From: Ansgar Wiechers <[EMAIL PROTECTED]>
On 2003-06-19 Chris Berry wrote:
> From: Ansgar Wiechers <[EMAIL PROTECTED]>
>> You do know, that by default Windows is using NTLM authentication for
>> telnet, don't you? Of course that's not comparable to ssh, but it sure
>> is a lot better than plaintext
> Thats totally true, but worthless. Authentication isn't the problem, it's
> the transmission that's in the clear, so now you're sending your loging name
> and password in cleartext. Sure, they're stored in NTLMv2 format at the
> other end, but what does that matter if they just put a sniffe
Chris,
On 2003-06-19 Chris Berry wrote:
> From: Ansgar Wiechers <[EMAIL PROTECTED]>
>> You do know, that by default Windows is using NTLM authentication for
>> telnet, don't you? Of course that's not comparable to ssh, but it sure
>> is a lot better than plaintext authentication.
>
> Thats totall
server with the default installation of telnet and see that the
password is encrypted.
Denny
-Original Message-
From: Chris Berry [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 19, 2003 3:05 PM
To: [EMAIL PROTECTED]
Subject: Re: sshd for windows
>From: Ansgar Wiechers <[EMAIL PRO
.; 'Richard Parry'; 'stephen at unix dot za dot net'
Cc: [EMAIL PROTECTED]
Subject: RE: sshd for windows
Dennis,
NTLMv2 authentication for the password challenge maybe, but telnet
itself is wide open. Test it out, use Ethereal or RMON on your PC,
telnet to a Windows box and I ~100%
From: "DeGennaro, Gregory" <[EMAIL PROTECTED]>
It sounds like the machines matter most because I used vnc over a LAN and
it
was slow? And that was without a ssh tunnel!
The machine definitely does matter, on anything less than a 1ghz box (at
each end) you'll notice some slowdown. I dread trying
It sounds like the machines matter most because I used vnc over a LAN and it
was slow? And that was without a ssh tunnel!
-Original Message-
From: Chris Berry [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 19, 2003 12:09 PM
To: [EMAIL PROTECTED]
Subject: RE: sshd for windows
>F
From: "Depp, Dennis M." <[EMAIL PROTECTED]>
NTLMv2 is an encryption method. (Granted it is weak, but it still is
encrypted.) By default, Microsoft Telnet uses NTLM to encrypt the
password. This means the only client that can access the server is the
Microsoft telnet that comes with Windows 2000.
From: "DeGennaro, Gregory" <[EMAIL PROTECTED]>
(or both if you're really paranoid.) << Talking about slow?! ... LOL ...
Double 3DES Tunnels (SSH and VPN) ... Let's see, that is up to 68%
reduction
in bandwidth, plus the overhead that VNC has. That would be quite
interesting?
Definitely more secu
From: Ansgar Wiechers <[EMAIL PROTECTED]>
On 2003-06-18 Richard Parry wrote:
>> theres a builtin telnet server included with win2k (server and
>> workstation).
>
> Oh yeah, thats the perfect way of breaking into a machine ! Telnet is
> plain text, so is very easy to sniff anything that goes on ! I
From: Adam Newhard [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 19, 2003 5:59 AM
To: [EMAIL PROTECTED]
Subject: Re: sshd for windows
i'll definitely agree with the 80 bit exhaustive search cannot be done part.
if you're doing an exhaustive search sequentially or even searching with
some s
12:43 PM
To: Richard Parry; stephen at unix dot za dot net
Cc: [EMAIL PROTECTED]
Subject: RE: sshd for windows
Richard,
The telnet built into Windows 2000 uses NTLMv2 authentication by defalt.
While this is not 3DES or RC4, it is still not plain text.
Dennis
-Original Messag
machines and an OC-3 or LAN, then maybe you will have decent
speeds and usability... :-D
-Original Message-
From: Chris Berry [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 4:55 PM
To: [EMAIL PROTECTED]
Subject: RE: sshd for windows
>From: "Depp, Dennis M." <[
i'll definitely agree with the 80 bit exhaustive search cannot be done part.
if you're doing an exhaustive search sequentially or even searching with
some sort of pattern (like applying the somewhat def of random key - 50% of
the bits are on, sequentially generated keys have a hamming distance grea
On 2003-06-18 Richard Parry wrote:
>> theres a builtin telnet server included with win2k (server and
>> workstation).
>
> Oh yeah, thats the perfect way of breaking into a machine ! Telnet is
> plain text, so is very easy to sniff anything that goes on ! I hope
> you are being sarcastic !
You do k
Agreed, the passwords in NTLMv2 are encrypted but not the telnet session.
-Original Message-
From: Bryan S. Sampsel [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 2:33 PM
To: [EMAIL PROTECTED]
Subject: Re: sshd for windows
Telnet is telnet. The protocol itself is
From: "Depp, Dennis M." <[EMAIL PROTECTED]>
I really like VNC, but it has little security and no encryption.
