Kermit Security Reference

Authors:

Jeffrey Altman, Frank da Cruz
The Kermit Project, Columbia University

Applies To:

C-Kermit 8.0.201, 8 Feb 2002
Kermit 95 2.0, 4 June 2002
An earlier version of this document covers C-Kermit 7.0 and K95 1.1.17-20.

Most Recent Update:

Tue Jul 30 10:35:31 2002

Abstract:

Security methods explained: Kerberos, SSL/TLS, SRP, SSH. How to configure and use them with C-Kermit and Kermit 95.

[ Kermit Home ] [ C-Kermit ] [ Kermit 95 ]

---

CONTENTS

   1. INTRODUCTION
   2. DISCLAIMERS
   3. KERMIT SECURITY USER GUIDE
   4. INSTALLATION AND CONFIGURATION
   5. SCRIPTING AND AUTOMATION
   I. WHERE TO FIND SECURE TELNET AND FTP SERVERS
  II. MULTIHOMED HOSTS, FIREWALLS, NATS
 III. INTRODUCTION TO CERTIFICATES
  IV. USING OTHER SECURITY METHODS WITH KERMIT
      GLOSSARY   
      REFERENCES   
      TRADEMARKS

---

1. INTRODUCTION

CHAPTER CONTENTS

  1.1. Secure Connections
  1.2. Internet Protocols
  1.3. Authentication
  1.4. Encryption
  1.5. Integrity

Only later, when the ARPANET became the world-wide Internet and was opened up to limitless numbers of people, did security become an issue: hackers, crackers, script kiddies, terrorists, spies, hucksters, swindlers, pornographers, saboteurs, blackmailers, pranksters, and pests of every sort inundate the network and every computer on it with a constant barrage of probes and attacks. It is increasingly necessary to secure connections from eavesdropping and malicious tampering (not to mention spam, worms, viruses, and denial-of-service attacks, but that's another story).

The network itself is not secure. By its very nature and fundamental design, it is entirely open*. While it might be possible to insert security at the transport and/or network layers, transparent to all applications, the approach until now has been to layer security protocols over TCP and IP: some of them standard, some not so standard. Even among the standard ones, there are many to choose from. This approach requires one or more security methods to be programmed into each and every client and server application that is to make or accept secure Internet connections. The situation should improve in the future as security becomes part of the network itself through evolving standards such as IPSec, IPv6, and DNSSEC.

Meanwhile, insecure connections remain the norm, in which passwords, credit-card information, private correspondence, and so on can be captured and/or altered in transit by malicious persons. Security remains elusive because we have a 30+ year history of open networks, clients, and servers, and because of the many competing security methods, the shifting definitions of each one, various legal entanglements, and the overall complexity of the entire topic.

Why should I care about security? The reasons are obvious: to prevent fraud on your person, theft of your money or identity, hijacking of your computer accounts, tampering with your research results; any number of malicious acts aimed at you or performed by someone masquerading as you. Perhaps an even more compelling reason to care is that more and more sites are requiring secure clients for access: plain old dialup or insecure Telnet or FTP simply can't be used any more.

Kermit software has offered secure connections since 1998. This document presents the security methods embodied in C-Kermit 8.0 and Kermit 95 2.0, which include:

• Kerberos(TM) IV and V
• Secure Remote Password(TM)(SRP)
• Secure Sockets Layer(SSL)/Transport Layer Security(TLS)
• Secure Shell (SSH) v1 and v2 (built into K95, external in C-Kermit)
• Microsoft NT LAN Manager (NTLM, K95 Windows only)

* This is a slight exaggeration; an ever-increasing amount of filtering occurs in routers; local networks are increasingly switched rather than broadcast, etc.

---

1.1. Secure Connections

What is a secure connection? A connection is secure if it provides:

• Authentication of the user to the host/service without the transmission of the user's password;
• Authentication of the host to the user;
• Privacy, through a shared secret that can be used as an end-to-end encryption key; and:
• Integrity: the assurance that the data has not been altered in transit.

A secure connection requires two applications, one on each end, that support (and can negotiate) a common security method; for example, a Telnet client on your desktop and a Telnet server at the remote site, both equipped with Kerberos V protocols.

Kermit software supports a variety of connection methods, including serial ports, modems, and TCP/IP. Presently, secure connections are supported only over TCP/IP connections. Since there are many security protocols to consider (Kerberos, SRP, TLS, ...) and several TCP/IP application protocols where they can be used (Telnet, SSH, FTP, HTTP, ...), and different platforms for the clients and servers (Unix, VMS, Windows, OS/2, ...), the possibilities are many.

To complicate matters, every Kermit program can come with or without security. Non-secure versions are required by USA export law. Secure versions can be built with any combination of the security methods listed above: Kerberos IV but not Kerberos V, SRP and SSL/TLS but not Kerberos, etc. Kermit 95 has either no security methods built in or else all of them. C-Kermit on Unix can have any combination, depending on the libraries available on each platform and which ones were selected by the builder.

---

1.2. Internet Protocols

Let's begin by looking at the Internet protocols that Kermit supports to see which security options are available for each:

TELNET (Network Virtual Terminal Protocol)

The Telnet protocol can be used to establish the most secure connections with a large choice of authentication and privacy methods. Kermit's Telnet implementation supports Kerberos 4, Kerberos 5, Secure Remote Password (SRP), NTLM (K95 only), and X.509 certificates for client and server authentication. Privacy can be accomplished with the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) cipher suites, or DES, CAST, or 3DES streaming ciphers.

SSH (Secure Shell and Port Forwarding Protocol)

The SSH protocols (versions 1 and 2) can be used to establish secure connections with a wide choice of authentication methods. Kermit's SSH implementation supports Kerberos 4, Kerberos 5, Secure Remote Password (SRP), and Public Keys for client and server authentication. Privacy is integrated into the protocol through the use of secure public key or GSSAPI based key exchange coupled with strong cipher suites.

FTP (File Transfer Protocol)

An FTP client can make secure connections for both the command and data channels as described in Internet RFC 2228. Kermit's FTP implementation supports Kerberos 4, GSSAPI Kerberos 5, SRP, and SSL/TLS.

HTTP (Hyper Text Transfer Protocol)

HTTP can be used with SSL or TLS to submit requests and receive responses in a secure manner as described in RFC 2818.

