[1865] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Services not required?

daemon@ATHENA.MIT.EDU (Michael H. Warfield)
Sun Jun 14 08:45:09 1998

From: "Michael H. Warfield" <mhw@wittsend.com>
To: bkw@weisshuhn.de (Bernhard Weisshuhn)
Date: Wed, 10 Jun 1998 18:25:40 -0400 (EDT)
Cc: linux-security@redhat.com
In-Reply-To: <19980609190324.34246@intranet.weisshuhn.de> from "Bernhard Weisshuhn" at Jun 9, 98 07:03:24 pm
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

Bernhard Weisshuhn enscribed thusly:

> Andrew Frolov (dron@ilm.net) wrote:

> > JUST CLOSE TELNET SERVICE!
> > Force your users to use ssh - there are already 2 clients for windows, 
> > aik: SecureCRT and SSH for Windows.

> I wish there would be.

> AFAIK SecureCRT is in semi-public beta (download for U.S. citizens
> only), and the free ssh for windows client is a proof of concept
> implementation at best. Slow and painfull.

	You must not be looking very hard.  I believe there are at least
three ssh clients for Windows, not just the original one that I believe
you are referring to.  At least one ssh package for Windows includes
an ssh server.  I believe that's the package that's come out of the GNU
Win32 project.

> There definitely is a strong need for a free and powerfull ssh-Client for
> Windows (and probably MacOS), just as we need a nice looking GUI-client
> doing something like ftp, only with encryption (for passwords at least).
> Not for us Real Men[tm], but for the lusers that force us to keep
> those sniffable services running. Or would you like to tell your
> customers to install a real OS only to be able to update their webpages?

> Might be a nice opportunity for a startup software company to get into
> the heads of gazillions of Internet-Users, did I hear somebody say
> 'Telnetscape' ? ;)


> > > > > 110/POP3      (Katie Steven's v1.016)
> > > 
> > > I don't know if that version is secure, but it's a sniffable service.

> Are there any ssl-based replacements for pop/imap in the works? Or any
> other cryptographical correct approach?

	There is a port designation for imaps (SSL IMAP), 993, and pop3s
(SSL POP3), 994.  I do know from first hand experience that both Netscape
and MS Outlook support SSL IMAP natively.  AFAIK neither support pop over
SSL.  I've set up a couple of SSL IMAP servers by using edssl to map from
SSL IMAP on port 993 over to the IMAP server on port 143.  You can map
any tcp connection through SSL using eassl on the client side and edssl on
the server side.  The tricky part is getting a server certificate for edssl.
Verisign doesn't have a clue if it doesn't have anything to due with https
and a web server.

> regards,
> Bernhard

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

[mod: Sorry for the moderation backlog. I'm uptodate again now. There
have been a bunch of posts naming ways to get an encrypted login on a
unix server from windows clients. I've just grabbed the URLs that
people named and put them below:

http://www.doc.ic.ac.uk/~ci2/ssh/ 
http://cannibal.mi.org/~tawollen/computer.html
http://www.cs.hut.fi/ssh
http://www.pdc.kth.se/kth-krb/
http://www.vandyke.com/download/beta/SecureCRT/index.html
http://www.europe.datafellows.com/f-secure/fclintp.htm
ftp://ftp.pdc.kth.se/pub/krb/binaries/i386-unknown-winnt4.0/krb4-gui-980226.zip
ftp://ftp.pdc.kth.se/pub/krb/src/krb4-0.9.9.tar.gz
http://srp.stanford.edu/srp/
ftp://ftp.funet.fi/pub/unix/security/login/nrl-opie

Regards, Roger ]

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post