Which is why you pipe it through SSH or a VPN. (or both if you're really
paranoid.)
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Within every man beats a heart of dar
Telnet is telnet. The protocol itself is unencrypted. The only way to
encrypt the protocol is to tunnel it via SSL or some VPN type of software.
But telnet, as it is shipped with Win2K (both client and server) is
clear text.
bryan
Depp, Dennis M. wrote:
Richard,
The telnet built into Windo
[snip]
> Of course, it supports DES (56 bit encryption)
> but can be easily broken in today's desktop enviroment,
It is not _that_ easy (but still possible) to find enough desktop computers
to mount an exhaustive search against a 56-bit key.
> while the first two
> needs a cluster or NSA compu
: stephen at unix dot za dot net
Cc: [EMAIL PROTECTED]
Subject: RE: sshd for windows
Oh yeah, thats the perfect way of breaking into a machine ! Telnet is plain
text, so is very easy to sniff anything that goes on ! I hope you are being
inal Message-
From: stephen at unix dot za dot net [mailto:[EMAIL PROTECTED]
Sent: 18 June 2003 8:19 AM
To: Derek Perry
Cc: [EMAIL PROTECTED]
Subject: Re: sshd for windows
theres a builtin telnet server included with win2k (server and
workstation).
just start the service, telnet to ip:23
en
To: DeGennaro, Gregory
Cc: Depp, Dennis M.; Derek Perry; [EMAIL PROTECTED]
Subject: Re: sshd for windows
On Tue, Jun 17, 2003 at 01:36:09PM -0700, DeGennaro, Gregory wrote:
> BTW - 3DES is 168 bit
3DES is only 112 bit.
ENC(DEC(ENC(data, key1), key2), key3) gives you no more security than a
PM
To: DeGennaro, Gregory; Derek Perry; [EMAIL PROTECTED]
Subject: RE: sshd for windows
As is Windows Terminal Services and Remote Desktop. I would expect
there are more installations of Window Terminal Services on Windows 2000
servers that there are installations of OpenSSH or WinSSH on Windows
2000.
I really like VNC, but it has little security and no encryption.
Denny
_
From: Shawn Knisely [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 7:04 PM
To: Depp, Dennis M.; Derek Perry;
[EMAIL PROTECTED]
Have you checked out VNC y
theres a builtin telnet server included with win2k (server and
workstation).
just start the service, telnet to ip:23
enter user and pass
and wolah...
you have a dos prompt :)
--
Success On Hold
(www.soh.co.za)
[EMAIL PROTECTED]
tel: (031) 207 4811
On Mon, 16 Jun 2003, Derek Perry wrot
Try VShell from Van dyke Technologies Inc
--- Malte von dem Hagen <[EMAIL PROTECTED]> wrote:
> Hallo Derek Perry,
> am Dienstag, 17. Juni 2003 um 03:29:36 schrieben
> Sie:
>
> > Is there a sshd for Windows (W2K Server is the
> actual OS) that is freely
> > available?
>
> I found this with googl
Try Zebedee. Very easy to setup, and secure. Can use it to wrap
vnc/terminal services.
www.winton.org.uk/zebedee/
Benjamin Meade
System Administrator
LanWest Pty Ltd
-Original Message-
From: Derek Perry [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 17 June 2003 9:30 AM
To: [EMAIL PROTECTED]
ot; <[EMAIL PROTECTED]>; "Derek Perry"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, June 17, 2003 4:36 PM
Subject: RE: sshd for windows
> BTW - 3DES is 168 bit
>
>
> -Original Message-
> From: Depp, Dennis M. [mailto:[EMAIL PROTECTED]
>
hello,
yes , there is one i know. have a look to:
http://lexa.mckenna.edu/sshwindows/
http://www.openssh.com
http://www.cygwin.com/
http://www.networksimplicity.com/
so long
markus rath
Am Dienstag, 17. Juni 2003 03:29 schrieb Derek Perry:
> Is there a sshd for Windows (W2K Server is t
ECTED]
Subject: RE: sshd for windows
Why not use Remote Destop Connection? It comes with Windows 2000.
Dennis
>
> -Original Message-
> From: Derek Perry [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 16, 2003 9:30 PM
> To: [EMAIL PROTECTED]
>
> Is there a sshd for
On Tue, Jun 17, 2003 at 01:36:09PM -0700, DeGennaro, Gregory wrote:
> BTW - 3DES is 168 bit
3DES is only 112 bit.
ENC(DEC(ENC(data, key1), key2), key3) gives you no more security than a
ENC(DEC(ENC(data, key1), key2), key1).
