secure telnet from dos box to linux box

secure telnet from dos box to linux box

Post by Alan J. Flavel » Mon, 18 Jan 1999 04:00:00




You did't really mean DOS, I see...

Quote:>   Before, I would just telnet in, but now i realize how easy it is to run
> packet sniffers and grab passwords from people doing just what i was doing.
> How can i make the linux box only offer login ability through an encrypted
> connection?  

Install ssh (v1 would be fine, i.e 1.2.26) on the linux box, and ttssh
on Win9x.  Works great.  With the latest ttssh, if you have an X server
(eXceed or whatever) on 'doze you can run secure X sessions too.
http://www.zip.com.au/~roca/ttssh.html

ssh has its own usenet group, so raise any detailed questions there:
comp.security.ssh

 
 
 

secure telnet from dos box to linux box

Post by Tony Langd » Wed, 20 Jan 1999 04:00:00


It's 18 Jan 99  16:16:09,

discussion of secure telnet from dos box to linux box

 ch> Before, I would just telnet in, but now i realize how easy it is to
 ch> run packet sniffers and grab passwords from people doing just what i
 ch> was doing.  How can i make the linux box only offer login ability
 ch> through an encrypted connection?  I don't want passwords from login
 ch> prompts or su commands to go over the network as plain text, as i think
 ch> thats how the computer was comprimised the first time. What progam
 ch> should I then use to remotely login to the linux box.  I need to know
 ch> what to use when logging in from my Win98 computer, and what to use
 ch> when logging in from other linux computers.
 ch> If it helps any, my hosts.deny and hosts.allow look like this:

Install SSH on the Linux box and configure it to accept logins only from
where you want (sshd runs as a daemon, so hosts.allow etc won't help).

On the Windows client, you can pay for commercial SSH clients, but for a
freebie, locate Tera Term Pro (can find it on winfiles.com), follow the
link to the home page and download the latst version.  From the tera
Term home page, you can access a link to an SSH extension, which will
turn it into a full blown SSH client.  The setup works quite well. :-)

Then, it's up to you whether you want to continue using (encrypted)
passwd authentication on your Linux box, or configure sshd to only
accept a key system. :)  With this configuration, sshd won't accept a
login, unless you possess the required key pair for both your machine
and the Linux box. :)

At this point, you can safely kill off the telnet and rsh services. :)

However, you still have to watch what else you run on your Linux box.
ssh does nothing to guard against buffer overflow exploits and the like
against other daemons running on your box. :)

.. Do computers on ships run Microsoft Portholes?
--
|Fidonet:  Tony Langdon 3:633/284.18

|
| Standard disclaimer: The views of this user are strictly his own.

 
 
 

secure telnet from dos box to linux box

Post by Alan J. Flavel » Wed, 20 Jan 1999 04:00:00



Quote:> Install SSH on the Linux box and configure it to accept logins only from
> where you want

With respect, I said that quite a while back on this thread, along with
recommending the latest ttssh (1.4), which also supports X forwarding.

Quote:> (sshd runs as a daemon, so hosts.allow etc won't help).

That's a confusing and inaccurate statement.  See below.

Quote:> However, you still have to watch what else you run on your Linux box.
> ssh does nothing to guard against buffer overflow exploits and the like
> against other daemons running on your box. :)

That's very true.

Now, about this hosts.allow thing.

hosts.allow/deny is a mechanism supported by libwrap.  You certainly
_can_ make use of that from sshd, and in one of two ways.

1. (recommended): build sshd using the --with-libwrap=/path/to/libwrap
option, then sshd (started up at initialisation time) will call the
libwrap functions to find out if it should allow the incoming call.

2. (feasible, and I've seen a few recommendations for it): have sshd
started per-call from inetd via tcp-wrappers.  Then tcp wrappers will
apply the libwrap rules to find out whether to start up sshd.

Either will do; you don't need both.  As i say, I recommend option (1).

[crossposted and f'ups set]

 
 
 

secure telnet from dos box to linux box

Post by Jeff Marke » Wed, 20 Jan 1999 04:00:00


As others have said, SSH is a good solution. SRP (Secure Remote
Protocol) is another solution, at least for protection from password
sniffing. More information on SRP can be found at

        http://srp.stanford.edu/srp/

#include <stddisclaim.h> /* I speak only for myself, not my employers. */
--
   Jeff Marker                           US West !NTERACT Internet Services
   Security Grue                         600 Stinson Blvd.

