Asp Forum - Secure telnet and ftp?

Hal E. Fulton

8/18/2006 2:24:00 AM

I'm rather ignorant of SSL and ssh... but I'm wishing
for a "compatibility" layer of some kind so that I
could use the old telnet and ftp interfaces (which I
know) but do it securely.

In other words, something like:

require 'ssh-compat'

SSH::Compat.setup(*whatever) do
# ...whatever...
end

# Now just use Net::FTP and Net::Telnet
# "just as if" they were the originals

# Blah blah blah...
# all legacy code remains unchanged

SSH::Compat.quit # I don't mind some "teardown"
# if it's needed

Is this practical/reasonable?

Or is it Just As Easy to use the real secure ftp
and ssh stuff?

Thanks,
Hal

9 Answers

Mat Schaffer

8/18/2006 3:12:00 AM

On Aug 17, 2006, at 10:24 PM, Hal Fulton wrote:
> I'm rather ignorant of SSL and ssh... but I'm wishing
> for a "compatibility" layer of some kind so that I
> could use the old telnet and ftp interfaces (which I
> know) but do it securely.
>
> In other words, something like:
>
> require 'ssh-compat'
>
> SSH::Compat.setup(*whatever) do
> # ...whatever...
> end
>
> # Now just use Net::FTP and Net::Telnet
> # "just as if" they were the originals
>
> # Blah blah blah...
> # all legacy code remains unchanged
>
> SSH::Compat.quit # I don't mind some "teardown"
> # if it's needed
>
>
> Is this practical/reasonable?
>
> Or is it Just As Easy to use the real secure ftp
> and ssh stuff?

I have no experience on this either way. But it seems like you could
implement this using SSH to establish a tunnel into a remote machine
then go local to telnet/ftp assuming they were running on the box.

The implementation you're hinting at would lend itself really well to
ssh tunneling, I think. But I'm sure other people have much more
enlightened ideas.

-Mat

Francis Cianfrocca

8/18/2006 4:46:00 AM

Hal Fulton wrote:
> I'm rather ignorant of SSL and ssh... but I'm wishing
> for a "compatibility" layer of some kind so that I
> could use the old telnet and ftp interfaces (which I
> know) but do it securely.
>
> In other words, something like:
>
> require 'ssh-compat'
>
> SSH::Compat.setup(*whatever) do
> # ...whatever...
> end
>
> # Now just use Net::FTP and Net::Telnet
> # "just as if" they were the originals
>
> # Blah blah blah...
> # all legacy code remains unchanged
>
> SSH::Compat.quit # I don't mind some "teardown"
> # if it's needed
>
>
> Is this practical/reasonable?
>
> Or is it Just As Easy to use the real secure ftp
> and ssh stuff?
>
>
> Thanks,
> Hal

I've done exactly what you're talking about in C before but not in Ruby.
You establish an SSH tunnel, then run your operations through it (for
FTP stick to passive mode), and then tear it down. It's rather hairy,
you have to deal with authenticating to the remote host (probably a
password-less local identity file, which suddenly makes your machine
security-sensitive) or some trick with ssh-agent. And you also have to
deal with all the edge conditions involved in having a tunnel going as a
child process. (Like diddling your signal mask, making sure your code
doesn't crash and leave the tunnel up, setting up an external wathcdog
to ensure same, etc.)

If your requirement is encrypted ftp, you're probably better off using
scp and sftp, they work fine. Otherwise, I'd do the ssh tunnelling in an
outboard process built for the task, not inline as you have it.

Hope that helps.

--
Posted via http://www.ruby-....

Cliff Cyphers

8/18/2006 11:59:00 AM

Mat Schaffer wrote:
> On Aug 17, 2006, at 10:24 PM, Hal Fulton wrote:
>> I'm rather ignorant of SSL and ssh... but I'm wishing
>> for a "compatibility" layer of some kind so that I
>> could use the old telnet and ftp interfaces (which I
>> know) but do it securely.
>>
>> In other words, something like:
>>
>> require 'ssh-compat'
>>
>> SSH::Compat.setup(*whatever) do
>> # ...whatever...
>> end
>>
>> # Now just use Net::FTP and Net::Telnet
>> # "just as if" they were the originals
>>
>> # Blah blah blah...
>> # all legacy code remains unchanged
>>
>> SSH::Compat.quit # I don't mind some "teardown"
>> # if it's needed
>>
>>
>> Is this practical/reasonable?
>>
>> Or is it Just As Easy to use the real secure ftp
>> and ssh stuff?
>
> I have no experience on this either way. But it seems like you could
> implement this using SSH to establish a tunnel into a remote machine
> then go local to telnet/ftp assuming they were running on the box.
>
> The implementation you're hinting at would lend itself really well to
> ssh tunneling, I think. But I'm sure other people have much more
> enlightened ideas.
>
> -Mat
>

Why bother? ssh, sftp, scp are no harder to use than telnet, ftp. What
OS are you using? For GNU/Linux + other Unix can use gftp as a gui
client to handle sftp and scp.

