Date: Tue, 24 Oct 1995 14:43:21 -0500 (CDT) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: hackers@freebsd.org Subject: Kerberized Encrypted Telnet for 2.0.5R Message-ID: <199510241943.OAA03539@brasil.moneng.mei.com>
next in thread | raw e-mail | index | archive | help
The question: how to prevent people from indiscriminately snooping on
Ethernets and stuff. I don't like people to see what I am doing via
telnet - especially if it involves su :-)
Since people had asked, and some other side issues forced me to, I thought
it was time to re-do my Kerberized encrypted telnet under 2.0.5R. There
weren't many changes from the 2.0R stuff I posted many moons ago. Made a
great lunchtime project.
For the brave amongst us, I thought I would share my notes on how I did it.
Please pardon the format. It was designed to allow easy cut'n'paste
operation. It is not guaranteed to be 100% correct as it was modified as I
went along, but it should hit all the key items you need in order to get the
code compiled and installed.
Prerequisites: a 2.0.5R system loaded with the DES and Kerberos
distributions. Kerberos configured and operational.
----------------->%-----------------------
Install /usr/src/secure, /usr/src/eBones sources
Install 4.4BSD-Lite/usr/src/kerberosIV
Install /usr/src/lib/Makefile.inc
# A few strategic substitutions. The eBones DES is lacking some functions
# we need - so we steal them from 4.4BSD-Lite kerberosIV.
cd /usr/src/eBones
mv des des.eBones
mv /usr/src/kerberosIV/{des,make_key_perm,make_p_table,make_s_table,make_ip,make_p,make_fp,make_odd} .
cp /usr/src/kerberosIV/include/mit-copyright.h include
foreach i ( make_key_perm make_p_table make_s_table make_ip make_p make_fp make_odd )
ln -s . $i/obj
end
make; make install
# Build the securelibs.
Add
SHLIB_MAJOR?= 2
SHLIB_MINOR?= 0
to /usr/src/secure/Makefile.inc
Add
CFLAGS+=-DAUTHENTICATION -DENCRYPTION -DDES_ENCRYPTION -DKRB4 -I/usr/include/kerberosIV
to /usr/src/secure/lib/libtelnet/Makefile
Edit /usr/src/secure/lib/Makefile, changing
SUBDIR= libcipher libcrypt
to
SUBDIR= libcipher libcrypt libtelnet
cd /usr/src/secure/lib
make; make install
# Build the executables. Note: I was only interested in telnet/telnetd.
remove comment chars from
CFLAGS+=-DAUTHENTICATION -DENCRYPTION
LDADD+= -lkrb -ldes
in /usr/src/secure/libexec/telnetd/Makefile
cd /usr/src/secure/libexec/telnetd
make; make "DESTDIR=" "BINDIR=/usr/libexec" install
remove comment chars from
CFLAGS+=-DTERMCAP -DKLUDGELINEMODE -DUSE_TERMIO -DAUTHENTICATION -DENCRYPTION
^-------
CFLAGS+= -DKRB4
LDADD+= -lkrb -ldes
in /usr/src/secure/usr.bin/telnet/Makefile
make; make "DESTDIR=" "BINDIR=/usr/bin" install
# Test it.
> telnet -a -x -l jgreco smyrno.sol.net
Trying 206.55.64.117...
Connected to smyrno.sol.net.
Escape character is '^]'.
[ Trying KERBEROS4 ... ]
[ Kerberos V4 accepts you ]
[ Kerberos V4 challenge successful ]
Last login: Tue Oct 24 14:27:24 from smyrno
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 2.0.5-RELEASE (GENERIC) #0: Sat Jun 10 10:46:56 1995
>
telnet> status
Connected to smyrno.sol.net.
Operating with LINEMODE option
No line editing
Local catching of signals
Special characters are local values
Remote character echo
Local flow control
Currently encrypting output with DES_CFB64
Currently decrypting input with DES_CFB64
Escape character is '^]'.
Wasn't that ever easy!
... Joe
-------------------------------------------------------------------------------
Joe Greco - Systems Administrator jgreco@ns.sol.net
Solaria Public Access UNIX - Milwaukee, WI 414/342-4847
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510241943.OAA03539>