Correction: SUMMARY: Secure Telnet

From: Brian Exelbierd (bcexelbi@controller.osc.state.nc.us)
Date: Tue Nov 10 1998 - 14:03:28 CST


Apparently SecureCRT works fine with 1.x SSH daemons. I did not test
the information I was given that was contrary. I have received success
reports specifically naming 1.2.26.

Sorry for any confusion,

bex


attached mail follows:


First, the original questions:

Brian Exelbierd wrote:

> We are considering implementing a secure telnet solution and I was
> curious if anyone here had any caveats or experience? What software did
> you use, both on the client and server side? Did you continue to allow
> unsecured access? Can you restrict logins on certain ids to secure only
> access?
>
> The majority of our clients are utilizing windows 95, and we are looking
> at SecureCRT from Vandyke (www.vandyke.com). We are currently running
> Solaris 2.6, and several other unixes.

Overwhelmingly people recommended the ssh daemon for use.
It is available from ftp.cs.hut.fi/pub/ssh
For commercial use you must purchase through DataFellows.

On the client side the ssh client was endorsed and everyone was very
positive about secure CRT.

Other clients mentioned included:

F-Secure from DataFellows www.datafellows.com (works with Exceed too)
Tera Term Pro
secure shell (ssh) - available http://www.uni-karlsruhe.de/~ig25/ssh-faq/
tcp wrappers

One caveat is that SecureCRT only supports version 2.0.x of SSH, not version
1.x.

I got only one policy response:

rsr@macromedia.com

We do not allow unsecured access to internet machines. Internal machines,
by the nature of who needs to access them, continue to allow insecure
access, but we do not allow the rhost-type services.

Other comments of note:

COOKEEA@mail.northgrum.com:
Hughes sells a product that is flexible enough to do what you want. It's
called Netlock. Sorry no other current info available. I have used the
product in the past, and it works well.

MELENNEC_Ronan@cena.dgac.fr:
I am looking at SRP (Secure Remote Password) from Stanford University.

SRP Telnet is backward-compatible, i.e. it can connect to an old-style,
plaintext-password telnet server.

I got hold of it only last week, therefore I am not yet able to give more
comments.

See <http://srp.stanford.edu/srp> for more information.

Sources are included. Site also has comparison with SSH and other protocols.

I am going to propose the implementation of the SecureCRT with the
DataFellows SSH daemons for our unix boxes. Given our environment, the
elimination of non-encrypted telnet is probably not an option.

Thanks to everyone for the great information:

Auteria Wally Winzer Jr. wally.winzer@ChampUSA.COM
Greg Obremski obremski@alpha.fdu.edu
David L. Markowitz David.Markowitz@litronic.com
Kelly Setzer setzer@telalink.net
Cooke, Earl R. COOKEEA@mail.northgrum.com
    u-kevin@veritas.com
Swee-Chuan Khoo sckhoo@asiapac.net
Patrick Shannon pshannon@macromedia.com
Roy S. Rapoport rsr@macromedia.com
Timothy Lorenc lorenct@ix.netcom.com
Justin Clift vapour@digitaldistribution.com
Ronan MELENNEC MELENNEC_Ronan@cena.dgac.fr
Jim Seavey jwseavey@norseaconsulting.com
Graham Leggett graham@vwv.com
Andrew Kyle andrew_kyle@CommerzbankZGE.com
Au , Louis LAu@bridge.com
Robert L. Harris Robert.Harris@gwl.com
Ka Kau Chan kkc@ans.net
Jason Harrell jlharrl@accessus.net
Rodney Marable marable@netgen.com
Jason K Schechner FiXXiT@off-road.com



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:52 CDT