RLOGIN (Remote Login)

The Remote Login protocol can be used with Kerberos 4 or 5 to make authenticated connections. After authentication the DES streaming cipher can be used for privacy.

SSL (Secure Socket Layer) / TLS (Transport Layer Security

The SSL and TLS protocols can be used by themselves to establish a private connection to a host. Authentication of the server (and perhaps the client) is performed via exchange and verification of X.509 certificates or Kerberos 5 credentials. Kermit also can make Telnet connections over a secure SSL or TLS tunnel.

Kerberos 5 User-to-User

The Kerberos 5 user-to-user protocol can make authenticated and private connections between two end-user operated copies of Kermit.

Protocol	Krb4	Krb5	SSL/TLS	SRP	SSH	NTLM
Telnet	Yes	Yes	Yes	Yes	Yes	K95
Rlogin	Yes	Yes	No	No	No	No
SSL/TLS	No	Yes	n/a	No	No	No
K5 User-User	No	Yes	No	No	No	No
FTP	Yes	Yes	Yes	Yes	No	No
HTTP	No	No	Yes	No	No	No
Kermit	Yes	Yes	Yes	Yes	No1	K95
SSH	No	Yes	No	Yes	n/a	No

1. Of course you can use Kermit protocol over SSH connections, and you can even install C-Kermit as a file-transfer and -management service under sshd, but Kermit itself does not yet accept incoming SSH connections.

---

1.3. Authentication

SECTION CONTENTS

  1.3.1. Kerberos
  1.3.2. SRP
  1.3.3. NTLM
  1.3.4. X.509 Certificates
  1.3.5  Public Keys
  1.3.6  Host based
  1.3.7  Password based

AUTHENTICATION is the means by which one party proves its identity to to another. The most common authentication method is the familiar process of logging in with a username and password. When you do this on an insecure network connection, your identity and password are transmitted in clear text and can be "sniffed" by anybody who has access to any of the components of the network path; for example, by anybody who has a PC on a (non-switched) Ethernet network over which your information passes.

Furthermore, when you make (say) a Telnet connection to a network, you accept the fact the you must authenticate yourself to it, but how do you know that the host itself is genuine? In the normal course of events, there is no requirement that it authenticate itself to you.

Enter secure authentication. Any secure authentication scheme requires central management of identities, as in the Kerberos authentication system (Section 1.3.1), X.509 certificates (Appendix III), or Secure Remote Password (Section 1.3.2). This type of security is best suited for large organizations -- universities, government agencies, corporations, hospitals -- that have a full-time professional network / security administration staff. The learning curve and startup time are significant, but worth the effort. Any security method can be breached, so the true measure of its effectiveness is its manageability: can breaches be repaired, can compromised identities be reclaimed? It is for these reasons that Microsoft, Sun, Apple, HP, IBM, and many Linux or BSD vendors are increasingly distributing Kerberos 5 as a core part of their operating systems.

Unfortunately, the startup costs of a secure authentication system are sometimes so daunting that some organizations simply don't bother, and instead let users fend for themselves with unsigned public/private key pair schemes, such as SSH public key authentication (Section 1.3.5) and PGP. The only administrative tasks required up front are the installation and/or distribution of the required client and server software. This is not a secure authentication system; quite the opposite: it bypasses any secure authentication / authorization system that might be in place. And keys, once compromised, can not be revoked by those responsible for the security of the host: a serious consideration since so many security keys are stored on insecure disks (e.g. in Windows 9x/ME) ripe for picking.

1.3.1. Kerberos

Kerberos is a method, developed at Massachusetts Institute of Technology (MIT), by which two parties communicating over a TCP/IP connection can authenticate each other through a trusted, centrally managed third party without sending passwords across the network. The Kerberos protocols are defined in Internet RFCs 1510, 1964, and others. You can read more about Kerberos at the following websites:

• http://web.mit.edu/kerberos/www/
• http://nii.isi.edu/info/kerberos/
• http://nii.isi.edu/publications/kerberos-neuman-tso.html

There are, in fact, two Kerberos protocols: Kerberos IV (4) and Kerberos V (5), the latter being the more flexible and secure protocol. The two are totally separate and incompatible. Any given site might support neither, either one, or both. One of the unique benefits associated with the use of Kerberos 5 authentication is its Single Sign-On (SSO) capability. This allows a user to enter their password once on the local machine, establish a secure connection to a second machine and from there establish additional connections without requiring the user to enter their password a second time.

When both the client and server support the same version of Kerberos (4 or 5), Kerberos authentication with or without encryption can be negotiated. A "Kerberized" version of Kermit can make a connection to a non-Kerberized host, and a non-Kerberized host can accept a connection from a Kerberized version of Kermit, as long as neither side is configured to require Kerberos authentication.

Kerberos authentication has been integrated into Telnet, Rlogin, FTP, and SSL/TLS as well as many other protocols not supported by Kermit. As part of the authentication process a session key is shared by the client and server that can be used to encrypt the current session.

1.3.2. SRP

Stanford University's Secure Remote Password (SRP) protocol is a method by which two parties can mutually authenticate each other in a secure manner through a Zero Knowledge Identification system. SRP is defined in Internet RFC 2945. You can read more about SRP at the following website:

  http://www-cs-students.stanford.edu/~tjw/srp/

SRP authentication has been integrated into the Telnet and FTP protocol definitions (if not yet into all Telnet and FTP clients and servers). As a result of the authentication, a shared secret is produced that can be used to encrypt the authenticated session.

1.3.3. NTLM

Microsoft NT Lan Manager (NTLM) authentication is implemented in Kermit 95 only. Its only use is to authenticate Kermit 95 to Microsoft Windows based Telnet services distributed as part of Windows 2000, Windows XP Professional, and the NT Services for Unix products. Kermit 95 can also use NTLM to authenticate incoming Telnet sessions when it is running under Windows NT/2000/XP. When running under Windows 95/98/98SE/ME, Kermit 95 can only be an authenticating client.

NTLM does not negotiate a shared secret and cannot be used to establish encrypted sessions. Therefore, connections made with NTLM are not considered secure although it is definitely better to use NTLM authentication than it is to transmit a password in clear text. NTLM is a proprietary protocol considered to be a trade secret by Microsoft. When establishing connections with another Kermit 95 configured to accept incoming connections, Kermit 95 can negotiate NTLM over a SSL/TLS session. Security is then provided by SSL/TLS while authentication is performed with NTLM.

