Received: from RELAY1.UU.NET by PCC.SSW.DHHS.GOV
(Soft-Switch Central V4L380P3); 10 Aug 1994 11:08:01 GMT
Received: from mycroft.GreatCircle.COM by relay1.UU.NET with SMTP
id QQxcjb18437; Wed, 10 Aug 1994 10:57:06 -0400
Received: from localhost by mycroft.GreatCircle.COM (8.6.5/SMI-4.1/Brent-940726)
id NAA29066; Wed, 10 Aug 1994 13:00:34 GMT
Received: from panix.com by mycroft.GreatCircle.COM (8.6.5/SMI-4.1/Brent-940726)
id GAA29060; Wed, 10 Aug 1994 06:00:25 -0700
Received: by panix.com id AA02442
(5.67b/IDA-1.5 for firewalls @
greatcircle .
com); Wed, 10 Aug 1994 09:04:05 -0400
From: John Hawkinson <jhawk @
panix .
com>
Message-Id: <199408101304 .
AA02442 @
panix .
com>
Subject: Re: s/key whine...
To: hobbit @
bronze .
lcs .
mit .
edu (*Hobbit*)
Date: Wed, 10 Aug 1994 09:04:04 -0400 (EDT)
Cc: firewalls @
GreatCircle .
COM, skey-users @
thumper .
bellcore .
com
In-Reply-To: <199408100829 .
EAA08701 @
bronze .
lcs .
mit .
edu> from "*Hobbit*" at Aug 1
04:29:00 am X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type:
text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 236
Sender: Firewalls-Owner @
GreatCircle .
COM Precedence: bulk
> From: hobbit @
bronze .
lcs .
mit .
edu (*Hobbit*)
> To: firewalls @
greatcircle .
com
This doesn't belong on firewalls, but rather on skey-users.
Please don't cc firewalls on replies.
> The various versions of s/key I've found around the net seem to boil
> down to two rather divergent sources, and now Mjr is putting in his
> own hacks. There are a mess of hacks I want to put in, too, and I'm
> getting really frustrated trying to figure out what the "right"
> starting source is, and whether the login and/or ftpd contained
> therein is worth a hoot.
It seems that there are right now three major splinter versions:
1) The original s/key from thumper, /pub/nmh; this is clearly
a fine version to start with, but has various problems,
nonportabilities, etc.
2) Scott Chasin's various hacks from crimelab.com; much of these
seem OK, however Scott seems to be unable to stay on the net for
long periods of time, and I've heard nothing about the beta version
that was so hyped back a few months ago; certain versions have also
disappeared from anon ftp, ominously.
3) NRL (Ran Atkinson et al)'s modified version of s/key which also
supports MD5, is freely exportable, and is based on 1)
(so is essentially a newer version of 1)). This also contains
Marcus' hacks. Get this from thumper in /pub/nmh/nrl.
There's also a minor splinter, which I haven't looked at closely:
NetBSD supports skey out of the box, however all of the key programs
are renamed to skey (key to skey, keyinit to skeyinit, etc.).
NetBSD's login supports skey auth if you enter "s/key" in the password
field. Like so:
NetBSD/i386 (zorkmid.gue.org) (ttyp0)
login: jhawk
Password:
[s/key 992 zork42220]
Response:
Out of these, I would recommend using the NRL version.
> And I still can't find the "automatic" DOS client.
It's on thumper in nmh/dos/termkey.exe;
> Am I just being dense, or is the whole thing really in a bit of a
> shambles?
Yes :-)
> This *is* firewalls-relevant, because I see s/key as one of several
> interesting ways for authorized people to punch small holes in their
> own defenses from the outside so they can "call home" securely...
Perhaps, but its far more skey-relevant, and really discusses specific gripes
w/ skey rather than firewalls per se, and as such should be discussed on the
s/key list.
--
John Hawkinson
jhawk @
panix .
com
This is a reply
|
|
