SUMMARY: encrypted ftp and/or skey on solaris

From: Anne Kilarjian (anne@cs.sunysb.edu)
Date: Fri Dec 03 1999 - 10:10:19 CST


Many thanks to everyone who replied. I have appended all the replies
since they were all useful. Another utility I found which folks might
be interested in is rsync (http://rsync.samba.org), an rcp like tool
that runs over ssh and uses a fast algorith to bring remote files into
sync using just the differences between them. also of interest are
SSL-itized apps available at ftp://ftp.psy.uq.oz.au:/pub/Crypto/SSLapps
though I haven't tried these out yet.

Anne Kilarjian

Original question:

What is anybody using to provide encrypted ftp to their real (not
anonymous) users other than ssh2? This would be for our users
coming in from outside systems where the sftp2 client might not be
available.

Also, does anyone have a version of skey that compiles under Solaris 2.6?

From: Tim Carlson <tim@santafe.edu>

What about ssh1 and
scp

ssh2 isn't that widely used to due to the odd licensing

> Also, does anyone have a version of skey that compiles under Solaris 2.6?

I have an old version that seems to compile. Let me know if you need the
source.

Tim

From: Magnus Bergman <trident@trisec.net>

Well, if installation of a special client is not possible I guess it'll
be quite hard to get encryption... I usually just use sftp or scp.

> Also, does anyone have a version of skey that compiles under Solaris 2.6?

skey is included in Wietse Venemas logdaemon-package that is located at:
ftp://ftp.porcupine.org/pub/security/logdaemon-5.7.tar.gz.

Regards //Magnus

From: Charles Nguyen <ctn@umn.edu>

For SKEY, I am using logadaemon written by Wietse Venema. There is an
option to replace /bin/login with an SKEY version, but I do not want to
force my users to have to use SKEY, so I have an account called otp that is
open, and from there, it will give you the challenge string. Feel free to
ask me anything you need. I have it compiled under 2.6 as you requested.

Charles

From: gabriel rosenkoetter <gr@cs.swarthmore.edu>

Try SRP, http://srp.stanford.edu/srp/. The down side is that it must
use its own login and has to add stuff to /etc (it's on brand of
/etc/passwd).

Also, scp (ssh1) works just fine for transfering files, and some
non-UNIX clients are starting to support it (NiftyTelnet 1.1 SSH r3 for
Mac OS does, http://www.lysator.liu.se/~jonasw/freeware/niftyssh/). Of
course, those other clients would all be illegal in the US.

       ~ g r @cs.swarthmore.edu

From: Edwards Philip M Ctr AFRL/SNRR <Philip.Edwards@sn.wpafb.af.mil>

ssh1. :-) I know, it's not what you wanted to hear, but even if they don't
have ssh2 (we don't because of those licensing reasons), it is still
possible to have an encrypted session using the ssh1 client. (It is /not/
easy, but it is possible.)

From: vogelke@c17mis.region2.wpafb.af.mil

   If you have a webpage, you could compile Apache with SSL, use basic
   authentication, and let them connect to https://whatever and download
   via Netscape or Explorer. We're moving in that direction.

-- 
Karl Vogel

From: Craig Raskin <raskin@compusec.org>

You can get a copy of opie (One-Time Passwords in Everything) from:

ftp://ftp.nrl.navy.mil/pub/security/opie

or:

ftp://ftp.inner.net/pub/opie

From: Rajeev Kumar <rxk@fluent.com>

OPIE: http://inner.net/opie

Rajeev



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:34 CDT