1.3.4. X.509 Certificates

When SSL/TLS is used to provide security, authentication of the server and optionally the client can be performed using X.509 Public Key Certificates. Certificates are used to exchange a public key for use in establishing an encrypted connection and can be verified against a known trusted Root Certificate and a Certificate Revocation List (CRL) to indicate its authenticity and validity. The contents of the certificate can then be used to determine the identity of the remote service or the client.

C-Kermit and Kermit 95 provide mechanisms for the customization of the certificate to userid mapping.

1.3.5. Public Key

Several distrbuted security protocols including SSH rely on a loosely managed form of authentication based on the same asymmetic cryptography used within X.509 Public Key Certificates. The technique is to generate a public and private key pair and give the public key away as a means of authenticating the holder of the private key. The prime difference between this and an X.509 certificate is that the public key is not bound to any information providing the identity of the holder nor does it contain any information that can be used to limit the lifetime of the public key or sources of information that can be used to determine if the public key has been compromised or revoked for some other reason.

1.3.6. Host Based

Several application protocols such as Rlogin and SSH support some form of host-based authentication. In these protocols the identity of the host (not the user) is used to determine whether the connection is to be trusted. In Rlogin the host-based authenticator is the IP address or DNS host name, both of which are insecure indicators of identity. SSH uses the host-assigned Public Key pair as the host-based authenticator.

Host-based authentication is almost always used to allow system processes which are not associated with a specific user to establish connections. This is often done to allow the secure distribution of system configuration files to clusters of related systems.

1.3.7. Password Based

Passwords, Passphrases, and so called Keyboard Interactive authentication methods are the old-fashioned traditional means of proving end-user identity. These methods are still in use with secure connections whether they be Telnet, FTP, or even SSH. They become safer to use when the connection is protected by some form of encrypting cipher suite. However, it should never be assumed that the transmission of a password to a host is safe. The host daemon process could have been replaced by one that collects and transmits passwords to an attacker. There have even been passive attacks that observe the timings of transmissions between the client and the host that have enabled the attacker to determine the password based upon the time it takes to type keys on a QWERTY keyboard.

---

1.4. Encryption

Export of software incorporating strong encryption is regulated by United States law.

SECTION CONTENTS

  1.4.1. Telnet
  1.4.2. FTP
  1.4.3. SSL/TLS
  1.4.4. SSH
  1.4.5. HTTP
  1.4.6. Rlogin

ENCRYPTION is the process by which data is encoded to prevent anybody from deciphering it except those for whom it is intended. Encryption is an essential component of Internet security because of the Internet's open architecture; since (in principal) everybody can watch your sessions, you have to scramble them to keep them private.

A variety of encryption methods, or algorithms, exists ranging from easy to crack to next-to-impossible (but not truly impossible: if the data can be decrypted legitimately, it can also be decrypted illegitimately given adequate resources). Most modern encryption/decryption algorithms use keys as part of the process, either provided by the user or obtained automatically from a shared secret. For any given algorithm, the longer the key the more secure the encryption.

Each application protocol such as Telnet, FTP and HTTP defines its own set of protocols for encrypting a session based on the authentication method.

1.4.1. Telnet Encryption

The following encryption algorithms can be negotiated for a Telnet session with the Telnet Encryption Option (RFC 2946) when used with Kerberos IV, Kerberos V, or Secure Remote Password authentication:

• CAST-128 64-bit Cipher Feedback Mode RFC 2950
• CAST-128 64-bit Output Feedback Mode RFC 2949
• DES3 64-bit Cipher Feedback Mode RFC 2947
• DES3 64-bit Output Feedback Mode RFC 2948
• DES 64-bit Cipher Feedback Mode RFC 2952
• DES 64-bit Output Feedback Mode RFC 2951

When the Telnet START_TLS option is negotiated, SSL/TLS provides encryption services for the Telnet session.

1.4.2. FTP Encryption

Encryption for FTP sessions depends on the authentication method:

• Kerberos IV authentication uses DES for encryption.

• Kerberos V is supported within the GSS-API framework that negotiates the encryption algorithm at run-time. The negotiated encryption algorithm depends on the implementation of GSSAPI available to Kermit. MIT Kerberos supports ciphers based on 3DES, RC4, and DES.

• Secure Remote Password authentication may be used with CAST-128, 3DES, DES, and Blowfish as encryption algorithms. The selected algorithm is user configurable.

• SSL/TLS provides an extensive list of cipher suites for use protecting session data.

1.4.3. SSL/TLS Encryption

Netscape's Secure Sockets Layer (SSL) and its IETF-approved successor, Transport Layer Security (TLS), provide for authentication and encryption of TCP/IP communications using a combination of public key and symmetric cryptographic algorithms. TLS is defined in Internet RFC 2246. Traditional authentication of the server (and optionally the client) is performed by exchanging ITU-T X.509 certificate chains (see Appendix 3), that are verified by the receiver. Unlike raw public keys, X.509 certificates may be revoked by issuing a certificate revocation list (CRL) that is to be checked by the receiver during verification of the certificate chain.

Kerberos 5 credentials can be used as an alternative method for performing mutual authentication within SSL/TLS sessions (RFC 2712).

The encryption provided by SSL/TLS is more secure than the encryption negotiatied by the Telnet Encryption Option. This additional security is provided by a combination of the use of longer encryption keys, the availability of stronger symmetric cryptographic algorithms, and the signing of each transmitted block with a message-digest algorithm.

