[160] in Best-of-Security
BoS: stelnet-1.0.1 released
daemon@ATHENA.MIT.EDU (Simon J. Gerraty)
Sat May 17 23:00:10 1997
Date: Sun, 18 May 1997 00:10:24 +1000 (EST)
From: "Simon J. Gerraty" <sjg@quick.com.au>
Cc: sjg@quick.com.au
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
[machine crashed the other day, just as I sent this...]
Secure telnet
I guess this is a bit of a yawn by now, especially for anyone who is
actually still waiting for my stelnet :-) However I'm pleased to
announce that stelnet.tar.gz
Can be down-loaded from ftp://ftp.quick.com.au/pub/sjg/ or
http://www.quick.com.au/ftp/pub/sjg/
stelnet includes SSL based authentication and encryption compatible
with Tim Hudson's SSLtelnet, as well as my own HPW authentication and
DES based encryption.
Why am I releasing yet another secure telnet when ssh and SSLtelnet
are available? Simply because it _is_ telnet, and it is based on a
later code base than other secure telnet's I've seen. I've personally
used it daily on NetBSD, SunOS, Solaris and HP-UX systems for a few
years now and have built it for others on IRIX, Solaris/x86 and
Ultrix.
The original SSL patches were done by Tim Hudson (SSLtelnet), but have
been almost completely re-worked to use my libsslfd (included in
SSLrsh.tar.gz so you need that too). The end result is much cleaner
integration of the crypto code. Anyway, if there are bugs, blame me,
not Tim.
Have a look around http://www.quick.com.au/ftp/pub/sjg/help/ for more
info.
Note, I do all my building using the current BSD make(1), and while
stelnet.tar.gz still contains all the original makefiles, I've not
used or updated them for years, so I can promise they won't work.
So if you are not using a modern BSD, need to obtain bmake, my
bmake.tar.gz in the same directory uses GNU configure so should build
reasonably easily - it certainly does on SunOS,Solaris,HP-UX and IRIX.
stelnet-1.0.1.tar.gz contains
stelnet
stelnetd
login
and
stpasswd
The login(1) is derived from the NetBSD one and can be used on
systems where login(1) does not support -f. It also supports s/key
challenge response.
The stpasswd is a tool that allows you to keep a separate passwd
database for my HPW authentication method - default is to just use
/etc/passwd. HPW is a nice simple authentication method that uses the
hashed passwd as a shared secret key to authenticate without sending
the passwd over the net. It currently still has some reliance on an
unofficial option TELOPT_PKE which I used years ago before SSLeay came
along, so you may choose to disable it if such unofficialdom gives you
the shudders.
I'm sure I've left something out...
--sjg
