == null) { throw new ArgumentNullException("callback"); } onConnected = new AsyncCallback(OnConnected); onAuthenticateAsClient = new AsyncCallback(OnAuthenticateAsClient); this.certValidationCallback = certValidationCallback; this.connectionCallback = callback; protocols = sslProtocols; this.disposed = 0; } ~SecureTcpClient(){ Dispose(); } public bool CheckCertificateRevocation{ get { return checkCertificateRevocation; } set {checkCertificateRevocation = value;} } public void StartConnecting(string remoteHostName, IPEndPoint remoteEndPoint){ StartConnecting(remoteHostName,remoteEndPoint,null); } public void StartConnecting(string remoteHostName, IPEndPoint remoteEndPoint, X509CertificateCollection clientCertificates){ if (string.IsNullOrEmpty(remoteHostName)) {
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
Tom I don't know what '.NET TELNET tool' you refer to - but I wrote a customized terminal emulator in .NET for a client that makes a connection Telnet/SSL connection to UniVerse on Solaris and tested fine on Linux. For the server configuration and details on setting up the secure telnet daemon take a look at my blog (you can get to it from my website). As far as the client is concerned, I can't give too much away as I don't own it - it was funded by a customer - but I can probably share the following if you're tempted to roll your own! 1. for the low level connection I use a SecureTCPClient that wraps an SslStream - here are the salient pieces: public delegate void SecureConnectionResultsCallback(object sender, SecureConnectionResults args); public delegate void ReceivedDataEvent( object sender, string data); public delegate void ReceiveErrorEvent( object sender ); public class SecureTcpState { public SslStream stream; public System.Byte[] Buffer; public SecureTcpState() { this.Buffer = new System.Byte[8192]; } } public class SecureConnectionResults { private SslStream secureStream; private Exception asyncException; internal SecureConnectionResults(SslStream sslStream) { this.secureStream = sslStream; } internal SecureConnectionResults(Exception exception) { this.asyncException = exception; } public Exception AsyncException { get { return asyncException; } } public SslStream SecureStream { get { return secureStream; } } } /// /// SecureTcpClient: a TCP client socket with ssl streaming /// public class SecureTcpClient: IDisposable { X509CertificateCollection clientCertificates = null; RemoteCertificateValidationCallback certValidationCallback= null; SecureConnectionResultsCallback connectionCallback = null; bool checkCertificateRevocation = true; SslStream sslStream = null; TcpClient client = null; IPEndPoint remoteEndPoint = null; string remoteHostName = string.Empty; SslProtocols protocols = SslProtocols.None; protected int disposed = 0; protected Semaphore _sendLock = null; // guard against possible BeginSend clashes protected uint _keepAlive = 0; protected System.Text.Encoding _encoding = System.Text.Encoding.GetEncoding(1252); // async callbacks for connection and authentication AsyncCallback onConnected; AsyncCallback onAuthenticateAsClient; // async callback for receiving private AsyncCallback callbackProc = null; private AsyncCallback callbackEndDispatch = null; public event ReceivedDataEvent onReceived = null; public event ReceiveErrorEvent onReceiveError = null; public SecureTcpClient(SecureConnectionResultsCallback callback) : this(callback,null,SslProtocols.Default){ } public SecureTcpClient(SecureConnectionResultsCallback callback, RemoteCertificateValidationCallback certValidationCallback) : this(callback, certValidationCallback, SslProtocols.Default){ } public SecureTcpClient(SecureConnectionResultsCallback callback, RemoteCertificateValidationCallback certValidationCallback, SslProtocols sslProtocols){ if (callback == null) { throw new ArgumentNullException("callback"); } onConnected = new AsyncCallback(OnConnected); onAuthenticateAsClient = new AsyncCallback(OnAuthenticateAsClient); this.certValidationCallback = certValidationCallback; this.connectionCallback = callback; protocols = sslProtocols; this.disposed = 0; } ~SecureTcpClient(){ Dispose(); } public bool CheckCertificateRevocation{ get { return checkCertificateRevocation; } set {checkCertificateRevocation = value;} } public void StartConnecting(string remoteHostName, IPEndPoint remoteEndPoint){ StartConnecting(remoteHostName,remoteEndPoint,null); } public void StartConnecting(string remoteHostName, IPEndPoint remoteEndPoint, X509CertificateCollection clientCertificates){ if (string.IsNullOrEmpty(remoteHostName)) { throw new ArgumentException("Value cannot be null or empty", "remoteHostName"); } if (remoteEndPoint == null) { throw new ArgumentNullException("remoteEndPoint"); } this.clientCertificates = clientCertificates; this.remoteHostName = remoteHostName; this.remoteEndPoint = remoteEndPoint; if (client != null