A sample list of cipher suites from OpenSSL 0.9.7 as shipped with Kermit 95 includes:

ADH-AES256-SHA DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA ADH-AES128-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA AES128-SHA DHE-DSS-RC4-SHA EXP1024-DHE-DSS-RC4-SHA EXP1024-RC4-SHA EXP1024-DHE-DSS-DES-CBC-SHA EXP1024-DES-CBC-SHA EXP1024-RC2-CBC-MD5 EXP1024-RC4-MD5 KRB5-DES-CBC3-MD5 KRB5-DES-CBC3-SHA KRB5-DES-CBC-MD5 KRB5-DES-CBC-SHA EXP-KRB5-DES-CBC-MD5 EXP-KRB5-DES-CBC-SHA EDH-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC-SHA EXP-EDH-RSA-DES-CBC-SHA EDH-DSS-DES-CBC3-SHA EDH-DSS-DES-CBC-SHA EXP-EDH-DSS-DES-CBC-SHA DES-CBC3-SHA DES-CBC-SHA EXP-DES-CBC-SHA IDEA-CBC-SHA EXP-RC2-CBC-MD5 RC4-SHA RC4-MD5 EXP-RC4-MD5 ADH-DES-CBC3-SHA ADH-DES-CBC-SHA EXP-ADH-DES-CBC-SHA ADH-RC4-MD5 EXP-ADH-RC4-MD5 RC4-64-MD5 DES-CBC3-MD5 DES-CBC-MD5 IDEA-CBC-MD5 RC2-CBC-MD5 EXP-RC2-CBC-MD5 RC4-MD5 EXP-RC4-MD5

TLS can be used with Telnet Authentication methods such as Kerberos, Secure Remote Password, and NTLM to provide the highest level of data privacy with the strongest forms of mutual authentication when TLS in-band authentication is not performed.

1.4.4. SSH Encryption

There are two different versions of the SSH protocol: version 1 and version 2. The cryptographic strengths of the protocols are very different. Whenever possible SSH version 2 should be used.

SSH version 1 implements an encryption scheme that may be open to advanced theoretical attacks. The encryption algorithms supported for this protocol by Kermit include DES, BLOWFISH, and 3DES.

SSH version 2 implements the most advanced techniques known to the cryptographic community. Of all the security protocols in use on the Internet, SSH version 2 is the youngest and therefore has had the most flexibility in implementing changes as new cryptographic attacks have been discovered. The SSH version 2 ciphers supported by Kermit include 3DES, AES, BLOWFISH, RC4, and CAST-128.

1.4.5. HTTP Encryption

Secure HTTP connections use SSL/TLS for encryption.

1.4.6. Rlogin Encryption

Secure Login connections are established by using a modified version of the Rlogin protocol which replaces host-based authentication with a Kerberos 4 or Kerberos 5 authentication handshake. This authentication results in the sharing of a session key for use in encrypting the transmitted data. Kerberos 4 is limited to the exchange of DES keys whereas Kerberos 5 can exchange keys for 3DES, RC4, and DES.

---

1.5. Integrity

---

2. DISCLAIMERS

The statements made with regard to US export law reflect our understanding of the situation at this writing, which might change subsequently. We expect to update this document, and our website in general, in light of any new developments.

Current US law forbids export of strong encryption software in binary form from the USA to all countries except Canada without a license or license exception. Thus the Kermit Project does not distribute pre-compiled secure versions of C-Kermit on the Internet.

Security within Kermit is provided using the underlying services of third-party libraries, such as Kerberos or OpenSSL. These libraries are not necessarily included with Kermit (they are with the secure version of Kermit 95, but not with C-Kermit). If not, they must be obtained separately from the sources listed below, in compliance with the terms and conditions given at those sites and with United States and international law. For an overview of this issue, see (for example):

  http://www.mozilla.org/crypto-faq.html

Kermit software, when combined with the security libraries listed in this document, has been verified to negotiate and conduct authenticated and encrypted sessions with Kerberos, SRP, and/or SSL/TLS services on Internet hosts at Columbia University and other test sites, with Kermit features such as interactive terminal access, file transfer, and scripting operating successfully over secure connections, with any exceptions noted below.

The Kermit Project does not and can not claim or warrant the external Kerberos, SRP, OpenSSL or other third-party modules to be free of loopholes or bugs. Authentication via Kerberos, SRP, or X.509 certificates is not unbreakable. Any encryption method can be broken. Any software that is used for authentication or encryption should be analyzed for weaknesses, backdoors, bugs, and loopholes by the site and/or end user before use.

The Kermit Project and Columbia University make no claim or warranty as to any particular level of security achievable by Kermit software with any third party security protocol, and may on no account be held liable for any damage resulting from its use (a more complete statement to this effect is found in the C-Kermit 8.0 license).

Functional limitations:

• Kerberos authentication is available on Telnet, FTP, Rlogin, and SSL/TLS secured connections.
• Secure Remote Password authentication is available only on Telnet and FTP connections.
• NTLM authentication is available only on Windows 95/98/Me/NT/2000/XP and only on Telnet connections.
• SSL/TLS may be used as its own connection protocol or on Telnet, FTP, and HTTP connections.
• Kerberos support is not available in Kermit 95 for OS/2 due to lack of Kerberos implementations for OS/2.
• SSH is built in to the Windows version Kermit 95, but C-Kermit uses the external ssh program.

[ Kermit Home ] [ C-Kermit ] [ Kermit 95 ]

---

3. KERMIT SECURITY USER GUIDE

CHAPTER CONTENTS

  3.1. Overview of Security Protocols
  3.2. Security Command List 
  3.3. Making Secure Connections
  3.4. Using Secure Connections

Bear in mind that you can use only those security methods that are offered with the services you will be connecting to. You can't just pick any old security method and expect it to work: it takes two to tango.

Kermit has all the commands you need to set up secure connections, and they are the topic of this rather lengthy chapter. But don't worry: in most cases, you'll have to deal with these commands only once, and possibly not at all:

• If your organization has a site or bulk license for Kermit 95, the network or software license administrators in your organization should have set it all up for you in advance.

• If you are setting up Kermit for your own use within an organization's security framework, you'll need to get assistance from the network administrators anyway, to find out the pertinent connection details.

• In Kermit 95, there is a security form in the Dialer for any secure connections you need to make: fill it once, use it forever.

• In any case, once you have put together the commands you need, you can add them to your Kermit customization file if you want them to be in effect every time you start Kermit, or you can make separate scripts for each host or organization and use them whenever needed.

---

3.1. Overview of Security Protocols

  3.1.1. Kerberos
  3.1.2. SRP
  3.1.3. NTLM
  3.1.4. SSL/TLS  
  3.1.5. SSH  

3.1.1. Kerberos Overview

When making a Kerberized connection, you must first know which Kerberos version, 4 or 5, is supported by the host or service you want to connect to, and you must be registered in the Kerberos database at the host's site. If you're unsure about any of this, contact your site administrator.

