Firewall Wizards mailing list archives
Re: creating MS terminal server proxy with authentication
From: chuck <chuck () yerkes com>
Date: Thu, 6 May 1999 10:25:25 -0700
I don't know if terminal servers support SSH or the like yet, but one option might be a Real Computer with a gang of serial ports on it. I've used that at some smaller setups (and 8-16 port serial cards are quite a bit cheaper that TSs). It's fine for console access or things where you don't need huge throughput. Not sure I'd use it for 16 modems connecting all the time at 56k. Other choices are VPN's to the network, but that gets more involved that I care to do on a list email. (implications of trusting their security, people telneting from the Internet to one side of the VPN and being ignorant in general, etc). If you have other reasons to use a TS, then make SURE you are using one time passwords on everything. I have a little DES challenge/response device, S/Key works, and SecureID is adequate (and simple for most people). Ideally, and I'm not sure where Kerberos is on this, you could use a OneTime password on the machine on the TS and get a "ticket" so you don't have to type the password again. But, as mentioned, cleartext passwords over the Internet are bad and have been for a LONG LONG time. Robert Morris (the elder) wrote a fine little paper on that in, what, 1985 or so? chuck Quoting Dippold, John (John.Dippold () fmr com):
I would not advise clear text passwords over the net. Most implementations I have seen involve either encrypted sessions with certificates (or shared secrets or something) or they put the terminal server behind a host that has encryption(ssh) on a private network. -jsd-----Original Message----- From: Michael C. Ibarra [SMTP:ibarra () hawk com] Sent: Monday, May 03, 1999 9:12 PM To: Geoff Nordli; Firewall-Wizards (E-mail) Subject: Re: creating MS terminal server proxy with authentication At 08:32 AM 4/22/99 -0700, Geoff Nordli wrote:I am using linux 2.0.36, squid, and ipfwadm as a firewall. I am putting terminal server inside the firewall. I want people to be able to come in from the Internet and access it. I would also like them to be authenticated. anyone know of possible solution? thanks, GeoffDon't know if you've solved this but most term servers will allow you to use passwords on your ports, I know that the Annex supports this. Be advised that you would be doing a non encrypted connection though. -mike http://www.hawk.com Hawk Technologies, Inc
Current thread:
- Re: creating MS terminal server proxy with authentication Michael C. Ibarra (May 04)
- RE: creating MS terminal server proxy with authentication Geoff Nordli (May 05)
- Re: creating MS terminal server proxy with authentication Kevin Bogac (May 05)
- <Possible follow-ups>
- RE: creating MS terminal server proxy with authentication Dippold, John (May 05)
- Re: creating MS terminal server proxy with authentication chuck (May 07)