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
*GASP* I've made a serious error! I thought you meant UO.NET, the ".NET connectivity tool". I missed "telnet". OK, it seems you want this: ..NET > telnet > SSL > internet > SSH > telnet > UV There are many .NET Telnet clients, freeware and commercial. It doesn't matter which one you use. Almost everything in my suggestion was valid except do not us port 31438! That's for uvcs/RPC. Telnet locally to something more like 31023. Set the proxy (again, a port forwarder with SSL like Tunnelier) to accept and pass along 31023. In Linux: ssh -L :31023:localhost:23 Again, that should get you close, if not all the way there. T ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
> From: Tom Whitmore > We are having problems making the .NET telnet tool make an > SSL connection to UniVerse on a Linux server. > Has anyone been successful in making this type of connection? > If so, did you use the .NET telnet tool or a third-party product? Someone might suggest a more native method, but one solution would be to use Tunnelier or another socket proxy utility so that you can bridge the connection securely. For example, rather than connecting to myUVhost, connect to localhost:31438. With the proxy, your transactions will then be encrypted and proxied from 31438 to your Linux system. You need to set a destination socket. Let's use 30438 for this example. Now setup another port in Linux to accept this special inbound, encrypted connection. In Linux you'd use a command similar to this: ssh -L :30438:localhost:31438 That says "accept SSL transactions on 30438, and pass the decrypted payload to 31438". At that point your Linux service should get the transaction and process it as though it the encryption never happened. I have been trying to find time to refine and verify that procedure because I have a number of applications for it. I am hoping someone here can verify, correct, or completely replace this with something we can all use. HTH T ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
What .net telnet tool ? -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Tom Whitmore Sent: 29 July 2011 18:49 To: U2 Users List Subject: Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix I should clarify one thing. We are able to connect using SSL with our terminal emulator, it is only the .net application that is unable to make the SSL connection. Thanks again! Tom -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Tom Whitmore Sent: Friday, July 29, 2011 1:40 PM To: U2-Users@listserver.u2ug.org Subject: [U2] Using SSL, with .Net to make a connection to Linux/Unix Hi, We are having problems making the .NET telnet tool make an SSL connection to UniVerse on a Linux server. Has anyone been successful in making this type of connection? If so, did you use the .NET telnet tool or a third-party product? (We are able to connect to UniVerse on a Windows server.) Thanks, Tom Whitmore RATEX Business Solutions ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1390 / Virus Database: 1518/3793 - Release Date: 07/28/11 ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Using SSL, with .Net to make a connection to Linux/Unix
I should clarify one thing. We are able to connect using SSL with our terminal emulator, it is only the .net application that is unable to make the SSL connection. Thanks again! Tom -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Tom Whitmore Sent: Friday, July 29, 2011 1:40 PM To: U2-Users@listserver.u2ug.org Subject: [U2] Using SSL, with .Net to make a connection to Linux/Unix Hi, We are having problems making the .NET telnet tool make an SSL connection to UniVerse on a Linux server. Has anyone been successful in making this type of connection? If so, did you use the .NET telnet tool or a third-party product? (We are able to connect to UniVerse on a Windows server.) Thanks, Tom Whitmore RATEX Business Solutions ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users