Thanks to:
Stephen Harris <sweh@mpn.com>
Graham Leggett <graham@vwv.com>
Eric D. Pancer <eric@outlook.net>
Benjamin Cline <benji@hnt.com>
Kevin Sheehan <u-kevin@megami.veritas.com>
Daniel Stringfield <dstringf@fccjmail.fccj.cc.fl.us>
Rik Schneider <rik@netasset.com>
Enrique Vadillo <vadillo@rcp.net.pe>
Dave McFerren <davem@solve.net>
Steve Kay" <steve@peachy.com>
Timothy Lorenc <lorenct@load.com>
Jochen Bern <bern@penthesilea.uni-trier.de>
Sebastian Benoit <benoit@Mathematik.Uni-Marburg.de>
Original question
I'm currentrly searching for a good solution for establishing
Telnet, X-windows and ftp encrypted sessions, I want to evite the
plain text passwords over the net.
I've heard about Kerberos and SSH, could someone give some
referrals and recomendations about them or another solution?
----------
Basically SSH is intented for a totally encripted channel and as
a secure replacement of rlogin, rsh, rcp, etc. Links about SSH:
http://www.cs.hut.fi/ssh/
http://www.mathematik.uni-marburg.de/~hampel/system/net/Software/ssh/
http://www.datafellows.com
Kerberos provide encrypted authentication. Links about Kerberos:
http://www.faqs.org/faqs/kerberos-faq/general/index.html
http://www.pdc.kth.se/kth-krb
----------
From: Stephen Harris <sweh@mpn.com>
ssh is good. It can replace rsh and rcp with encrypted versions. It has
good security, can use RSA keys instead of normal passwords etc etc.
Automatically tunnels X sessions over the encrypted link and can tunnel
other data as well (eg FTP - if needed, scp is better! - and SQL*net and
others).
From: Graham Leggett <graham@vwv.com>
SSH will do everything you need to do. The "ssh" command replaces the
"rsh" command. If you connect to a remote box via ssh, and then run an X
program, the X connection between that program and your display will
also be encrypted. Another program as part of the SSH suite, "scp",
works like "rcp" (remote copy), and allows encrypted file transfers,
replacing ftp.
From: "Eric D. Pancer" <eric@outlook.net>
Well you would use ssh for remote login, and scp for secure copying...like
rcp but secure.
you can also use ssh for tunneling in cases like getting mail from a
machine, etc..
From: Benjamin Cline <benji@hnt.com>
www.ssh.org is a good place to start for information about SSH. ssh
version 1.2 has support for a telnet like protocol and encrypted X
connections, version 2.x adds support for an FTP like protocol as well
(although the version 2.x license is much more restrictive, and pretty
much requires you to purchase a license for anything that isn't
hobby/education related).
For Kerberos, you might want to check out http://web.mit.edu/kerberos/www/
and the kerberos FAQ at
http://www.faqs.org/faqs/kerberos-faq/general/index.html.
From: u-kevin@megami.veritas.com (Kevin Sheehan - Uniq)
ssh - highly recommended.
From: Daniel Stringfield <dstringf@fccjmail.fccj.cc.fl.us>
We use SSH for our encrypted sessions. I usually only do telnet and X,
not FTP, but I know you can encrypt FTP sessions, according to the
documentation.
From: Rik Schneider <rik@netasset.com>
Kerberos provides encrypted autentication but doesn't encrypt the session.
ssh starts an encrypted session then allows authenication over the
encrypted channel. All communication via ssh is encrypted and depending
on your needs can be configured to support encrypted port forwarding (most
commenly used for X). the ssh distribution also includes a rcp type
client called scp for transfering files over an encrypted session.
You can get more information about kerberos at
http://www.pdc.kth.se/kth-krb/ and more information about ssh from
http://www.cs.hut.fi/ssh/
From: vadillo@rcp.net.pe (Enrique Vadillo)
i strongly recommend that you use ssh, i use it for encrypted rsh,
encrypted ftp, encrypted rcp, all thru firewall or eliminating telnetd,
allowing only port 22 (or any other of your chioce) instead of port 23
From: Dave McFerren <davem@solve.net>
I have used ssh for everything from telnet to backups to remote administration.
Works like a champ.
From: "Steve Kay" <steve@peachy.com>
Not sure where I downloaded it from : a quick hotbot search should find it,
but ssh is great. Use it for (among other things) rsh between boxes and
also ufsdumping across the network : stops /etc/shadow being sent across the
network as clear text.
From: Timothy Lorenc <lorenct@load.com>
Check out a commercial product by Data Fellows
They have an F-Secure client/server product.
From: Jochen Bern <bern@penthesilea.uni-trier.de>
Both deal with cryptographic tokens, however, while ssh leaves
the hosts' user management alone and just improves authentication
and encryption between them, Kerberos requires that management of
users and their access rights be centralized on (high availability)
Kerberos servers. One more thing I know of is SESAME, it was
announced as being basically something like Kerberos, but with
support for hierarchic server structures and such. (I have to admit
that I never actually used or tried Kerberos or SESAME.)
ssh replaces the BSD r* tools (i.e., you have an rsh-lookalike 'ssh'
that you can use instead of telnet between Unix hosts and a rcp-
lookalike 'scp' that can replace (non-anonymous) ftp between Unix
hosts, *and* it supports "tunneling" other connections through
the encrypted ssh connection, with X11 getting tunneled by default.
There is an encrypted variant of telnet, called STel if I remember
correctly, but when I looked at it and at ssh, I found ssh to be
easier to install and maintain.
From: Sebastian Benoit <benoit@Mathematik.Uni-Marburg.de>
I have not used Kerberos - however we are thinking about setting it up at
our site.
ssh is used here. From what I know, Kerberos is good for communication
between host, that are under your administrative control. SSH on the other
hand can be used to make secure connections over the Internet - even
between hosts that belong to different organisations. Security of ssh is
in the hands of the user.
Encrypted SSH sessions work very well. We are only using remote login
(equivalent to rsh) and encrypted X-Windows. I have not tried ftp
tunneling.
Since SSH is far easier to set up, go with ssh first. Then think about
kerberos.
Our ssh documentation-page is at
http://www.mathematik.uni-marburg.de/~hampel/system/net/Software/ssh/
(links to free Win NT - Clients ...)
------------
Regards.
--
Francisco Javier Arias Correa
NIC-Mexico, ITESM campus Monterrey
http://www.nic.mx
E-mail: farias@nic.mx
Tel. +52 8 328 43 73, fax +52 8 328 42 08
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:49 CDT