Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. conserver>
  3. users
conserver with encryption
iainr at dcs
May 21, 2001, 3:29 AM
Post #1 of 9 (1437 views)
Permalink
Hi all,

I've been playing around with encrypting the connections between console and
conserver and (famous last words) I don't think it would be too difficult to
include TLS/SSL and possibly kerberos encryption into the source (I'm less
sure about openssh since there doesn't seem to be that much documentation
other than the source).

Assuming that there's interest in this what sort of requirements are people
likely to have:

Do we just want to have encrypted channels or to handle things like Kerberos
authentication?

Which protocols would we want (I suspect SSL will be the easiest way to get
some kind of encrypted channel, but we (dcs) would want Kerberos and possibly
ssh)?

Is it a compilation/configuration choice or should conserver support multiple
different systems?

If the answer to the above is yes then what kind of configuration options are
we looking at (only allow kerberos authenticated connections to host foobar?)

NB. I'm not proposing to write code to do all of the above but I'm willing to
make a start, also I don't claim to be any kind of expert or writing security
code and fully expect to drop some real clangers on the way :)

Anyone got any advice, comments, want to join in?

--
Iain Rae Tel:01316505202
Computing Officer JCMB:2148
Division of Informatics
The University of Edinburgh
Re: conserver with encryption [ In reply to ]
bryan at conserver
May 21, 2001, 8:15 AM
Post #2 of 9 (1415 views)
Permalink
On Mon, May 21, 2001 at 11:29:36AM +0100, Iain Rae wrote:
> Do we just want to have encrypted channels or to handle things like Kerberos
> authentication?

Encryption would be extremely nice...whatever type (I'd like to not
have to install ssl certs, but others probably would, to verify it's
really their console server - just a thought). Authentication, on the
other hand, is another beast and, while it too would be great
(kerberos, securid, s-key, ...), it's a whole different set of code
manipulation and I'd suggest thinking about them separately.

> Which protocols would we want (I suspect SSL will be the easiest way to get
> some kind of encrypted channel, but we (dcs) would want Kerberos and possibly
> ssh)?
>
> Is it a compilation/configuration choice or should conserver support multiple
> different systems?

My first thought is it should be a compilation choice - you don't want
to have to have kerberos, ssh, and ssl libraries to just compile the
thing. Would anyone want to run multiple protocols within a conserver
installation? I'd think not (beyond the "that would be cool" factor),
but, opinions? I know I'd just pick one and compile it in.

Bryan
Re: conserver with encryption [ In reply to ]
doug at gblx
May 21, 2001, 8:19 AM
Post #3 of 9 (1413 views)
Permalink
On Mon, 21 May 2001, Bryan Stansell wrote:

> On Mon, May 21, 2001 at 11:29:36AM +0100, Iain Rae wrote:
> > Do we just want to have encrypted channels or to handle things like Kerberos
> > authentication?
>
> Encryption would be extremely nice...whatever type (I'd like to not
> have to install ssl certs, but others probably would, to verify it's
> really their console server - just a thought). Authentication, on the
> other hand, is another beast and, while it too would be great
> (kerberos, securid, s-key, ...), it's a whole different set of code
> manipulation and I'd suggest thinking about them separately.
>
> > Which protocols would we want (I suspect SSL will be the easiest way to get
> > some kind of encrypted channel, but we (dcs) would want Kerberos and possibly
> > ssh)?
> >
> > Is it a compilation/configuration choice or should conserver support multiple
> > different systems?
>
> My first thought is it should be a compilation choice - you don't want
> to have to have kerberos, ssh, and ssl libraries to just compile the
> thing. Would anyone want to run multiple protocols within a conserver
> installation? I'd think not (beyond the "that would be cool" factor),
> but, opinions? I know I'd just pick one and compile it in.
>

I'd opt for:
[configure]
--with-openssl=... --with-ssl-cert=... --with-libcrypto=... --with-kerbv5=...
(type of stuff - make them all independent modules)

Doug
RE: conserver with encryption [ In reply to ]
ChrisF at computone
May 21, 2001, 8:28 AM
Post #4 of 9 (1415 views)
Permalink
You guys talk about encryption but has anyone actually tried to implement
it in this type of software. It takes a trmendous amount of work and
investment from someone to do this. It's easy to say I want SSH II or I
want SSH I. It is a very different thing to be the one to code it. sorry
to be blunt but we've been in this circumstance. OpenSSH is very big.