A good cryptography book should give you more information why that's t
BTW - 3DES is 168 bit
-Original Message-
From: Depp, Dennis M. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 1:19 PM
To: DeGennaro, Gregory; Derek Perry; [EMAIL PROTECTED]
Subject: RE: sshd for windows
Greg,
But the traffic is encrypted using a 128-bit encryption key, the
]
Subject: RE: sshd for windows
Greg,
But the traffic is encrypted using a 128-bit encryption key, the
software comes with Windows 2000 server and is fully supported by the
vendor and it meets the users requirement of providing remote access.
Dennis
>
> -Original Message-
Check out this doc I wrote:
http://www.fetterconsulting.com/openssh_howto.htm
There is a section under Tips and Tricks on setting up cygwin for W2k.
Cygwin is free and it comes with sshd.
Derek Perry wrote:
Is there a sshd for Windows (W2K Server is the actual OS) that is freely
available? I a
; [EMAIL PROTECTED]
Subject: RE: sshd for windows
Why not use Remote Destop Connection? It comes with Windows 2000.
Dennis
>
> -Original Message-
> From: Derek Perry [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 16, 2003 9:30 PM
> To: [EMAIL PROTECTED]
>
> Is there a
rity Analyst
> 415-551-5462
> 415-317-2119
>
>
> -Original Message-
> From: Depp, Dennis M. [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 17, 2003 9:16 AM
> To: Derek Perry; [EMAIL PROTECTED]
> Subject: RE: sshd for windows
>
> Why not use Remote Destop Connection?
There is cygwin which can give you a 'good' unix-like enviornment and
with that they include a 'sshd' daemon which is a Windows 2000 service.
I run it in my private LAN.
Here is the URL: http://www.cygwin.com/
What Is Cygwin?
Cygwin is a Linux-like environment for Windows. It consists of two part
gte274: Date: Mon, 16 Jun 2003 21:29:36 -0400
gte274: From: Derek Perry <[EMAIL PROTECTED]>
gte274: To: [EMAIL PROTECTED]
gte274: Subject: sshd for windows
gte274:
gte274: Is there a sshd for Windows (W2K Server is the actual OS) that is freely
gte274: available? I am doing a senior design p
Why not use Remote Destop Connection? It comes with Windows 2000.
Dennis
>
> -Original Message-
> From: Derek Perry [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 16, 2003 9:30 PM
> To: [EMAIL PROTECTED]
>
> Is there a sshd for Windows (W2K Server is the actual OS)
> that is freely
Derek,
Here you go. This is free.
http://lexa.mckenna.edu/sshwindows/
If you want a license version, I believe www.ssh.com offers a server version
for NT-base machines for 500+?
Greg
-Original Message-
From: Derek Perry [mailto:[EMAIL PROTECTED]
Sent: Monday, June 16, 2003 6:30 PM
Try: http://lexa.mckenna.edu/sshwindows/
>>> Rus Foster <[EMAIL PROTECTED]> 06/17/03 10:39AM >>>
On Mon, 16 Jun 2003, Derek Perry wrote:
> Is there a sshd for Windows (W2K Server is the actual OS) that is freely
> available? I am doing a senior design project for a class at school and I
> would
oddly enough, winsshd.com works :) heh
not free, but there is a trial period where you can do your work for the
30-odd days.
i haven't come across any free product of this sort for win.
HTH
d.
-Original Message-
From: Derek Perry [mailto:[EMAIL PROTECTED]
Sent: Monday, June 16, 2003
Hallo Derek Perry,
am Dienstag, 17. Juni 2003 um 03:29:36 schrieben Sie:
> Is there a sshd for Windows (W2K Server is the actual OS) that is freely
> available?
I found this with google:
http://lexa.mckenna.edu/sshwindows/download/releases/
Regards,
Malte.
--
Malte von dem Hagen
[EMAIL PROT
download openssh via cygwin (http://www.cygwin.com).
see also: http://www.openssh.org
- jon
pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
- Original Message -
From: "Derek Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Se
On Mon, Jun 16, 2003 at 09:29:36PM -0400, Derek Perry wrote:
> Is there a sshd for Windows (W2K Server is the actual OS) that is freely
> available? I am doing a senior design project for a class at school and I
> would like a way to log in remotely to the server at the company which I am
> workin
Use openssh with Cygwin. Works great and it is free!!!
-Original Message-
From: Derek Perry [mailto:[EMAIL PROTECTED]
Sent: Monday, June 16, 2003 9:30 PM
To: [EMAIL PROTECTED]
Is there a sshd for Windows (W2K Server is the actual OS) that is freely
available? I am doing a senior design
On Mon, 16 Jun 2003, Derek Perry wrote:
> Is there a sshd for Windows (W2K Server is the actual OS) that is freely
> available? I am doing a senior design project for a class at school and I
> would like a way to log in remotely to the server at the company which I am
> working with (the network
47 matches
Mail list logo
