Great Circle Associates Firewalls
(October 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: SSH and proxy firewalls
From: Damien Miller <dmiller @ vitnet . com . sg>
Date: Mon, 28 Oct 1996 13:19:20 +1100 (EST)
To: John L Hardcastle <john @ helec . co . nz>
Cc: Firewalls @ GreatCircle . COM
In-reply-to: <9610281158 . ZM13492 @ dev . helec . co . nz>

-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 28 Oct 1996, John L Hardcastle wrote:

> On Sat, 26 Oct 1996, Damien Miller wrote:
> > SSL-telnet will happily start SSL negotiations _after_ connection.
>
> The problem with that is the login password for the telnet session passes over
> the internet in clear text.  If you want to purchase a commercial firewall with
> a built-in SSH proxy check out WatchGuard from Seattle Software Labs.  Their
> web page provide a "test drive" of the configuration, and our own page links
> there.  (Other firewalls with SSH proxy may exist except I am not aware of
> them).

Are you sure? I clearly get a '[Negotiating SSL]' and a '[SSL Starting]'
*before* my password goes through. I would be very suprised if it did
send the password as cleartext.

SSL-FTP will wait until it has a login name before attempting to initiate SSL.

Regards,
Damien

| Damien Miller -
| Email: dmiller @
 vitnet .
 com .
 sg (PGP and MIME ok)
| WWW: http://www.vitnet.com.sg/dmiller
| PGP Public Key: http://www.vitnet.com.sg/dmiller/pgp_key.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMnQYJbrHgZ2SMrItAQHhiQf7BumsUsB/dZHmxaiKA+5is6jsP/FLfXP+
RisuR8z6/JB4QU90fU+j0jz8uaHIz6DKSEW817jSP1ArWsDLFuAk2J3Lbv8eARIQ
Y55A6z8jz1zj7cZepgdvsly9KIdRRcE5COkBn420/J1X50fP4qkvh5IJ8fR5eR/V
9s+UhfDd47ieiDlu7U/PSHB/xFBgMMsD8xgCXwS2DXa0Yw7sT+EJ6aoVTkvKfjSC
nk1SC71fmXptAjQYZ1wcioEr8do3Gu4qr8Q0uhjc7NSQ2YUVWDlJ8rRBl52/xi2N
yyC675a50Pedcn70CUFMGu7MR7AM4Ny6ifXEJlnEaeJ1abg1C5g+kw==
=hcK9
-----END PGP SIGNATURE-----



References:
Indexed By Date Previous: Re: Stop Subscription to firewalls
From: "Joseph A. Polcari Jr." <jpolcari @ apollo . hp . com>
Next: Re: firewalls and the clue-challenged
From: Catherine . Allen @ uniq . com . au (Catherine Allen)
Indexed By Thread Previous: SSH and proxy firewalls
From: john @ helec . co . nz (John L Hardcastle)
Next: Re: SSH and proxy firewalls
From: john @ helec . co . nz (John L Hardcastle)

Google
 
Search Internet Search www.greatcircle.com