home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Columbia Kermit
/
kermit.zip
/
newsgroups
/
misc.20030409-20031118
/
000040_jaltman2@nyc.rr.com_Thu May 1 14:51:31 EDT 2003.msg
< prev
next >
Wrap
Text File
|
2020-01-01
|
4KB
|
115 lines
Article: 14255 of comp.protocols.kermit.misc
Path: newsmaster.cc.columbia.edu!panix!newsfeed!news.maxwell.syr.edu!newsfeed1.cidera.com!Cidera!cyclone.rdc-nyc.rr.com!news-out.nyc.rr.com!twister.nyc.rr.com.POSTED!not-for-mail
From: "Jeffrey Altman [Road Runner NYC]" <jaltman2@nyc.rr.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3) Gecko/20030312
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.protocols.kermit.misc
Subject: Re: can't establish X.509 authenticated connection
References: <36c7c5aa.0305010725.497e5a04@posting.google.com>
In-Reply-To: <36c7c5aa.0305010725.497e5a04@posting.google.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 92
Message-ID: <TUdsa.30547$su3.3454739@twister.nyc.rr.com>
Date: Thu, 01 May 2003 18:42:59 GMT
NNTP-Posting-Host: 66.108.138.151
X-Complaints-To: abuse@rr.com
X-Trace: twister.nyc.rr.com 1051814579 66.108.138.151 (Thu, 01 May 2003 14:42:59 EDT)
NNTP-Posting-Date: Thu, 01 May 2003 14:42:59 EDT
Organization: Road Runner - NYC
Xref: newsmaster.cc.columbia.edu comp.protocols.kermit.misc:14255
I tried replying to this earlier today but the posting apparently as lost.
DaveL wrote:
> Hi,
>
> I'm trying to set up a Proof of Concept FTP system with Openssh and
> openssl as the server end and C-Kermit 8.0 as the client. Both ends
> are running on AIX 4.3.3.
OpenSSH implements Secure Shell protocols: SSHv1 and SSHv2; and the
SFTP file transfer protocol.
OpenSSL implements Secure Socket Layer / Transport Layer Security
protocols versions SSLv2, SSLv3, TLSv1.
The only relationship between OpenSSH and OpenSSL is that OpenSSH
utilizes the crypto library from OpenSSL.
In no other way are SSH and SSL protocols related or interoperable.
The FTP protocol is not related to the SFTP protocol.
Secure FTP implementations utilizing the AUTH TLS option are supported
by Kermit
The Internet Kermit Service supports secure file transfer operations
utilizing Kermit protocol across a TELNET START_TLS connection.
> I believe that I have the server end listening correctly with rsa key
> authentication enabled and an arbitrary port chosen
> 'Server' side command:
> openssl s_server -accept 4000 -cert /root/sslkeys/test1.x509.cert.pem
> -key /root/sslkeys/test1.rsa.pem -CApath /root/sslkeys -ssl2
>
> this is the error that I receive on the server end:
> ERROR
> 884780:error:140EC0AF:SSL routines:SSL2_READ_INTERNAL:non sslv2
> initial packet:s2_pkt.c:187:
> shutting down SSL
> CONNECTION CLOSED
> ACCEPT
The "openssl s_server" command only implements an SSL/TLS protocol
server for the purpose of testing the protocol engine. It does not
implement Secure Shell protocols; Telnet START_TLS; or any form of file
transfer.
You are specifying the use of the SSLv2 protocol which should never be
used anymore.
>
> C-Kermit
> (/root/) C-Kermit>check ssl
> ssl/tls available
> (/root/) C-Kermit>
>
> (/root/) C-Kermit>telnet /auth:ssl /userid:lloydd u607su62 4000
> DNS Lookup... Trying 221.206.29.62... Reverse DNS Lookup... (OK)
>
> ?Connection closed by peer.
> Can't open connection to u607su62:4000
> (/root/) C-Kermit>
You are instructing Kermit to establish a TELNET connection and to
negotiate the AUTH SSL option. This is incompatible with "openssl
s_server". To connect to s_server you would need to use
set host u607su62 4000 /ssl
Since s_server does not implement anything you can log into there is no
reason to specify a username.
> Success will be an automated ftp connection (I'll accept unencrypted
> keys for this) and I don't see where I'm going wrong and I expect that
> I have a fundamental misunderstanding of certain elements (I've only
> just read through the open documentation!) so any help greatfully
> received!
>
> Thanks
>
> Dave
It sounds like you need to do a bit of reading. Start with
http://www.kermit-project.org/security.html
http://www.kermit-project.org/iksd.html
http://www.kermit-project.org/ftpclient.html
http://www.kermit-project.org/telnet.html
http://www.kermit-project.org/telnetd.html