home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
kermit.columbia.edu
/
kermit.columbia.edu.tar
/
kermit.columbia.edu
/
newsgroups
/
misc.20021006-20030409
/
000279_jaltman2@nyc.rr.com_Mon Feb 10 18:49:31 EST 2003.msg
< prev
next >
Wrap
Text File
|
2003-04-08
|
4KB
|
107 lines
Article: 14073 of comp.protocols.kermit.misc
Path: newsmaster.cc.columbia.edu!phl-feed.news.verio.net!iad-feed.news.verio.net!iad-peer.news.verio.net!news.verio.net!newsfeed.icl.net!newsfeed.fjserv.net!colt.net!diablo.theplanet.net!newsfeed1.cidera.com!Cidera!cyclone.rdc-nyc.rr.com!news-out.nyc.rr.com!twister.nyc.rr.com.POSTED!not-for-mail
Message-ID: <3E482A46.2010509@nyc.rr.com>
From: "Jeffrey Altman [Road Runner NYC]" <jaltman2@nyc.rr.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.protocols.kermit.misc
Subject: Re: SSL-Telnet waiting for WILL AUTHENTICATION subnegotiation
References: <f53f8c5c.0302101307.43a79f75@posting.google.com>
In-Reply-To: <f53f8c5c.0302101307.43a79f75@posting.google.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 84
Date: Mon, 10 Feb 2003 22:36:33 GMT
NNTP-Posting-Host: 66.108.138.151
X-Complaints-To: abuse@rr.com
X-Trace: twister.nyc.rr.com 1044916593 66.108.138.151 (Mon, 10 Feb 2003 17:36:33 EST)
NNTP-Posting-Date: Mon, 10 Feb 2003 17:36:33 EST
Organization: Road Runner - NYC
Xref: newsmaster.cc.columbia.edu comp.protocols.kermit.misc:14073
You do not want to use the broken protocol AUTH SSL. You want to use
the START_TLS option. Remove
SET TeLNET AUTH TYPE SSL
and replace it with
SET TeLOPT START-TLS REQUIRE
Why are you refusing START-TLS on the SERVER?
The AUTH SSL protocol is only meant for use with old Eric Young telnet
servers.
Curtis Steward wrote:
> I'm trying to get straight SSL authentication to work as described in:
> http://www.columbia.edu/kermit/security80.html (compiled with
> "linux+openssl" no flags). I understand that ~/.tlslogin will give me
> a complete cert to userid map with the code as is.
>
> After pouring over the doc I'm receiving the following:
>
> c-kermit8.0
> ...
> iksd <hostname>
> ...
> TELNET RCVD DO NEW-ENVIRONMENT
> TELNET RCVD SB AUTHENTICATION SEND SSL CLIENT_TO_SERVER|ONE_WAY IAC
> SE
> Loading RSA certificate into SSL
> Enter pass phrase: <pass-phrase>
> Authenticating with SSL
> TELNET SENT SB AUTHENTICATION IS SSL CLIENT_TO_SERVER|ONE_WAY START
> IAC SE
> TELNET RCVD DONT TERMINAL-TYPE
> TELNET RCVD SB NEW-ENVIRONMENT SEND IAC SE
> TELNET RCVD DONT COM-PORT-CONTROL
> Negotiations..............................
> *************************
> The Telnet server is not sending required responses.
>
> ?Telnet waiting for WILL AUTHENTICATION subnegotiation
>
> You can continue to wait or you can cancel with Ctrl-C.
> In case the Telnet server never responds as required,
> you can try connecting to this host with TELNET /NOWAIT.
> Use SET HINTS OFF to suppress further hints.
> *************************
>
> ...
>
> /etc/iksd.conf
> set auth ssl rsa-cert-file /root/HomeWIP/pki/cmscert.pem #
> points to host cert?
> set auth ssl rsa-key-file /root/HomeWIP/pki/cms.jms.lucascargo.com.pem
> # points to host key?
> set auth ssl verify-dir /usr/local/ca # pem
> is hashed
> set auth ssl verify-file /usr/local/ca/cacert.pem
> set telopt start-tls refused # just
> SSL
>
> script
> #!/usr/local/bin/kermit +
> set debug on
> set debug session
> set auth ssl debug on
> set auth ssl rsa-cert-file w.pem ;personal cert pem
> set auth ssl rsa-key-file work_priv.pem ;personal key pem
> set auth ssl verbose on
> set auth ssl verify-dir /usr/local/ca ;CA directory
> set auth ssl verify-file /usr/local/ca/cacert.pem ;CA cert pem
> set login userid <userid>
> set telnet auth type ssl ;just SSL
>
> I've tried sb-implies-will-do on/off on both client and server
> sides with no luck.
>
> TIA,
>
> cs