From: fairfield@sldb4.slac.stanford.edu Sent: Wednesday, September 22, 1999 6:07 PM To: Info-VAX@Mvb.Saic.Com Subject: Re: A Secure Telnet Session In article <937969820.56392@dew.wserv.com>, "Rod Prince" writes: > I need away to establish a secure telnet session between two OpenVMS systems > (AXP 7.1, VAX 6.2, UCX 4.2). Sounds like a job for FISH & the OSU SSH Server. > Does digital or anybody else have a "software" package that does this? Is > it possible to establish a private network across the Internet between two > OpenVMS systems, with out the use of additional hardware? If I have to add > hardware, can anybody recommend what that would be? The SSH protocol implements and "encrypted tunnel" between participating nodes. It requires TCP/IP between the nodes, but nothing more. I have heard of VPN's (Virtual Private Networks) which, I believe, are implemented in the networking hardware rather than in host software. The real question is, exactly what problem are you trying to solve? SSH (Secrure Shell) gives you an encrypted TELNET session, encrypted remote commmand execution a la `rsh' and `rexec', and can be configured to do encrpyted X11 transport, POP3 (and others I presume) and FTP, but these latter depend upon some bit of client- side configuration, and appropirate client software (FISH, the VMS SSH client, does not yet do X11 or other "port forwarding"). > If required, the systems could be upgraded, but I would like to avoid this, > since this would cost me a couple of my "free" weekends :-( See: http://er6s1.eng.ohio-state.edy/~jonesd/ssh/ for the OSU SSH Server. Use anonymous ftp to, ftp.lp.se and `cd' to [VMS], then grab FISHU1006.ZIP (FISH source) and OPENSSL-0_9_4*.* (OpenSSL source containing the "CRYPTOLIB" used by both the OSU SSH server and FISH). You'll also want to grab the files in [PATCHES.OSH-SSHD.014A3] which allow clean complilation of the OSH SSH Server against the OpenSSL cryptolib. You may want to subscribe to the VMS-SSH mailing list for questions and discussion of both FISH and the SSH Server. To subscribe, send a one-line message, SUBSCRIBE VMS-SSH to VMS-SSH-Request@alpha.sggw.waw.pl I'd recommend a recent/current version of DECC be installed on both the Alpha and VAX systems. You'll also want either MMS (from DECSET), or MMK (free MMS/Make clone). In addition, you'll need a current version of the VMS UNZIP utility, VMSTAR, and GZIP (contains GNUZIP). You can get all of these from Hunter Goatley's WKU file server, http://www2.wku.edu/www/fileserv/fileserv.html -Ken -- Kenneth H. Fairfield | Internet: Fairfield@Slac.Stanford.Edu SLAC, 2575 Sand Hill Rd, MS 46 | Voice: 650-926-2924 Menlo Park, CA 94025 | FAX: 650-926-3515 ------------------------------------------------------------------------- These opinions are mine, not SLAC's, Stanford's, nor the DOE's...