Damien Miller wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Thu, 7 Nov 1996, Lawrence Beobachter wrote:
>
> > Hello!
> >
> > I tried tcpdump on FreeBSD and it turned out that login information
> > during telnet sessions as well as USER and PASS info sent by pop-client
> > are both xmitted in plain text <shudder>.
> > Is there any solution besides S/Key (please, include pointers) to
> > block this don't-know-how-to-call-it hole.
>
> Have a look at SSLeay and SSLtelnet. SSL is an excellent freeware
> implementation of Netscape's SSL (Secure Socket Layer) encryption
> standard. SSL telnet is a patched version of telnet and telnetd which can
> use SSL.
>
> I have SSL telnet configured on our firewall machine to reject all
> non-encrypted telnet connections.
>
> You can get clients for Windows and unix. There are also freely available
> SSLftp and a SSL version of apache.
>
> ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL (SSL library)
> ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps (SSL apps)
>
> Regards,
> Damien Miller
>
Does Linux do the same thing too?
Regards,
Chai
Follow-Ups:
References:
|
|