Before authentication to a specific service (such as Telnet) can succeed, you must login to the site's Kerberos Ticket Granting Server. Depending on the Kerberos implementation and installation options this might be done automatically when you log in to your operating system. Otherwise you can do it with external utilities from MIT (such as Leash, KRB5, or kinit), or with Kermit's built-in functionality, explained in this chapter.

Once a Ticket Granting Ticket (TGT) is acquired, Kermit can use it to request additional tickets for each host (service) you wish to connect to. These service tickets can be used to authenticate you with the host automatically during a specified time interval, after which the tickets expire. When authentication is successful, you are logged in to the host without having to supply a user ID or password.

Besides providing credentials for use during authentication, the service ticket also contains a session key to be used for encrypting the session. After the connection is authenticated, Kermit (if the necessary encryption capabilities are available) attempts to negotiate bidirectional encryption. If encryption is negotiated, it is used in one or both directions, depending on what the server agrees to.

When Kerberos V authentication is used, Kermit supports credential forwarding by transferring your Ticket Granting Tickets to the host that you are connecting to, so you can make additional authenticated connections from that host to any others that accept those tickets. This provides a single sign-on capability to all the hosts and services within the Kerberos realm.

Kerberos 5 authentication is one of the few authentication methods that can be used to provide verification of anonymous TLS connections. This is taken advantage of in Telnet by negotiating AUTH KRB5 after establishing a private connection with the START_TLS option.

Successful operation of Kerberos requires that all machines have their dates and times synchronized. Be aware that PC clocks can drift, and this can cause authentication failures. Kerberos requires that all clocks be synchronized within 5 minutes.

3.1.2. Secure Remote Password (SRP) Overview

SRP requires no special configuration of the client. When Kermit is used to connect to a host that supports SRP, the user name is transmitted automatically to the host and then a Password prompt is displayed in the Kermit command screen. This indicates that the password will not be sent to the host over the communication channel. Instead the password is used as part of a negotiation in which authentication is either mutual or none at all.

The result of a mutual authentication is a shared secret used to generate two different keys for encrypting the incoming and outgoing data.

SRP authentication is one of the few authentication methods that can be used to provide verification of anonymous TLS connections. The Kermit Telnet client takes advantage of this fact by by negotiating AUTH SRP after establishing a private connection with the START_TLS option.

3.1.3. NTLM Overview

Microsoft's native authentication method is called (Windows) NT LAN Manager, or NTLM. It is implemented in Windows 9x/ME and NT/2000/XP and requires no configuration on the part of the user. When K95 is used on any Microsoft Windows version, it can be used as an NTLM Telnet client to authenticate to Microsoft's NT Services for Unix Telnet Server or to a K95 configured to accept incoming connections.

When K95 is used on Windows NT/2000/XP it can be configured to accept incoming connections and authenticate NTLM Telnet clients.

NTLM is a weak form of authentication. It provides no shared secret and cannot be used as a means of securing a connection with encryption.

3.1.4. SSLv3 and TLSv1 Overview

(Also see Appendix III for an introduction to the concept of certificates.)

Secure Sockets Layer Version 3 (SSLv3) and its successor Transport Layer Security Version 1 (TLSv1) (RFC 2246) were originally developed for Web browsing. They provide a framework for using public-key certificates or Kerberos 5 to negotiate server and (optionally) client authentication and bidirectional encryption. The encryption provided by SSLv3 and TLSv1 is stronger than that provided by the Telnet Encryption option.

SSLv3 and TLSv1 connections may be negotiated in two different ways. First, the connection may be SSL/TLS-only, which is used when connecting to HTTPS services or SSL/TLS tunnels. SSL/TLS can also be negotiatied after the connection is established via negotiations performed in some other protocol (such as Telnet START_TLS.) Kermit supports both methods:

• Pure SSLv3 connections via SET HOST host port /SSL
• Pure TLSv1 connections via SET HOST host port /TLS
• SSLv3 connections negotiated by Tim Hudson's Telnet AUTH SSL option
• TLSv1 connections negotiated by the IETF TN3270E Working Group's TELNET START_TLS option
• SSLv3 and TLSv1 connections negotiated with FTP OPEN host port
• SSLv3 and TLSv1 connections negotiated with HTTP OPEN host port

In their most common use, SSL and TLS negotations provide the client with authentication of the host computer when the host's X.509 certificate is verified or when Kerberos 5 is used. The client can be authenticated with an X.509 certificate issued to the end user, or with Kerberos 5, or with one of the supported Telnet authentication methods. Even though the data channel is encrypted, the transmission of passwords to the host should still be avoided to prevent theft by a compromised host.

If certificates are to be verified, the root certificates of the certificate authorities (CAs) must be available. If you are not acting as your own CA you need a file containing the root certificates that were used to sign the certificates belonging to the servers you want to authenticate. A compilation of most of the commercial Certificate Authority root certificates as extracted from Microsoft Windows XP's certificate database is available at:

   ftp://kermit.columbia.edu/kermit/c-kermit/ca_certs.pem

Once the file is downloaded, you can tell Kermit where it is with the following command (Section 3.2.2.3):

  SET AUTH SSL VERIFY-FILE path/ca_certs.pem

When Kermit is acting as an Internet Kermit Service daemon (IKSD), client certificates can be used for automatic login. If a certificate-to-userid mapping function is provided, the IKSD logs the user in automatically if the certificate is verified and the specified userid exists. Kermit also supports the use of a ".tlslogin" file that allows a certificate to be used to login automatically to an account without a certificate-to-userid mapping function. When Kermit receives a username via the Telnet New-Environment variable after it has received and verified a client certificate, it looks in the home directory corresponding to the username for a file called ".tlslogin". If the file contains the certificate presented by the client, the client is logged in as the requested user without a password. See Appendix III for information on certificate to user mapping.