      "Nowhere is the meaning of life so evident as in the floating disk."

 
 
 

secure telnet from dos box to linux box

Post by Thomas W » Thu, 21 Jan 1999 04:00:00



>   Before, I would just telnet in, but now i realize how easy it is to run
> packet sniffers and grab passwords from people doing just what i was doing.
> How can i make the linux box only offer login ability through an encrypted
> connection?  I don't want passwords from login prompts or su commands to go
> over the network as plain text, as i think thats how the computer was
> comprimised the first time. What progam should I then use to remotely login
> to the linux box.  I need to know what to use when logging in from my Win98
> computer, and what to use when logging in from other linux computers.

Install SRP on your Linux box, and use one of the free SRP Windows
clients (I'd recommend TeraTermPro 2.2+SRP or Kermit95) on your Win98
box.  You might want to add ssh as well, but be sure to disable
cleartext password authentication when you're done!

  http://srp.stanford.edu/srp/
  http://www.ssh.fi/
--


  Phone: (650) 723-1565             mouse can crash Windows with one click."
   http://www-cs-students.stanford.edu/~tjw/   http://srp.stanford.edu/srp/

 
 
 

secure telnet from dos box to linux box

Post by Julian T. J. Midgl » Mon, 01 Feb 1999 04:00:00




>  Any help or advice would be greatly appreciated.  Thank you.

As several others have already said, ssh is the program you want.  The
web page below has links to three ssh clients for Windows, of which I
would recommend PuTTY most highly.  ssh for Linux can be found from
the usual sources (sunsite, etc.).

http://excession.ucam.org/~jtjm2

Note that the clients on this page may be used outside the US without
legal difficulty.  Those living inside the US should make certain they
have obtained the appropriate RSA libraries, to avoid infringing a
rather pathetic US Patent.

(And don't anyone get me started on US Export laws... ;-) )
--

Trinity Hall, Cambridge |  Excession: http://excession.ucam.org
"For every complex problem, there is a solution that is simple,
neat, and wrong."  (H. L. Mencken)

 
 
 

1. Cannot telnet into linux box (From WFWG to Linux Box)

 Hi. I am new to networking and I have a problem. I installed a SMC
network card on my linux which seems to be recognized at boot time. No
Network error messages either. I gave it an IP address of 111.112.113.114
and it seems to be okay. This is just a test setup of two machines.

I want to telnet from Windows for WorkGroups into the Linux machine, but
I get connection failed. When I type netstat, I get the following:

Active Internet connections
Proto Recv-Q Send-Q Local Address       Foreign Address         (State)
User
tcp        0      1 mark.budman:telnet  111.111.111.1:1025       SYN_RECV
root
.
.
.
Active UNIX domain sockets
Proto RefCnt Flags      Type            State           Path
unix  1      [ ACC ]    SOCK_STREAM     LISTENING       /var/run/gpmctl
unix  1      [ ACC ]    SOCK_STREAM     LISTENING       /dev/printer
unix  2      [ ]        SOCK_STREAM     CONNECTED       /dev/log
unix  2      [ ]        SOCK_STREAM     CONNECTED      
unix  1      [ ACC ]    SOCK_STREAM     LISTENING       /dev/log

It seems to be detecting that I am trying to log in but it always fails.

Anybody have any suggestions?

Thanks

2. 2 SCSI cards... Is that possible?

3. Linux box networked with Dos Box

4. pipe problem

5. Linux box as fileserver to DOS box via parallel?

6. gopher server software, where?

7. Problems with using PLIP between a Dos box and a Linux box, PLEASE help!

8. How to enable Shift-Numlock key combination?

9. How do I network Linux box to DOS box "on the cheap"?

10. Connecting a DOS box to a Linux box on an ethernet LAN

11. Connecting a Linux Box To a Dos Box, through a serial connection

12. Can Ping Windows Box, But Windows Box Can't Ping Linux Box

13. How to connect a linux box with a win95 box or OS/2 box?