From owner-freebsd-hackers Tue Oct 24 12:44:05 1995 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id MAA28304 for hackers-outgoing; Tue, 24 Oct 1995 12:44:05 -0700 Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.20.4]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id MAA28295 for ; Tue, 24 Oct 1995 12:43:54 -0700 Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id OAA03539; Tue, 24 Oct 1995 14:43:22 -0500 From: Joe Greco Message-Id: <199510241943.OAA03539@brasil.moneng.mei.com> Subject: Kerberized Encrypted Telnet for 2.0.5R To: hackers@freebsd.org Date: Tue, 24 Oct 1995 14:43:21 -0500 (CDT) X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@freebsd.org Precedence: bulk The question: how to prevent people from indiscriminately snooping on Ethernets and stuff. I don't like people to see what I am doing via telnet - especially if it involves su :-) Since people had asked, and some other side issues forced me to, I thought it was time to re-do my Kerberized encrypted telnet under 2.0.5R. There weren't many changes from the 2.0R stuff I posted many moons ago. Made a great lunchtime project. For the brave amongst us, I thought I would share my notes on how I did it. Please pardon the format. It was designed to allow easy cut'n'paste operation. It is not guaranteed to be 100% correct as it was modified as I went along, but it should hit all the key items you need in order to get the code compiled and installed. Prerequisites: a 2.0.5R system loaded with the DES and Kerberos distributions. Kerberos configured and operational. ----------------->%----------------------- Install /usr/src/secure, /usr/src/eBones sources Install 4.4BSD-Lite/usr/src/kerberosIV Install /usr/src/lib/Makefile.inc # A few strategic substitutions. The eBones DES is lacking some functions # we need - so we steal them from 4.4BSD-Lite kerberosIV. cd /usr/src/eBones mv des des.eBones mv /usr/src/kerberosIV/{des,make_key_perm,make_p_table,make_s_table,make_ip,make_p,make_fp,make_odd} . cp /usr/src/kerberosIV/include/mit-copyright.h include foreach i ( make_key_perm make_p_table make_s_table make_ip make_p make_fp make_odd ) ln -s . $i/obj end make; make install # Build the securelibs. Add SHLIB_MAJOR?= 2 SHLIB_MINOR?= 0 to /usr/src/secure/Makefile.inc Add CFLAGS+=-DAUTHENTICATION -DENCRYPTION -DDES_ENCRYPTION -DKRB4 -I/usr/include/kerberosIV to /usr/src/secure/lib/libtelnet/Makefile Edit /usr/src/secure/lib/Makefile, changing SUBDIR= libcipher libcrypt to SUBDIR= libcipher libcrypt libtelnet cd /usr/src/secure/lib make; make install # Build the executables. Note: I was only interested in telnet/telnetd. remove comment chars from CFLAGS+=-DAUTHENTICATION -DENCRYPTION LDADD+= -lkrb -ldes in /usr/src/secure/libexec/telnetd/Makefile cd /usr/src/secure/libexec/telnetd make; make "DESTDIR=" "BINDIR=/usr/libexec" install remove comment chars from CFLAGS+=-DTERMCAP -DKLUDGELINEMODE -DUSE_TERMIO -DAUTHENTICATION -DENCRYPTION ^------- CFLAGS+= -DKRB4 LDADD+= -lkrb -ldes in /usr/src/secure/usr.bin/telnet/Makefile make; make "DESTDIR=" "BINDIR=/usr/bin" install # Test it. > telnet -a -x -l jgreco smyrno.sol.net Trying 206.55.64.117... Connected to smyrno.sol.net. Escape character is '^]'. [ Trying KERBEROS4 ... ] [ Kerberos V4 accepts you ] [ Kerberos V4 challenge successful ] Last login: Tue Oct 24 14:27:24 from smyrno Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 2.0.5-RELEASE (GENERIC) #0: Sat Jun 10 10:46:56 1995 > telnet> status Connected to smyrno.sol.net. Operating with LINEMODE option No line editing Local catching of signals Special characters are local values Remote character echo Local flow control Currently encrypting output with DES_CFB64 Currently decrypting input with DES_CFB64 Escape character is '^]'. Wasn't that ever easy! ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847