And can use any ssh client for machine access. Putty is cross-platform:
http://www.chiark.greenend.org.uk/~sgtat...

Hal E. Fulton

8/18/2006 10:16:00 PM

Robert Dober wrote:
>
> Hmm I am afraid there is no ideal solution for your problem
> Did you hear of Net:SSH yet? Seems nice but I did not try it or hear
> from it
> yet.

I've been avoiding that because of the learning curve, but I
suppose I have no choice.

Hal

Hal E. Fulton

8/18/2006 10:49:00 PM

Francis Cianfrocca wrote:
>
> You still haven't given a clear statement of the exact problem you're
> trying to solve.
>

Probably not. That's because there are probably multiple problems
I have in mind.

Basically I want to talk securely to a machine that that knows ssh
while spending as little time as possible porting my old code that
uses ftp and telnet libs. (And spending as few neurons in the process
as I can.)

If you want more concrete examples: I have a habit of keeping multiple
copies of certain files on different servers. I have a tool that is
smart enough to sync them as needed each time I edit (no matter which
one I edited last). It works when the machines' clocks are off, and
even when they are in different timezones.

Another app I have is to to do some remote config on a server -- run
a command line app on the client, and it manipulates the server via
telnet and ftp.

But it's not secure. And my host now is getting hard to access via
ftp, and impossible via telnet.

Any clearer?

Hal

Hal E. Fulton

8/18/2006 10:57:00 PM

Cliff Cyphers wrote:
>
> Why bother? ssh, sftp, scp are no harder to use than telnet, ftp. What
> OS are you using? For GNU/Linux + other Unix can use gftp as a gui
> client to handle sftp and scp.
>
> And can use any ssh client for machine access. Putty is cross-platform:
> http://www.chiark.greenend.org.uk/~sgtat...
>

I don't follow what you're saying. Are there Ruby libraries
in the putty distribution?

Hal

James Gray

8/18/2006 11:56:00 PM

On Aug 18, 2006, at 5:49 PM, Hal Fulton wrote:

> Basically I want to talk securely to a machine that that knows ssh
> while spending as little time as possible porting my old code that
> uses ftp and telnet libs. (And spending as few neurons in the process
> as I can.)

I converted all the Ruby Quiz software from FTP to SFTP about six
months ago. It's really very close to the same thing. I couldn't
have spent more than two hours with the learning time and converting
all three of my worker scripts. Here's the general pattern:

require "net/sftp"

Net::SFTP.start("url", "username", "password") do |server|
begin
server.put_file("local_path", "server_path")

# possibly...
server.setstat("server_path", :permissions => 0644)

# ...
rescue
puts "Something went wrong: #{$!}"
end
end

__END__

Hope that helps.

James Edward Gray II

Hal E. Fulton

8/19/2006 12:03:00 AM

James Edward Gray II wrote:
>
> I converted all the Ruby Quiz software from FTP to SFTP about six
> months ago. It's really very close to the same thing. I couldn't have
> spent more than two hours with the learning time and converting all
> three of my worker scripts. Here's the general pattern:
>
> require "net/sftp"
>
> Net::SFTP.start("url", "username", "password") do |server|
> begin
> server.put_file("local_path", "server_path")
>
> # possibly...
> server.setstat("server_path", :permissions => 0644)
>
> # ...
> rescue
> puts "Something went wrong: #{$!}"
> end
> end
>
> __END__
>

That's very interesting, thanks. That's the first sftp code
I've seen. (Yeah, TRW2 doesn't cover it. So shoot me.)

You don't need to mess with public keys and such?

Hal

James Gray

8/19/2006 4:09:00 AM

On Aug 18, 2006, at 7:02 PM, Hal Fulton wrote:

> You don't need to mess with public keys and such?

Hmm, I do have my keys set correctly with that server, but I wouldn't
think you need it with the password. The key is just a tool for
skipping password validation, right?

James Edward Gray II

comp.lang.ruby

Secure telnet and ftp?

Hal E. Fulton

Mat Schaffer

Francis Cianfrocca

Cliff Cyphers

Hal E. Fulton

Hal E. Fulton

Hal E. Fulton

James Gray

Hal E. Fulton

James Gray

x Login to ForumsZone