Secure telnet and ftp?

[Hal Fulton]

I'm rather ignorant of SSL and ssh... but I'm wishing
for a "compatibility" layer of some kind so that I
could use the old telnet and ftp interfaces (which I
know) but do it securely.

In other words, something like:

require 'ssh-compat'

SSH::Compat.setup(*whatever) do
# ...whatever...
end

# Now just use Net::FTP and Net::Telnet
# "just as if" they were the originals

# Blah blah blah...
# all legacy code remains unchanged

SSH::Compat.quit # I don't mind some "teardown"
# if it's needed


Is this practical/reasonable?

Or is it Just As Easy to use the real secure ftp
and ssh stuff?


Thanks,
Hal

 

[Mat Schaffer]

I'm rather ignorant of SSL and ssh... but I'm wishing
for a "compatibility" layer of some kind so that I
could use the old telnet and ftp interfaces (which I
know) but do it securely.

In other words, something like:

require 'ssh-compat'

SSH::Compat.setup(*whatever) do
# ...whatever...
end

# Now just use Net::FTP and Net::Telnet
# "just as if" they were the originals

# Blah blah blah...
# all legacy code remains unchanged

SSH::Compat.quit # I don't mind some "teardown"
# if it's needed


Is this practical/reasonable?

Or is it Just As Easy to use the real secure ftp
and ssh stuff?

I have no experience on this either way. But it seems like you could
implement this using SSH to establish a tunnel into a remote machine
then go local to telnet/ftp assuming they were running on the box.

The implementation you're hinting at would lend itself really well to
ssh tunneling, I think. But I'm sure other people have much more
enlightened ideas.

-Mat

 

[Francis Cianfrocca]

I'm rather ignorant of SSL and ssh... but I'm wishing
for a "compatibility" layer of some kind so that I
could use the old telnet and ftp interfaces (which I
know) but do it securely.

In other words, something like:

require 'ssh-compat'

SSH::Compat.setup(*whatever) do
# ...whatever...
end

# Now just use Net::FTP and Net::Telnet
# "just as if" they were the originals

# Blah blah blah...
# all legacy code remains unchanged

SSH::Compat.quit # I don't mind some "teardown"
# if it's needed


Is this practical/reasonable?

Or is it Just As Easy to use the real secure ftp
and ssh stuff?


Thanks,
Hal

I've done exactly what you're talking about in C before but not in Ruby.
You establish an SSH tunnel, then run your operations through it (for
FTP stick to passive mode), and then tear it down. It's rather hairy,
you have to deal with authenticating to the remote host (probably a
password-less local identity file, which suddenly makes your machine
security-sensitive) or some trick with ssh-agent. And you also have to
deal with all the edge conditions involved in having a tunnel going as a
child process. (Like diddling your signal mask, making sure your code
doesn't crash and leave the tunnel up, setting up an external wathcdog
to ensure same, etc.)

If your requirement is encrypted ftp, you're probably better off using
scp and sftp, they work fine. Otherwise, I'd do the ssh tunnelling in an
outboard process built for the task, not inline as you have it.

Hope that helps.

 

[Cliff Cyphers]

I have no experience on this either way. But it seems like you could
implement this using SSH to establish a tunnel into a remote machine
then go local to telnet/ftp assuming they were running on the box.

The implementation you're hinting at would lend itself really well to
ssh tunneling, I think. But I'm sure other people have much more
enlightened ideas.

-Mat

Why bother? ssh, sftp, scp are no harder to use than telnet, ftp. What
OS are you using? For GNU/Linux + other Unix can use gftp as a gui
client to handle sftp and scp.

And can use any ssh client for machine access. Putty is cross-platform:
http://www.chiark.greenend.org.uk/~sgtatham/putty/

 

[Hal Fulton]

Hmm I am afraid there is no ideal solution for your problem
Did you hear of Net:SSH yet? Seems nice but I did not try it or hear
from it
yet.

I've been avoiding that because of the learning curve, but I
suppose I have no choice.


Hal

 

[Hal Fulton]

You still haven't given a clear statement of the exact problem you're
trying to solve.

Probably not. That's because there are probably multiple problems
I have in mind.

Basically I want to talk securely to a machine that that knows ssh
while spending as little time as possible porting my old code that
uses ftp and telnet libs. (And spending as few neurons in the process
as I can.)

If you want more concrete examples: I have a habit of keeping multiple
copies of certain files on different servers. I have a tool that is
smart enough to sync them as needed each time I edit (no matter which
one I edited last). It works when the machines' clocks are off, and
even when they are in different timezones.

Another app I have is to to do some remote config on a server -- run
a command line app on the client, and it manipulates the server via
telnet and ftp.

But it's not secure. And my host now is getting hard to access via
ftp, and impossible via telnet.

Any clearer?


Hal

 

[Hal Fulton]

Why bother? ssh, sftp, scp are no harder to use than telnet, ftp. What
OS are you using? For GNU/Linux + other Unix can use gftp as a gui
client to handle sftp and scp.

And can use any ssh client for machine access. Putty is cross-platform:
http://www.chiark.greenend.org.uk/~sgtatham/putty/

I don't follow what you're saying. Are there Ruby libraries
in the putty distribution?


Hal

 

[James Edward Gray II]

Basically I want to talk securely to a machine that that knows ssh
while spending as little time as possible porting my old code that
uses ftp and telnet libs. (And spending as few neurons in the process
as I can.)

I converted all the Ruby Quiz software from FTP to SFTP about six
months ago. It's really very close to the same thing. I couldn't
have spent more than two hours with the learning time and converting
all three of my worker scripts. Here's the general pattern:

require "net/sftp"

Net::SFTP.start("url", "username", "password") do |server|
begin
server.put_file("local_path", "server_path")

# possibly...
server.setstat("server_path", ermissions => 0644)

# ...
rescue
puts "Something went wrong: #{$!}"
end
end

__END__

Hope that helps.

James Edward Gray II

 

[Hal Fulton]

I converted all the Ruby Quiz software from FTP to SFTP about six
months ago. It's really very close to the same thing. I couldn't have
spent more than two hours with the learning time and converting all
three of my worker scripts. Here's the general pattern:

require "net/sftp"

Net::SFTP.start("url", "username", "password") do |server|
begin
server.put_file("local_path", "server_path")

# possibly...
server.setstat("server_path", ermissions => 0644)

# ...
rescue
puts "Something went wrong: #{$!}"
end
end

__END__

That's very interesting, thanks. That's the first sftp code
I've seen. (Yeah, TRW2 doesn't cover it. So shoot me.)

You don't need to mess with public keys and such?


Hal

 

[James Edward Gray II]

You don't need to mess with public keys and such?

Hmm, I do have my keys set correctly with that server, but I wouldn't
think you need it with the password. The key is just a tool for
skipping password validation, right?

James Edward Gray II