First, the original questions:
Brian Exelbierd wrote:
> We are considering implementing a secure telnet solution and I was
> curious if anyone here had any caveats or experience? What software did
> you use, both on the client and server side? Did you continue to allow
> unsecured access? Can you restrict logins on certain ids to secure only
> access?
>
> The majority of our clients are utilizing windows 95, and we are looking
> at SecureCRT from Vandyke (www.vandyke.com). We are currently running
> Solaris 2.6, and several other unixes.
Overwhelmingly people recommended the ssh daemon for use.
It is available from ftp.cs.hut.fi/pub/ssh
For commercial use you must purchase through DataFellows.
On the client side the ssh client was endorsed and everyone was very
positive about secure CRT.
Other clients mentioned included:
F-Secure from DataFellows www.datafellows.com (works with Exceed too)
Tera Term Pro
secure shell (ssh) - available http://www.uni-karlsruhe.de/~ig25/ssh-faq/
tcp wrappers
One caveat is that SecureCRT only supports version 2.0.x of SSH, not version
1.x.
I got only one policy response:
We do not allow unsecured access to internet machines. Internal machines,
by the nature of who needs to access them, continue to allow insecure
access, but we do not allow the rhost-type services.
Other comments of note:
COOKEEA@mail.northgrum.com:
Hughes sells a product that is flexible enough to do what you want. It's
called Netlock. Sorry no other current info available. I have used the
product in the past, and it works well.
MELENNEC_Ronan@cena.dgac.fr:
I am looking at SRP (Secure Remote Password) from Stanford University.
SRP Telnet is backward-compatible, i.e. it can connect to an old-style,
plaintext-password telnet server.
I got hold of it only last week, therefore I am not yet able to give more
comments.
See <http://srp.stanford.edu/srp> for more information.
Sources are included. Site also has comparison with SSH and other protocols.
I am going to propose the implementation of the SecureCRT with the
DataFellows SSH daemons for our unix boxes. Given our environment, the
elimination of non-encrypted telnet is probably not an option.
Thanks to everyone for the great information:
Auteria Wally Winzer Jr. wally.winzer@ChampUSA.COM
Greg Obremski obremski@alpha.fdu.edu
David L. Markowitz David.Markowitz@litronic.com
Kelly Setzer setzer@telalink.net
Cooke, Earl R. COOKEEA@mail.northgrum.com
u-kevin@veritas.com
Swee-Chuan Khoo sckhoo@asiapac.net
Patrick Shannon pshannon@macromedia.com
Roy S. Rapoport rsr@macromedia.com
Timothy Lorenc lorenct@ix.netcom.com
Justin Clift vapour@digitaldistribution.com
Ronan MELENNEC MELENNEC_Ronan@cena.dgac.fr
Jim Seavey jwseavey@norseaconsulting.com
Graham Leggett graham@vwv.com
Andrew Kyle andrew_kyle@CommerzbankZGE.com
Au , Louis LAu@bridge.com
Robert L. Harris Robert.Harris@gwl.com
Ka Kau Chan kkc@ans.net
Jason Harrell jlharrl@accessus.net
Rodney Marable marable@netgen.com
Jason K Schechner FiXXiT@off-road.com
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:52 CDT