Date: Wed, 02 May 2001 07:26:52 -0700 From: Nick Sayer <nsayer@quack.kfu.com> To: Nick Barnes <Nick.Barnes@pobox.com> Cc: freebsd-stable@freebsd.org Subject: Re: telnet sometimes gets "SRA secure login" prompt?? Message-ID: <3AF0192C.1020900@quack.kfu.com> References: <17266.988806786@thrush.ravenbrook.com>
index | next in thread | previous in thread | raw e-mail
Nick Barnes wrote: > Somewhat off-topic for -stable, but I just noticed this on my -stable > machine (cvsup'ed last week): > > What is the "Trying SRA secure login" prompt that I sometimes get from > telnet? SRA is an encrypted authentication technique. It means that your username and password will be DESed with a Diffie-Hellmen derived session key rather than sent over as plaintext. > What controls when I get that (as opposed to the regular > telnet prompt)? 1. You didn't actually disable it (RTFM for the various ways) 2. Both the server and client support it. > Is this something to do with installing the crypto > distribution? Yes. From 4.3 authentication is attempted by default in telnet. > In particular, does it appear if I have installed the > crypto distrib on both source and target of the telnet? Yes. SRA is not as secure as ssh. In particular, it only uses DES, the DH constants are on the small side and it is vulnerable to a monkey-in-the-middle attack. But it is better than nothing (plaintext). Because its encryption is weaker than ssh, it may be legal in some jurisdictions where ssh is not (IANAL, so do your own legal research). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the messagehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AF0192C.1020900>