The method for negotiating Tim Hudson's Telnet AUTH SSL option is open to a "man-in-the-middle" attack which is capable of disabling the use of SSL before the negotiation is begun. It should be used only with:

  SET TELNET AUTHENTICATION TYPE SSL
  SET TELOPT AUTHENTICATION REQUIRED

When using IKSD with START_TLS you should create an /etc/iksd.conf including Kermit commands that point to the certificate and key files:

  set auth tls rsa-cert-file /usr/local/ssl/certs/telnetd-rsa.pem
  set auth tls rsa-key-file  /usr/local/ssl/certs/telnetd-rsa-key.pem
  set auth tls dsa-cert-file /usr/local/ssl/certs/telnetd-dsa.pem
  set auth tls dsa-key-file  /usr/local/ssl/certs/telnetd-dsa-key.pem

as well as the list of acceptable ciphers:

  set auth tls cipher 3DES:DSS

If your server certificate was signed by an intermediary certificate authority instead of a root, you must provide the full chain of intermediary certificates for the client to be able to authenticate your server. These certificates can be specified with:

  set auth tls rsa-cert-chain-file /usr/local/ssl/certs/telnetd-rsa-chain.pem
  set auth tls dsa-cert-chain-file /usr/local/ssl/certs/telnetd-dsa-chain.pem

The SSL and TLS handshake can be very time-consuming, and therefore Kermit can cache your your SSL/TLS sessions. When Kermit is used with a peer that supports cached sessions, subsequent connections to the same host can be securely established in a fraction of the time necessary for the initial connection. This is especially important for FTP and HTTP, which can make many connections to the same host during during a typical session.

For a list of Telnet servers that support START_TLS see Section I.1 of Appendix I. For a list of FTP servers that support AUTH SSL and AUTH TLS see Section I.2.

3.1.5. SSH v1 and v2 Overview

This section applies only to Kermit 95.

SSH provides security (or the illusion of it) by encrypting the session. SSH can work in the absence of authentication, but it also offers several options for authentication, none of them particularly secure except for Kerberos 5 GSSAPI and SRP.

3.1.5.1. Host Authentication

1. Is the host what it claims to be?
2. Is the user who s/he claims to be?

In its simplest form, SSH lets the user make encrypted connections without setting up any kind of keys or other special authentication procedures or files, and all the host administrator has to do is install the ssh server and generate host keys. No alteration of the host login system is required. This is why SSH is so popular compared to authentication methods that are more secure and manageable: it's easy to get started. However, this kind of SSH connection does not authenticate the host to the client and it authenticates the client to the host only through the password file, just like an ordinary insecure login. The only difference is that the session (including the password) is encrypted, which makes hackers do a little extra work to decode their sniffer logs and get your password. The assumption is that hackers won't bother to do this since unencrypted passwords are easier to steal (like cars without steering-wheel locks), but of course this is wishful thinking.

The most important command to know about before you try to make an SSH connection is SET SSH STRICT-HOST-KEY-CHECK. The values are ON, OFF, and ASK.

• ON means K95 won't make an SSH connection to a host whose public key is not in its known-hosts file.
• OFF means K95 will connect to any SSH host.
• ASK means K95 will ask you if it's OK to connect to a host whose key is not in its known-hosts file. This is the default.

There are two known-hosts files for each protocol version. A user file is stored in the \v(appdata)ssh directory and is automatically updated based upon the connections you make. The system-wide known-host file is (optionally) stored in the \v(common)ssh directory for the operating system and is never updated by Kermit 95. It is there to be maintained by the system administrator.

Your global known-hosts files are kept in a directory common to all users:

  SSH v1:  \v(common)ssh\known_hosts
  SSH v2:  \v(common)ssh\known_hosts2

and your user-specific (and K95-specific) known-hosts files are:

  SSH v1:  \v(appdata)ssh\known_hosts
  SSH v2:  \v(appdata)ssh\known_hosts2

(\v(appdata) is Kermit's User Application Data Directory variable. The user's application data directory is located in a system dependent manner. Windows 95/98/98SE/ME/NT store the application data with the user's profile. Windows 2000/XP store the application data in the Documents and Settings directory. Tell K95 to "show var appdata" to see its definition.) Thus, on Windows XP these files are in the SSH subdirectory of your Windows APPDATA directory, e.g.:

  SSH v1:  c:\Documents and Settings\username\Application Data\Kermit 95\ssh\known_hosts
  SSH v2:  c:\Documents and Settings\username\Application Data\Kermit 95\ssh\known_hosts2

On Windows 98 with multi-user support, this would be:

  SSH v1:  c:\WINDOWS\Profiles\username\Application Data\Kermit 95\ssh\known_hosts
  SSH v2:  c:\WINDOWS\Profiles\username\Application Data\Kermit 95\ssh\known_hosts2

On Windows 98 without multi-user support, this would be:

  SSH v1:  c:\WINDOWS\Application Data\Kermit 95\ssh\known_hosts
  SSH v2:  c:\WINDOWS\Application Data\Kermit 95\ssh\known_hosts2

(\v(common) is Kermit's Common Data Directory variable. The common data directory is located in a system dependent manner. Windows 95/98/98SE/ME/NT store the common application data in the WINDOWS directory. Windows 2000/XP stores the application data in the Documents and Settings\All Users directory. Tell K95 to "show var common" to see its definition.)

Each file contains a series of (long) "lines", one per host, each line containing the hostname and aliases and then the key in Base 64; this is the host's public key. Adding a host key means appending such a line to the appropriate file.

SSH STRICT-HOST-KEY-CHECK ON gives you some assurrance that the host you have connected to is the one you meant to connect to. But it also means your first connection to a particular host is likely to be refused. It's the classic chicken-and-egg situation. You're supposed to get host keys from a trusted source such as a disk or CDROM from your host administrators, but if you didn't, how do you get a key when it's on the very host you can't connect to because you don't have its key? The possibilities include:

• You can make some other kind of trusted connection to it (e.g. with Kerberos 5 Telnet) and download the key, or:

• You can tell K95 to:

    SET SSH STRICT-HOST-KEY-CHECK OFF (or ASK)
  

  and then make an SSH connection to the host, authenticate with your password, and then the host key is automatically retrieved and added to your known-hosts file, and then future connections to that host can be made with SSH STRICT-HOST-KEY-CHECK ON. But of course since you have bypassed the host authentication process to obtain the key, future authentication using this key is worthless and you might as well not have have bothered.

You might wonder if keeping host keys is a good idea. The advantage is the protection they offer against man-in-the-middle attacks and DNS spoofing (but not compromised hosts). The disadvantage is that anybody who can access your host keys (legitimately or not) knows which hosts you access, which in itself might be information you'd rather not reveal, but also tells hackers which hosts to attack in your name. As noted, Kermit 95 (like all other SSH clients) appends new host keys to your user host-key file(s). You can delete these files if you wish; for example, in your K95 ON_EXIT macro definition.

