[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: telnet: Encrypting the session key

To: lha@kth.se
Subject: Re: telnet: Encrypting the session key
From: Harald Barth <haba@pdc.kth.se>
Date: Wed, 31 May 2006 11:13:52 +0200 (MEST)
Cc: Ted.Percival@quest.com, heimdal-discuss@sics.se
In-Reply-To: <m2y7wjtvoq.fsf@nutcracker-2.local>
References: <4185301D58776E4E9A26D10F82232F7803B069@melmbxw01.prod.quest.corp><m2y7wjtvoq.fsf@nutcracker-2.local>
Sender: owner-heimdal-discuss@sics.se


> Want I want to see it more people stop using telnet and moving over to
> ssh/gssapi (both userauth and kex-exchange).

Reasons why that is not happening:

1 no ssh and sshd that support gssapi for both user and host key
  exhange on Unix (*) and expecially not on Windows.

2 no sshd implementaton where insecure and crufty code (**) is not
  compiled in.

3 no ssh implemenatation for Windows which has as good a terminal as ktelnet.

Please prove me wrong ;-)

I could help with 2 but not with 1 :-(

Harald.

(*) I know that I can patch my OpenSSH with Simon's patch. But that does not
    help my users who want to download ssh for their Unix and just have it
    working.

(**) ssh and sshd would be much smaller and more maintainable if they
     just could remove all code supporing insecure options like the
     old protocols and cleartext passwords. Noone but crackers use the
     ssh1 path through sshd any more. #ifdef UNSECURE_MORON_AT_WORK

References:
- telnet: Encrypting the session key
  - From: "Ted Percival" <Ted.Percival@quest.com>
- Re: telnet: Encrypting the session key
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: RE: telnet: Encrypting the session key
Next by Date: Re: using kpasswd with ldap db (0.7.2)
Prev by thread: RE: telnet: Encrypting the session key
Next by thread: Delegation Problems
Index(es):
- Date
- Thread