扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
作者:论坛整理 来源:ZDNet网络安全 2007年12月25日
关键字: telnet命令 opentelnet linux telnet telnet入侵 telnet telnet端口
Network Working Group T. Ts'o
Request for Comments: 2946 VA LinuxSystems
Category: Standards Track September 2000
TelnetData Encryption Option
Status of this Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
This document describes a the telnet encryption option as a generic method of providing data confidentiality services for the telnet data stream. While this document summarizes currently utilized encryption types and codes, it does not define a specific encryption algorithm.
Separate documents are to be published defining implementations of this option for each encryption algorithm.
1. Command Names and Codes
ENCRYPT 38
Encryption Commands
IS 0
SUPPORT 1
REPLY 2
START 3
END 4
REQUEST-START 5
REQUEST-END 6
ENC_KEYID 7
DEC_KEYID 8
Encryption Types
NULL 0
DES_CFB64 1
DES_OFB64 2
DES3_CFB64 3
DES3_OFB64 4
CAST5_40_CFB64 8
CAST5_40_OFB64 9
CAST128_CFB64 10
CAST128_OFB64 11
Following historical practice, future encryption type numbers will be assigned by the IANA under a First Come First Served policy as outlined by RFC2434[3]. Despite the fact that authentication type numbers are allocated out of an 8-bit number space (as are most values in the telnet specification) it is not anticipated that the number space is or will become in danger of being exhausted. However, if this should become an issue, when over 50% of the number space becomes allocated, the IANA shall refer allocation requests to either the IESG or a designated expert for approval.
2. Command Meanings
IAC WILL ENCRYPT
The sender of this command is willing to send encrypted data.
IAC WONT ENCRYPT
The sender of this command refuses to send encrypted data.
IAC DO ENCRYPT
The sender of this command is willing to receive encrypted data.
IAC DONT ENCRYPT
The sender of this command refuses to accept encrypted data.
IAC SB ENCRYPT SUPPORT encryption-type-list IAC SE
The sender of this command is stating which types of encryption it will support. Only the side of the connection that is DO ENCRYPT may send the SUPPORT command. The current types of encryption are listed in the current version of the Assigned Numbers document
[1].
The encryption-type-list may only include types which can actually be supported during the current session. If ENCRYPT is negotiated in conjunction with AUTH the SUPPORT message MUST NOT be sent until after the session key has been determined. Otherwise, it is impossible to know if the selected encryption type can be properly initialized based upon the type and length of the key that is available."
IAC SB ENCRYPT IS encryption-type ... IAC SE
The sender of this command is stating which type of encryption to use, and any initial data that is needed. Only the side of the connection that is WILL ENCRYPT may send the IS command to initialize the encryption-type scheme.
IAC SB ENCRYPT REPLY encryption-type ... IAC SE
The sender of this command is continuing the initial data exchange in order to initialize the encryption-type scheme. Only the side of the connection that is DO ENCRYPT may send the REPLY command.
IAC SB ENCRYPT START keyid IAC SE
The sender of this command is stating that all data following the command in the data stream will be be encrypted via the previously negotiated method of data encryption. Only the side of the connection that is WILL ENCRYPT may send the START command.
The keyid is a variable length field. It is used by various encryption mechanisms to identify which encryption key is to be used, when multiple encryption keys might be known on either side of the connection. The keyid field is encoded with the most significant byte first, and a keyid value of zero is reserved to indicate the default encryption key (this would typically be an encryption key derived during authentication, with the AUTHENTICATION option). The keyid field must be at least one byte long. The only valid values for "keyid" will be those that have been received in a DEC_KEYID command.
IAC SB ENCRYPT END IAC SE
The sender of this command is stating that all data following the command in the data stream will not be encrypted. Only the side of the connection that is WILL ENCRYPT may send the END
IAC SB ENCRYPT REQUEST-START keyid IAC SE
The sender of this command requests that the remote side begin encryption of the telnet data stream. Only the side of the connection that is DO ENCRYPT may send the REQUEST-START command.
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
现场直击|2021世界人工智能大会
直击5G创新地带,就在2021MWC上海
5G已至 转型当时——服务提供商如何把握转型的绝佳时机
寻找自己的Flag
华为开发者大会2020(Cloud)- 科技行者