3.1.5.2. User Authentication

• Password
• Public/Private Key Pair

The default method of client authentication (that is, the method that is used unless you have configured K95 to use any of the other methods described below) is by prompting you locally for a password and then sending it (encrypted) to the server. This method requires you to type your password every time you log in (unlike, say, Kerberos 5, which gives you a "single network login").

If you must use SSH to contact a particular host, we recommend simple password authentication. If this is OK with you, skip the rest of this section; otherwise keep reading.

You can also use public/private key pairs, whose purpose is to allow you to log in to the host without typing your password. THIS IS DANGEROUS because your keys are stored on your Windows disk, where they can be stolen (especially easy on Windows 9x/ME PCs that are attached to the network, yet lack any form of file-system security). If your key files are encrypted, they can be decrypted offline. (The longer the passphrase for key-file encryption, the longer it takes to perform dictionary attacks against it; a 40-character character passphrase should be considered a minimum but most people don't use such a long passphrase, so most key files are ripe for plucking.)

To use public/private key pairs you must have each host's public key in your PC's \v(APPDATA)\ssh\known_hosts (SSH v1) and/or \v(APPDATA)\ssh\known_hosts2 files (SSH v2), and you must also upload your own public key to each host and put it in the appropriate place, such as ~/.ssh/authorized_keys (SSH v1) and/or ~/.ssh/authorized_keys2 (SSH v2) when OpenSSH is the daemon. When all the right files and keys are in the right places in the appropriate formats, you can log in without a password. In order to determine the correct type of key to use you must know the configuration of the SSH daemon. If you are not the host administrator, contact the appropriate administrator for assistance. (A common error is to leave the permissions on the ~/.ssh/ directory and the files it contains world or group accessible. SSH daemons refuse to use identity files that are accessible to anyone other than the account owner.

Here's an example. I have a guest ID on a Linux machine at a remote site. If I make an SSH connection to it (logging in with a password), K95's status line shows me the SSH server's level is 2.0. If I want to be able to connect without typing a password, then (1) my end is already done, since K95 added the host's public key to my known_hosts2 file the first time I made an SSH connection to it; but (2) I must add my PC's public key to my:

   
  ~/.ssh/authorized_keys2

file on the host. In this case there happened to be no such file. So all I had to do was upload my public key to the host as ~/.ssh/authorized_keys2. But which public key? I have three of them (see the SSH KEY CREATE command description below):

  SSH V1 RSA key:  identity.pub
  SSH V2 DSA key:  id_dsa.pub
  SSH V2 RSA key:  id_rsa.pub

Well, since the server uses SSH v2, I can ignore the identity.pub file, which is only for SSH v1. So I began by uploading my id_dsa.pub file to my ~/.ssh directory, renaming it to authorized_keys2, logging out, and making a new ssh connection to the same host. It let me in without password, so I guessed right the first time. Maybe the id_rsa.pub key would have worked too, who knows -- it probably depends on the server.

But now, of course, anybody who can obtain a copy of the id_dsa private key file from my Windows disk can log in to that host as me, without a password. And it's easy for them to locate the host because it's listed in my known_hosts2 file, along with all the other hosts I connect to with SSH v2. So what have I accomplished? I have pretty much left the keys to all my houses in the street, each key neatly labeled with the address of the house it unlocks.

So having satisfied myself that the key-exchange mechanism works as designed (by the SSH designers, not us), I deleted the authorized_keys2 file from the host and I deleted all the private keys from my Windows disk. Unlike Kerberos identities or X.509 certificates, compromised private keys can't be revoked or even tracked down. And unlike encrypted password authentication, which must be captured in its brief moment of transit, your key files are always available to hackers, and for that matter, to a potentially infinite number of them at once.

Note, by the way, that some SSH hosts do not support public/private key pair authentication at all, so every combination you try will fail. There's no way to know this without the host administrator telling you, or by exhausting all the combinations.

Since public/private key-pair authentication is unsafe, K95 also supports two secure authentication methods for SSH v2 that do do not require public/private key pairs:

• GSSAPI (Generic Security Services Application Programming Interface), which hooks into the Kerberos 5 authentication system.

• SRP (Secure Remote Password), Stanford University

Of course, secure authentication for SSH clients requires modified SSH servers, which are available. GSSAPI does not require host keys at all since Kerberos authentication is mutual.

The complete list of K95's SSH v2 authentication methods is:

external-keyx

Use the authentication performed as a side-effect of an key exchange algorithm such as GSSAPI.

gssapi

Kerberos 5 identity (requires Kerberos 5 to be installed at the host site and an SSH server that can authenticate your K5 identity).

hostbased

Like Rlogin (.rhosts file, not secure)

keyboard-interactive

Kermit prompts you locally for authentication info such as host password (or anything else the host might require).

password

Kermit prompts you locally for a single host password.

publickey

Public/private key-pair exchange (supported but not recommended, and not supported by Columbia's SSH servers).

srp-gex-sha1

Secure Remote Password (SRP, secure; requires an SSH server on the host that performs SRP authentication).

---

3.2. Security Command List

  3.2.1. Connection Establishment
  3.2.2. The SET AUTHENTICATION Command
  3.2.3. The AUTHENTICATE Command
  3.2.4. Other Security-Related Commands

The following notation is used in Kermit command syntax descriptions:

KEYWORD

Command keywords are shown in boldface. These are literal words to be used in the command. Alphabetic case does not matter. Keywords can be abbreviated to any degree that does not produce a conflict with any other keyword that can be used in the same position.

parameter

Parameter names are shown in italics; they are to be replaced by an actual value; for example, number might be replaced by 123, and filename might be replaced by oofa.txt.

[ thing ]

Any item enclosed in italicized square brackets is optional; that is, it can be omitted.

{ thing1, thing2, ... }

Italicized curly braces enclose a list of choices: pick one.

oofa.txt

Typewriter font is used for computer messages, dialogs, code, and filenames.

