Re: Securing ssh tunnels.

> There is SSL Telnet, but I have no references to that any more. Kinda a

Stunnel will let you encrypt arbitrary cleartext protocols inside SSL. It's great for securing code to which you don't have the source, or if you don't have the SSL knowledge to build in native SSL support. For example if you want to SSLify your POP or IMAP server, Stunnel is easy and secure[1].

However when something better is available, Stunnel is not the answer. For example Apache has apache-ssl or mod_ssl - use one of those, they're built in. For logging in remotely/secure file transfer/etc, use SSH.

Any wrapper has it's limitations. If your telnet uses OOB data, for example, that'll get inlined in Stunnel, which could cause problems.

[1] When done right - you need to check certificates, of course.

--
Brian Hatch                  "Do you understand
   Systems and                everything you say, sir?"
   Security Engineer         "Yes, if I listen
http://www.ifokr.org/bri/     attentively."

Every message PGP signed

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek