From owner-freebsd-security Sun Feb 26 15:32:12 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id PAA11419 for security-outgoing; Sun, 26 Feb 1995 15:32:12 -0800 Received: from UUCP-GW.CC.UH.EDU (root@UUCP-GW.CC.UH.EDU [129.7.1.11]) by freefall.cdrom.com (8.6.9/8.6.6) with SMTP id PAA11319; Sun, 26 Feb 1995 15:28:48 -0800 Received: from Taronga.COM by UUCP-GW.CC.UH.EDU with UUCP id AA16736 (5.67a/IDA-1.5); Sun, 26 Feb 1995 17:07:56 -0600 Received: by bonkers.taronga.com (smail2.5p) id AA11989; 26 Feb 95 16:34:34 CST (Sun) Received: from localhost (localhost [127.0.0.1]) by bonkers.taronga.com (8.6.8/8.6.6) with SMTP id QAA11986; Sun, 26 Feb 1995 16:34:34 -0600 Message-Id: <199502262234.QAA11986@bonkers.taronga.com> X-Authentication-Warning: bonkers.taronga.com: Host localhost didn't use HELO protocol To: "Jordan K. Hubbard" Cc: hackers@freefall.cdrom.com, security@freefall.cdrom.com Subject: Re: key exchange for rlogin/telnet services? In-Reply-To: Your message of "Sun, 26 Feb 95 11:13:06 PST." <199502261913.LAA29658@freefall.cdrom.com> X-Mailer: exmh version 1.4.1 7/21/94 Date: Sun, 26 Feb 1995 16:34:31 -0600 From: Peter da Silva Sender: security-owner@FreeBSD.org Precedence: bulk One half-baked answer. First, get SecureKey. The version I use, Hobbit's, is sitting on NMTI's anonymous FTP server smokey.neosoft.com in source, Alpha/OSF executable, and DOS executable. I'll ftp it over to freefall Mondey. It uses a challenge string/encrypted challenge response method to keep from passing passwords out to everyone. You don't get an encrypted session, but you don't need any special software or arrangements at the other end. A more complex answer is swIPe, which lets you run a complete encrypted IP session on top of an IP channel. This requires you have at least a secure site in the badguy's camp.