Chris


-----Original Message-----
From: Doug Hughes [mailto:doug@gblx.net]
Sent: Monday, May 21, 2001 11:19 AM
To: Bryan Stansell
Cc: users@conserver.com
Subject: Re: conserver with encryption


On Mon, 21 May 2001, Bryan Stansell wrote:

> On Mon, May 21, 2001 at 11:29:36AM +0100, Iain Rae wrote:
> > Do we just want to have encrypted channels or to handle things like
Kerberos
> > authentication?
>
> Encryption would be extremely nice...whatever type (I'd like to not
> have to install ssl certs, but others probably would, to verify it's
> really their console server - just a thought). Authentication, on the
> other hand, is another beast and, while it too would be great
> (kerberos, securid, s-key, ...), it's a whole different set of code
> manipulation and I'd suggest thinking about them separately.
>
> > Which protocols would we want (I suspect SSL will be the easiest way to
get
> > some kind of encrypted channel, but we (dcs) would want Kerberos and
possibly
> > ssh)?
> >
> > Is it a compilation/configuration choice or should conserver support
multiple
> > different systems?
>
> My first thought is it should be a compilation choice - you don't want
> to have to have kerberos, ssh, and ssl libraries to just compile the
> thing. Would anyone want to run multiple protocols within a conserver
> installation? I'd think not (beyond the "that would be cool" factor),
> but, opinions? I know I'd just pick one and compile it in.
>

I'd opt for:
[configure]
--with-openssl=... --with-ssl-cert=... --with-libcrypto=...
--with-kerbv5=...
(type of stuff - make them all independent modules)

Doug


_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
RE: conserver with encryption [ In reply to ]
doug at gblx
May 21, 2001, 8:38 AM
Post #5 of 9 (1423 views)
Permalink
I've done it. Yes, it is work. Doing it modularly will be even more work.
However, in order to do this right (not creating dependency hell), I
think it's the right way. (Kerberos would be a *whole* lot of work for
somebody wishing to incorporate that with modularity).

Just my $.02.

The easiest way would be to just add encryption using something like
cryptolib. Use DH to gen keys on both ends and then 3DES or IDEA
or blowfish or whatever to encrypt things. Then have a set of
#ifdefs in the appropriate place in the communication path to
initialize the session and before/after network reads/writes to
encrypt/decrypt.

This is bare bones. It doesn't provide for man in the middle
prevention, it doesn't verify authenticaticity. It does prevent
passwords from transiting in the clear. Using something like this
with tcp_wrappers provides some additional protection at marginal
effort increment.

On Mon, 21 May 2001, Chris Fowler wrote:

> You guys talk about encryption but has anyone actually tried to implement
> it in this type of software. It takes a trmendous amount of work and
> investment from someone to do this. It's easy to say I want SSH II or I
> want SSH I. It is a very different thing to be the one to code it. sorry
> to be blunt but we've been in this circumstance. OpenSSH is very big.
>
> Chris
>
>
> -----Original Message-----
> From: Doug Hughes [mailto:doug@gblx.net]
> Sent: Monday, May 21, 2001 11:19 AM
> To: Bryan Stansell
> Cc: users@conserver.com
> Subject: Re: conserver with encryption
>
>
> On Mon, 21 May 2001, Bryan Stansell wrote:
>
> > On Mon, May 21, 2001 at 11:29:36AM +0100, Iain Rae wrote:
> > > Do we just want to have encrypted channels or to handle things like
> Kerberos
> > > authentication?
> >
> > Encryption would be extremely nice...whatever type (I'd like to not
> > have to install ssl certs, but others probably would, to verify it's
> > really their console server - just a thought). Authentication, on the
> > other hand, is another beast and, while it too would be great
> > (kerberos, securid, s-key, ...), it's a whole different set of code
> > manipulation and I'd suggest thinking about them separately.
> >
> > > Which protocols would we want (I suspect SSL will be the easiest way to
> get
> > > some kind of encrypted channel, but we (dcs) would want Kerberos and
> possibly
> > > ssh)?
> > >
> > > Is it a compilation/configuration choice or should conserver support
> multiple
> > > different systems?
> >
> > My first thought is it should be a compilation choice - you don't want
> > to have to have kerberos, ssh, and ssl libraries to just compile the
> > thing. Would anyone want to run multiple protocols within a conserver
> > installation? I'd think not (beyond the "that would be cool" factor),
> > but, opinions? I know I'd just pick one and compile it in.
> >
>
> I'd opt for:
> [configure]
> --with-openssl=... --with-ssl-cert=... --with-libcrypto=...
> --with-kerbv5=...
> (type of stuff - make them all independent modules)
>
> Doug
>
>
> _______________________________________________
> users mailing list
> users@conserver.com
> https://www.conserver.com/mailman/listinfo/users
>
Re: conserver with encryption [ In reply to ]
iainr at dcs
May 21, 2001, 8:51 AM
Post #6 of 9 (1416 views)
Permalink
> You guys talk about encryption but has anyone actually tried to implement
> it in this type of software. It takes a trmendous amount of work and
> investment from someone to do this. It's easy to say I want SSH II or I
> want SSH I. It is a very different thing to be the one to code it. sorry
> to be blunt but we've been in this circumstance. OpenSSH is very big.
>

<nods> yes, that's why I've shied away from ssh.

