Hello, I already sent this message a few days ago, but I didn't saw it on the list, if I only missed it I have to say sorry in advance. I need a one-time-password authentication system which allows me to log in via an untrusted terminal, p.ex via telnet from win-xy. The problem is that I can't disable telnet on my pc thince I still need it to log in from my secure network. The very best would be a telnet-alike protocol which allows to choose between giving a normal or a one-time password. Dieter _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
I need a one-time-password authentication system which allows me to log in via an untrusted terminal, p.ex via telnet from win-xy. The problem is that I can't disable telnet on my pc thince I still need it to log in from my secure network.
The very best would be a telnet-alike protocol which allows to choose between giving a normal or a one-time password.
Not exactly what you want but what about ssh? Look at http://www.ssh.fi/ -- Markus Doehr IT Admin AUBI Baubeschlaege GmbH Tel.: +49 6503 917 152 Fax : +49 6503 917 190 doehrm@aubi.de
Though the password program (passwd) you can get it up so that you will have to change your password to something new each time you logon. You can also set it with a min and max length, so that you have to change it have X amount of time, or you can not change it before X date. You mean something like that? Also there is ssh, secure shell, which is basically a telent session where everything is encrypted going to and from the "telentd" on the other side. This way people can't packet sniffer you password. Or If you are worry about people 'sholder surfing' you could setup a 'weenie' account that has no priveleages and has to change his passwd EVERYTIME after a succesfully login. "Dieter Müller" wrote:
Hello,
I already sent this message a few days ago, but I didn't saw it on the list, if I only missed it I have to say sorry in advance.
I need a one-time-password authentication system which allows me to log in via an untrusted terminal, p.ex via telnet from win-xy. The problem is that I can't disable telnet on my pc thince I still need it to log in from my secure network.
The very best would be a telnet-alike protocol which allows to choose between giving a normal or a one-time password.
Dieter _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi Dieter, [...]
I need a one-time-password authentication system which allows me to log in via an untrusted terminal, p.ex via telnet from win-xy. The problem is that I can't disable telnet on my pc thince I still need it to log in from my secure network.
well, why don't you use SSH to connect from an unsecure Network and "normal" Telnet when connecting from a Secure one?? Since ssh also encrypts the in-transit data it's much better than "just" a otpw! You could then place a TCP-Wrapper "in-front of" the Telnet-Daemon (note: The SSHD usually runs standalone. It might be started from inetd, but this causes some overhead (time-loss) and might lead to connect problems (I never tried this out!)) and then allow and deny access via Telnet, based on the source-IP-Address. This would allow you to use the "simple" Telnet-Protocol from the secure Network and access the machine via SSH from unsecure Networks! Or, you install the TIS Firewall-Toolkit. We run that @ work (we use the Net-ACL, kind of TCP-Wrapper)! It works great and also comes with a One-time Password System! Unfortunately, the TIS FWTK is IMHO no longer supported :-(((
The very best would be a telnet-alike protocol which allows to choose between giving a normal or a one-time password.
Hmm, why not choosing ssh for all access? Or, as mentioned, use both sshd and telnetd and allow / deny access via Telnet either thru TCPD or the TIS FWTK Net-ACL! HTH? _ralf_
Dieter MXller wrote:
Hello,
I already sent this message a few days ago, but I didn't saw it on the list, if I only missed it I have to say sorry in advance.
I need a one-time-password authentication system which allows me to log in via an untrusted terminal, p.ex via telnet from win-xy. The problem is that I can't disable telnet on my pc thince I still need it to log in from my secure network.
The very best would be a telnet-alike protocol which allows to choose between giving a normal or a one-time password.
Try ssh for a encrypted connection. There is a ssh-Daemon and -Client for linux and an ssh-Client for WIN on the SuSE-Distribution (you have to find out, where the WIN-Client is, I don't know the right place). Greetings hebi -- Dirk Hebenstreit Tel : +49-0177-2461522 HEBI D. Hebenstreit Buero-Informationstechnik +49-033200-85997 Eschenweg 3 FAX : +49-033200-85999 14558 Bergholz-Rehbruecke e-Mail : dhebenstreit@rios.de
www.vandyke.com offers a good Win based ssh client if you are looking. It is called Secure CRT. Christopher T. Beers Systems Analyst Administrator I Office of Information Technology - Boston University 111 Cummington Street (617)353-2780 Boston, MA 02215 (617)353-6260 fax --On Tuesday, July 27, 1999, 9:34 PM +0200 Dirk Hebenstreit <dhebenstreit@rios.de> wrote:
Dieter MXller wrote:
Hello,
I already sent this message a few days ago, but I didn't saw it on the list, if I only missed it I have to say sorry in advance.
I need a one-time-password authentication system which allows me to log in via an untrusted terminal, p.ex via telnet from win-xy. The problem is that I can't disable telnet on my pc thince I still need it to log in from my secure network.
The very best would be a telnet-alike protocol which allows to choose between giving a normal or a one-time password.
Try ssh for a encrypted connection. There is a ssh-Daemon and -Client for linux and an ssh-Client for WIN on the SuSE-Distribution (you have to find out, where the WIN-Client is, I don't know the right place).
Greetings hebi -- Dirk Hebenstreit Tel : +49-0177-2461522 HEBI D. Hebenstreit Buero-Informationstechnik +49-033200-85997 Eschenweg 3 FAX : +49-033200-85999 14558 Bergholz-Rehbruecke e-Mail : dhebenstreit@rios.de
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
ssh on windows is a reality, there's SecureCRT (can be found at http://www.vandyke.com/products/securecrt/index.html ), it's commercial but people I've talked to like it, I don't. I use teraterm with the ssh plugin, both of which are free for download at http://www.egr.unlv.edu/stock_answers/remote_access/install_ttssh.html Easy to install and use. flea At 09:34 PM 7/27/99 +0200, Dirk Hebenstreit wrote:
Dieter MXller wrote:
Hello,
I already sent this message a few days ago, but I didn't saw it on the list, if I only missed it I have to say sorry in advance.
I need a one-time-password authentication system which allows me to log in via an untrusted terminal, p.ex via telnet from win-xy. The problem is that I can't disable telnet on my pc thince I still need it to log in from my secure network.
The very best would be a telnet-alike protocol which allows to choose between giving a normal or a one-time password.
Try ssh for a encrypted connection. There is a ssh-Daemon and -Client for linux and an ssh-Client for WIN on the SuSE-Distribution (you have to find out, where the WIN-Client is, I don't know the right place).
Greetings hebi -- Dirk Hebenstreit Tel : +49-0177-2461522 HEBI D. Hebenstreit Buero-Informationstechnik +49-033200-85997 Eschenweg 3 FAX : +49-033200-85999 14558 Bergholz-Rehbruecke e-Mail : dhebenstreit@rios.de
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Is there are tcpdump type of application that gets installed with the standard suse 6.1 installation? Jaime
* Jaime Mantel <Jaime.Mantel@jpl.nasa.gov> writes:
Is there are tcpdump type of application that gets installed with the standard suse 6.1 installation?
There was "tcpdump-3.4a6-30" available w/ SuSE 6.0 (Serie "n", Paket "tcpdump"). BTW: SuSE 6.2 is coming soon.
* Dieter Mueller <mueller31@yahoo.com>
I need a one-time-password authentication system which allows me to log in via an untrusted terminal, p.ex via telnet from win-xy.
Have you considered using "ssh" (secure shell)? If ssh is not an option you should read "Appendix B: ONE-TIME PASSWORDS" of http://www.cert.org/advisories/CA-94.01.ongoing.network.monitoring.attacks.h... -- Mark Lutz Accept German and English
participants (10)
-
Christopher T. Beers -
Dieter M�ller -
Dirk Hebenstreit -
flea -
Jack Barnett -
Jaime Mantel -
Mark Lutz -
Markus Doehr -
Peter Münster -
Ralf Folkerts