科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网网络频道Telnet Data Encryption Option(2)

Telnet Data Encryption Option(2)

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

This document describes a the telnet encryption option as a generic method of providing data confidentiality services for the telnet data stream.

作者:论坛整理 来源:ZDNet网络安全 2007年12月25日

关键字: telnet命令 linux telnet opentelnet telnet入侵 telnet telnet端口

  • 评论
  • 分享微博
  • 分享邮件

  The keyid is only advisory, and my be omitted.

  IAC SB ENCRYPT REQUEST-END IAC SE

  The sender of this command requests that the remote side stop encryption of the telnet data stream. Only the side of the connection that is DO ENCRYPT may send the REQUEST-END command.

  IAC SB ENCRYPT ENC_KEYID keyid IAC SE

  The sender of this requests that the remote side verify that "keyid" maps to a valid key; or verifies that the "keyid" received in a DEC_KEYID command is valid. If keyid is omitted, it implies that there are no more known keyids, and that the attempt to find a common keyid has failed. Only the side of the connection that is WILL ENCRYPT may send the ENC_KEYID command.

  IAC SB ENCRYPT DEC_KEYID keyid IAC SE

  The sender of this requests that the remote side verify that "keyid" maps to a valid key on the remote side; or verifies that the "keyid" received in a ENC_KEYID command is valid. If keyid is omitted, it implies that there are no more known keyids, and that the attempt to find a common keyid has failed. Only the side of the connection that is DO ENCRYPT may send the DEC_KEYID command.

  3. Default Specification

  The default specification for this option is

  WONT ENCRYPT

  DONT ENCRYPT

  meaning there will not be any encryption of the Telnet data stream.

  4. Motivation

  The Telnet protocol has no form of protection from some intervening gateway looking at IP packets as they travel through the network.

  This is especially dangerous when passwords are sent as clear text over the network. This option provides a method for encrypting the data stream.

  5. Implementation Rules

  Once the Encryption option is in effect, all data in the negotiated direction, including TELNET options, is encrypted. Encryption begins with the octet of data immediately following the "IAC SB ENCRYPT START encryption-type IAC SE" command. Encryption ends after the "IAC SB ENCRYPT END IAC SE" command.

  WILL and DO are used only at the beginning of the connection to obtain and grant permission for future negotiations. The ENCRYPT option must be negotiated in both directions.

  Once the two hosts have exchanged a WILL and a DO, the sender of the DO ENCRYPT must send a ENCRYPT SUPPORT command to let the remote side know the types of encryption it is willing to accept. In the request, a list of supported encryption schemes is sent. Only the sender of the DO may send a list of supported encryption types (IAC SB ENCRYPT SUPPORT encryption-type-list IAC SE). Only the sender of the WILL may actually transmit encrypted data. This is initiated via the "IAC SB ENCRYPT START IAC SE" command, and terminated via the "IAC SB ENCRYPT END IAC SE" command. If a START is received, and then a second START is received before receiving an END, the second START is ignored.

  If the sender of the DO would like the remote side to begin sending encrypted data, it can send the "IAC SB ENCRYPT REQUEST-START IAC SE" command. If the sender of the DO would like the remote side to stop sending encrypted data, it can send the "IAC SB ENCRYPT REQUEST-STOP IAC SE" command.

  If the receiver of the SUPPORT command does not support any of the encryption types listed in the SUPPORT command, it should send an "IAC SB ENCRYPT IS NULL IAC SE" to indicate that there are no encryption types in common. It may also send an IAC WONT ENCRYPT command to turn off the ENCRYPT option.

  The order of the encryption types in a SUPPORT command must be ordered to indicate a preference for different encryption types, the first type being the most preferred, and the last type the least preferred.

  If the ENCRYPT option has been enabled, and encrypted data is being received, the receipt of an "IAC WONT ENCRYPT" implies the receipt of an "IAC SB ENCRYPT END IAC SE", e.g., the Telnet data stream is no longer encrypted.

  The following example demonstrates the use of the option:

  Host1 Host2

  [ Host1 requests Host2 negotiate the encryption of data that Host2 sends to Host1. Host2 agrees to negotiate the encryption of data that it sends to Host1. ]

  DO ENCRYPT

  WILL ENCRYPT

  [ Host1 requests that Host2 enable encryption as soon as the initialization is completed, and informs Host2 that is supports

    • 评论
    • 分享微博
    • 分享邮件
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章