I have a hacked together copy of conserver/console which is using a very basic
ssl configuration, if I were doing this for us (DCS) I'd hand off
authentication to PAM which ought to make it a bit easier but would limit it
in terms of platforms.


--
Iain Rae Tel:01316505202
Computing Officer JCMB:2148
Division of Informatics
The University of Edinburgh
Re: conserver with encryption [ In reply to ]
fenner at research
May 21, 2001, 9:02 AM
Post #7 of 9 (1413 views)
Permalink
>Would anyone want to run multiple protocols within a conserver
>installation? I'd think not (beyond the "that would be cool" factor),
>but, opinions?

Well, you could imagine that someone might want an all-singing, all-dancing
console client on their laptop to carry to customer installations and be
able to deal with whatever the customer had chosen. That's probably not
sufficiently compelling to go to a ton of effort to make it happen, but
it's at least a case where it might be useful.

Bill
Re: conserver with encryption [ In reply to ]
iainr at dcs
May 21, 2001, 9:41 AM
Post #8 of 9 (1423 views)
Permalink
>
> I've done it. Yes, it is work. Doing it modularly will be even more work.
> However, in order to do this right (not creating dependency hell), I
> think it's the right way. (Kerberos would be a *whole* lot of work for
> somebody wishing to incorporate that with modularity).

can you point at any decent docs/examples I could take a look at? I was
thinking of digging through the cyrus-imap or <winces>samba code.

>
> Just my $.02.
>
> The easiest way would be to just add encryption using something like
> cryptolib. Use DH to gen keys on both ends and then 3DES or IDEA
> or blowfish or whatever to encrypt things. Then have a set of
> #ifdefs in the appropriate place in the communication path to
> initialize the session and before/after network reads/writes to
> encrypt/decrypt.

>
> This is bare bones. It doesn't provide for man in the middle
> prevention, it doesn't verify authenticaticity. It does prevent
> passwords from transiting in the clear. Using something like this
> with tcp_wrappers provides some additional protection at marginal
> effort increment.

In the first instance all I'm looking to is provide an encrypted channel
between the various hosts, but if I'm going to do that I'd rather work the
code to try and make it easier to add other systems and in the med-long term
we'd (DCS) be looking for kerberos anyway so anything I'd do would have one
eye on that.

I was also thinking that you would probably want something that didn't require
an infrastructure to fall back on, not much point in having kerberos if it's
your kerberos servers you're trying to get to the consoles of.

This pretty much ties you to a modular system from the start ( if your
bare-bones system above doesn't work do you drop back to cleartext or drop the
connection).

--
Iain Rae Tel:01316505202
Computing Officer JCMB:2148
Division of Informatics
The University of Edinburgh
Re: conserver with encryption [ In reply to ]
doug at gblx
May 21, 2001, 3:00 PM
Post #9 of 9 (1423 views)
Permalink
On Mon, 21 May 2001, Iain Rae wrote:

> >
> > I've done it. Yes, it is work. Doing it modularly will be even more work.
> > However, in order to do this right (not creating dependency hell), I
> > think it's the right way. (Kerberos would be a *whole* lot of work for
> > somebody wishing to incorporate that with modularity).
>
> can you point at any decent docs/examples I could take a look at? I was
> thinking of digging through the cyrus-imap or <winces>samba code.
cyrus might be a descent one.
I wouldn't do samba though. WAAY too big. It's a good example of
super-abstraction, but can be difficult to follow. I can't really think
of any small examples off the top of my head using cryptolib.
I've written some stuff, but not sure how clean it is. ;)

>
> >
> > Just my $.02.
> >
> > The easiest way would be to just add encryption using something like
> > cryptolib. Use DH to gen keys on both ends and then 3DES or IDEA
> > or blowfish or whatever to encrypt things. Then have a set of
> > #ifdefs in the appropriate place in the communication path to
> > initialize the session and before/after network reads/writes to
> > encrypt/decrypt.
>
> >
> > This is bare bones. It doesn't provide for man in the middle
> > prevention, it doesn't verify authenticaticity. It does prevent
> > passwords from transiting in the clear. Using something like this
> > with tcp_wrappers provides some additional protection at marginal
> > effort increment.
>
> In the first instance all I'm looking to is provide an encrypted channel
> between the various hosts, but if I'm going to do that I'd rather work the
> code to try and make it easier to add other systems and in the med-long term
> we'd (DCS) be looking for kerberos anyway so anything I'd do would have one
> eye on that.
>
> I was also thinking that you would probably want something that didn't require
> an infrastructure to fall back on, not much point in having kerberos if it's
> your kerberos servers you're trying to get to the consoles of.
yup.
>
> This pretty much ties you to a modular system from the start ( if your
> bare-bones system above doesn't work do you drop back to cleartext or drop the
> connection).
>
well, I was thinking of it more as compile time options, but you could
have run time options of which one to use too. That adds more complexit
too..

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal