From owner-freebsd-security Mon Oct 9 19:55:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id D04DC37B66C for ; Mon, 9 Oct 2000 19:55:38 -0700 (PDT) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.9.3/8.9.3) id NAA78045; Tue, 10 Oct 2000 13:55:36 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from disc-4-161.aipo.gov.au(10.0.4.161) by pericles.IPAustralia.gov.au via smap (V2.0) id xma078029; Tue, 10 Oct 00 13:55:08 +1100 Received: from localhost (anwsmh@localhost) by stan.aipo.gov.au (8.9.3/8.9.3) with ESMTP id NAA12538; Tue, 10 Oct 2000 13:55:04 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) X-Authentication-Warning: stan.aipo.gov.au: anwsmh owned process doing -bs Date: Tue, 10 Oct 2000 13:55:03 +1100 (EST) From: Stanley Hopcroft X-Sender: anwsmh@stan.aipo.gov.au To: Security@FreeBSD.ORG Cc: Carl Makin , shaddon@IPAustralia.Gov.AU Subject: What is this and how do I control it ? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Ladies and Gentlemen, I am writing to say that when I telnet to a 4.1-RELEASE machine (with librsaINTL and the base crypto distribution installed) from a similar client I see, Trying 10.0.100.252... Connected to tsitc.aipo.gov.au. Escape character is '^]'. Trying SRA secure login: User (anwsmh): What does this mean and how do I manage it ? This telnet client, ktelnet 0.61 seems to negotiate the telnet authentication and encryption options by itself (!) but the FreeBSD telnet, invoked from an rxvt does not get this distinctive SRA secure login prompt. ( Telnet to the same server from an rxvt on the same client :- > telnet tsitc Trying 10.0.100.252... Connected to tsitc.aipo.gov.au. Escape character is '^]'. FreeBSD/i386 (tsitc.aipo.gov.au) (ttyp5) login: ) A trace shows the client asking for Authentication and Encryption telnet options, the server agreeing, and an exchange of Auth strings. The password is not sent in clear text but the subsequent session data is. What means of authentication do they use ? This is great, but I would like to know what is happening and how to reliably reproduce it eg from rxvts on the same client host, from ktelnet 0.61 on another machine. Thank you. Yours sincerely, S Hopcroft Network Specialist IP Australia +61 2 6283 3189 +61 2 6281 1353 FAX To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message