I have a customer who wants an ftp client / ftpd with some level of
cloaked passwd / login on the command channel.
Is there either an RFC or somebody who offeres a patch to a popular ftpd
source or ?? for adding this simple level of ftp client to server
security. We would be happy to add NEW code to both the client and server
sides as we are doing this for other reasons anyway.
I use the term *cloaked* because this is not a 40bit DES need, but a
patch to wu-ftpd for simple encrypting the passwd and login would be
welcome??
Hardware solutions with an encrypting box on the LAN is much too big
a deal and more $$ than this warrents.
How about a simple function call encrypting package, simular to crypt() that
I can fetch off the net and add to my ftp client and server source?
Thanks so much.
curt.
--
Curt Smith
cu...@compgen.com
>I have a customer who wants an ftp client / ftpd with some level of
>cloaked passwd / login on the command channel.
You can do this fairly easily using ssh. See the SSH FAQ
at http://www.uni-karlsruhe.de/~ig25/ssh-faq/, Question 4.8,
for an example.
However, be aware that you may have some legal difficulty running ssh,
due to US software patents.
--
Thomas Koenig, Thomas...@ciw.uni-karlsruhe.de, ig...@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.
: Is there either an RFC or somebody who offeres a patch to a popular ftpd
: source or ?? for adding this simple level of ftp client to server
: security. We would be happy to add NEW code to both the client and server
: sides as we are doing this for other reasons anyway.
The CMU Andrew folks have a Kerberized/AFS-hacked wu-ftpd (2.4.2b5)
and 4.4BSD client package; it has defines to be built without AFS,
etc. so it is fairly flexible/extensible.
http://andrew2.andrew.cmu.edu/dist/ftp.html
---
Douglas Song <dug...@umich.edu>
University of Michigan ITD GPCC Unix Services
www: http://www-personal.umich.edu/~dugsong
pots: 313.763.4736 fax: 313.763.8937 pgp: C70DE5E5
>I have a customer who wants an ftp client / ftpd with some level of
>cloaked passwd / login on the command channel.
>
>Is there either an RFC or somebody who offeres a patch to a popular ftpd
>source or ?? for adding this simple level of ftp client to server
>security. We would be happy to add NEW code to both the client and server
>sides as we are doing this for other reasons anyway.
You can use the OPIE one-time password package to provide one-time
passwords on an ftp login. It is not "encrypted" but it does protect
against passive eavesdropping attacks. Source and Windows/Mac calculators
are freely available from:
ftp://ftp.nrl.navy.mil/pub/security/nrl-opie/
OPIE conforms to the emerging IETF Proposed Standard on One-Time Passwords.
Curt, I believe KA9Q's NOS does allow encrypted validation of logins.
I know that the iw0cnb variant does. These aren't based on wu-ftp but
should be close enough for your purposes. Look for these packages on
ftp.ucsd.edu in hamradio/packet/tcpip/{iw0cnb,ka9q}.
Regards,
--
-- James Dugal, N5KNX Internet: j...@usl.edu
Associate Director Ham packet: n5knx@k5arh.#lft.la.usa.noam
Computing Center US Mail: PO Box 42770 Lafayette, LA 70504
University of Southwestern LA. Tel. 318-482-6417 U.S.A.