From: fairfield@sldb4.slac.stanford.edu
Sent: Wednesday, September 22, 1999 6:07 PM
To: Info-VAX@Mvb.Saic.Com
Subject: Re: A Secure Telnet Session

In article <937969820.56392@dew.wserv.com>, 
        "Rod Prince" <prince.wserve.com> writes:
> I need away to establish a secure telnet session between two OpenVMS systems
> (AXP 7.1, VAX 6.2, UCX 4.2).

        Sounds like a job for FISH & the OSU SSH Server.

> Does digital or anybody else have a "software" package that does this?   Is
> it possible to establish a private network across the Internet between two
> OpenVMS systems, with out the use of additional hardware?  If I have to add
> hardware, can anybody recommend what that would be?

        The  SSH  protocol  implements  and  "encrypted  tunnel" between
    participating  nodes.   It  requires TCP/IP between the  nodes,  but
    nothing more.  I have heard  of  VPN's  (Virtual  Private  Networks)
    which,  I believe, are implemented in the networking hardware rather
    than in host software.  The  real  question is, exactly what problem
    are you trying to solve?

        SSH (Secrure  Shell)  gives  you  an  encrypted  TELNET session,
    encrypted  remote commmand execution a la `rsh' and `rexec', and can
    be configured to do encrpyted X11  transport,  POP3  (and  others  I
    presume)  and  FTP, but these latter depend upon some bit of client-
    side configuration, and appropirate  client  software (FISH, the VMS
    SSH client, does not yet do X11 or other "port forwarding").

> If required, the systems could be upgraded, but I would like to avoid this,
> since this would cost me a couple of my "free" weekends :-(

    See:

        http://er6s1.eng.ohio-state.edy/~jonesd/ssh/  

    for the OSU SSH Server.  Use anonymous ftp to, ftp.lp.se and `cd' to
    [VMS], then grab  FISHU1006.ZIP  (FISH  source) and OPENSSL-0_9_4*.*
    (OpenSSL  source containing the "CRYPTOLIB" used by both the OSU SSH
    server  and  FISH).   You'll  also  want  to  grab  the   files   in
    [PATCHES.OSH-SSHD.014A3]  which  allow clean complilation of the OSH
    SSH Server against the OpenSSL cryptolib.

        You may want  to  subscribe  to  the  VMS-SSH  mailing  list for
    questions  and  discussion  of  both FISH and the  SSH  Server.   To
    subscribe, send a one-line message,

                SUBSCRIBE VMS-SSH
    to
                VMS-SSH-Request@alpha.sggw.waw.pl

        I'd recommend a recent/current  version  of DECC be installed on
    both  the Alpha and VAX systems.  You'll also want either MMS  (from
    DECSET), or MMK (free MMS/Make clone).  In addition, you'll  need  a
    current version of the VMS UNZIP utility, VMSTAR, and GZIP (contains
    GNUZIP).   You  can  get all of these from Hunter Goatley's WKU file
    server,

        http://www2.wku.edu/www/fileserv/fileserv.html


        -Ken
-- 
 Kenneth H. Fairfield            |  Internet: Fairfield@Slac.Stanford.Edu
 SLAC, 2575 Sand Hill Rd, MS 46  |  Voice:    650-926-2924
 Menlo Park, CA  94025           |  FAX:      650-926-3515
 -------------------------------------------------------------------------
 These opinions are mine, not SLAC's, Stanford's, nor the DOE's...
