Columbia Kermit

home *** CD-ROM | disk | FTP | other *** search

/ Columbia Kermit / kermit.zip / newsgroups / misc.20021006-20030409 / 000279_jaltman2@nyc.rr.com_Mon Feb 10 18:49:31 EST 2003.msg < prev next >

Wrap

Text File | 2020-01-01 | 4KB | 107 lines

Article: 14073 of comp.protocols.kermit.misc Path: newsmaster.cc.columbia.edu!phl-feed.news.verio.net!iad-feed.news.verio.net!iad-peer.news.verio.net!news.verio.net!newsfeed.icl.net!newsfeed.fjserv.net!colt.net!diablo.theplanet.net!newsfeed1.cidera.com!Cidera!cyclone.rdc-nyc.rr.com!news-out.nyc.rr.com!twister.nyc.rr.com.POSTED!not-for-mail Message-ID: <3E482A46.2010509@nyc.rr.com> From: "Jeffrey Altman [Road Runner NYC]" <jaltman2@nyc.rr.com> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.protocols.kermit.misc Subject: Re: SSL-Telnet waiting for WILL AUTHENTICATION subnegotiation References: <f53f8c5c.0302101307.43a79f75@posting.google.com> In-Reply-To: <f53f8c5c.0302101307.43a79f75@posting.google.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Lines: 84 Date: Mon, 10 Feb 2003 22:36:33 GMT NNTP-Posting-Host: 66.108.138.151 X-Complaints-To: abuse@rr.com X-Trace: twister.nyc.rr.com 1044916593 66.108.138.151 (Mon, 10 Feb 2003 17:36:33 EST) NNTP-Posting-Date: Mon, 10 Feb 2003 17:36:33 EST Organization: Road Runner - NYC Xref: newsmaster.cc.columbia.edu comp.protocols.kermit.misc:14073 You do not want to use the broken protocol AUTH SSL. You want to use the START_TLS option. Remove SET TeLNET AUTH TYPE SSL and replace it with SET TeLOPT START-TLS REQUIRE Why are you refusing START-TLS on the SERVER? The AUTH SSL protocol is only meant for use with old Eric Young telnet servers. Curtis Steward wrote: > I'm trying to get straight SSL authentication to work as described in: > http://www.columbia.edu/kermit/security80.html (compiled with > "linux+openssl" no flags). I understand that ~/.tlslogin will give me > a complete cert to userid map with the code as is. > > After pouring over the doc I'm receiving the following: > > c-kermit8.0 > ... > iksd <hostname> > ... > TELNET RCVD DO NEW-ENVIRONMENT > TELNET RCVD SB AUTHENTICATION SEND SSL CLIENT_TO_SERVER|ONE_WAY IAC > SE > Loading RSA certificate into SSL > Enter pass phrase: <pass-phrase> > Authenticating with SSL > TELNET SENT SB AUTHENTICATION IS SSL CLIENT_TO_SERVER|ONE_WAY START > IAC SE > TELNET RCVD DONT TERMINAL-TYPE > TELNET RCVD SB NEW-ENVIRONMENT SEND IAC SE > TELNET RCVD DONT COM-PORT-CONTROL > Negotiations.............................. > ************************* > The Telnet server is not sending required responses. > > ?Telnet waiting for WILL AUTHENTICATION subnegotiation > > You can continue to wait or you can cancel with Ctrl-C. > In case the Telnet server never responds as required, > you can try connecting to this host with TELNET /NOWAIT. > Use SET HINTS OFF to suppress further hints. > ************************* > > ... > > /etc/iksd.conf > set auth ssl rsa-cert-file /root/HomeWIP/pki/cmscert.pem # > points to host cert? > set auth ssl rsa-key-file /root/HomeWIP/pki/cms.jms.lucascargo.com.pem > # points to host key? > set auth ssl verify-dir /usr/local/ca # pem > is hashed > set auth ssl verify-file /usr/local/ca/cacert.pem > set telopt start-tls refused # just > SSL > > script > #!/usr/local/bin/kermit + > set debug on > set debug session > set auth ssl debug on > set auth ssl rsa-cert-file w.pem ;personal cert pem > set auth ssl rsa-key-file work_priv.pem ;personal key pem > set auth ssl verbose on > set auth ssl verify-dir /usr/local/ca ;CA directory > set auth ssl verify-file /usr/local/ca/cacert.pem ;CA cert pem > set login userid <userid> > set telnet auth type ssl ;just SSL > > I've tried sb-implies-will-do on/off on both client and server > sides with no luck. > > TIA, > > cs