• KERBEROS4 can be abbreviated KRB4 or K4
• KERBEROS5 can be abbreviated KRB5 or K5

Some of Kermit's Kerberos-related commands are rather complex, but remember that you don't have to memorize them, or any other Kermit commands. Use "?" at any point to feel your way through the command, or type HELP for the desired command to see a brief explanation. If you would like to have a tutorial in Kermit basics before proceeding, please visit:

The C-Kermit Tutorial

http://www.columbia.edu/kermit/ckututor.html

The Kermit 95 Tutorial

http://www.columbia.edu/kermit/k95tutor.html

Kermit Script Tutorial and Library

http://www.columbia.edu/kermit/ckscripts.html

Before you try to make any secure connections, you should check whether your version of Kermit has the required capabilities. The SHOW FEATURES command lists the security methods that are and are not included. In addition the following commands can be used (typically in scripts) to check for specific security features:

CHECK KERBEROS

tells whether your version of Kermit has been built to include Kerberos protocol (even if it cannot function on your system). Succeeds if Kerberos is included, fails if it isn't. The CHECK command can be used in scripts like this:

  check kerberos
  if success {
      Commands to execute if Kerberos is built in.
  } else {
      Commands to execute if Kerberos is not built in.
  }

CHECK NTLM

Tells whether your version of Kermit has been built to include the NTLM support even if it cannot function on your system, and succeeds or fails accordingly.

CHECK SRP

Tells whether your version of Kermit has been built to include SRP protocols. Succeeds or fails accordingly.

CHECK SSH

Tells whether your version of Kermit has been built to include SSH (even if it cannot function on your system). Succeeds or fails accordingly.

CHECK SSL/TLS

Tells whether your version of Kermit has been built to include SSL/TLS (even if it cannot function on your system). Succeeds or fails accordingly.

IF AVAILABLE ENCRYPTION command

Executes the command if session encryption is available in your version of Kermit (e.g. in K95 if the K95CRYPT.DLL file is installed on your PC). Example:

  if available encryption set telnet encryption type cast128_cfb64

IF AVAILABLE KERBEROS4 command

Executes the command if Kerberos 4 is available in your version of Kermit (e.g. if the Kerberos 4 DLLs are installed on your PC).

IF AVAILABLE KERBEROS5 command

Executes the command if Kerberos 5 is available in your version of Kermit.

IF AVAILABLE NTLM command

Executes the command if Microsoft NT LAN Manager protocol is available in your version of Kermit.

IF AVAILABLE SRP command

Executes the command if Secure Remote Password protocol is available in your version of Kermit.

IF AVAILABLE SSH command

Executes the command if SSH protocol is available in your version of Kermit.

IF AVAILABLE { SSL, TLS } command

Executes the command if SSL/TLS protocol is available in your version of Kermit.

---

3.2.1. Connection Establishment

SUBSECTION CONTENTS

  3.2.1.1. Secure Telnet Connections
  3.2.1.2. SSH Connections
  3.2.1.3. Secure FTP Connections
  3.2.1.4. Secure HTTP Connections

3.2.1.1. Secure TELNET Connections

The Telnet protocol is one of the most flexible protocols ever used on computer networks, and therefore can be somewhat complicated when its advanced options come into play. Kermit has commands to manage every aspect of the Telnet connection. Kermit's Telnet engine and related commands are thoroughly described in the Kermit Telnet Reference:

  http://www.columbia.edu/kermit/telnet.html

(which you should read if you're not familiar with Kermit's Telnet client). This section focuses on Telnet-related commands for making secure connections.

Four Telnet Options can be negotiated between a Telnet client and server that affect secure connections: AUTH, ENCRYPT, START_TLS, and FORWARD_X. When people talk about Telnet not being secure they are referring to Telnet clients and servers that can't negotiate any of these four options (because they have not been coded to do so). That does not mean that secure Telnet clients (such as Kermit) and servers (Appendix I) are not readily available.

Telnet sessions always begin in an insecure state. Only after the initial negotiations are complete can the session be secured. Security in Telnet can be established using many combinations of Telnet Options and authentication and encryption methods.

The AUTH option negotiates whether authentication is to be used for the current session, and if so, which type of authentication. The authentication type is determined by the server offering an ordered list of types and the client choosing the most preferred type that it supports. Most forms of authentication generate a shared secret that can be used with the ENCRYPT option for privacy. The How and Encrypt flags specify an authentication mode and whether encryption is required for this connection. The AUTH option can be negotiated with either the START_TLS or the ENCRYPT option, but not both.

The following commands control Kermit's Telnet security negotiation policies and procedures:

SET TELOPT [ { /CLIENT, /SERVER } ] AUTHENTICATION { ACCEPTED, REFUSED, REQUESTED, REQUIRED }

Tells Kermit to ACCEPT or REFUSE authentication bids, or actively REQUEST authentication. REQUIRED refuses and closes the connection if authentication is not successfully negotiated when either making or accepting connections. The default is REQUESTED.

SET TELNET AUTHENTICATION TYPE { AUTOMATIC, KERBEROS4, KERBEROS5, NTLM, SRP, SSL, NONE }

AUTOMATIC is the default. Available options can vary depending on the features Kermit was built to support and the operating system configuration; type "set telnet auth type ?" for a list (Hint: keywords in Kermit commands can be abbreviated).

When Kermit is the Telnet client:

AUTOMATIC allows the host to choose the preferred type of authentication. NONE instructs Kermit to refuse all authentication methods when the authentication option is negotiated. A list of one or more other values allow a specific subset of the supported authentication methods to be used.

When Kermit is the Telnet server:

AUTOMATIC results in available authentication methods being offered to the Telnet client in the following order: KERBEROS_V, KERBEROS_IV, SRP, SSL, NTLM.

NONE results in no authentication methods being offered to the Telnet server when the authentication option is negotiated. The preferred method of disabling authentication is with SET TELOPT /SERVER AUTHENTICATION REFUSE.

A list of one or more authentication methods specifies the order those methods are to be offered to the telnet client.

If you wish to allow NTLM authentication to be used with the Microsoft Windows 2000 or Services for Unix Telnet client you must specify a list with NTLM as the first item in the list. By default, NTLM is the last item in the list because it does not provide any form of data encryption.

SET TELNET AUTHENTICATION HOW-FLAG { ANY, MUTUAL, ONE-WAY }

Specifies which values for the HOW-FLAG should be accepted as a client or offered as a server. The default is ANY.

SET TELNET AUTHENTICATION ENCRYPT-FLAG { ANY, NONE, TELOPT, TLS }

Specifies which values for the ENCRYPT-FLAG should be accepted as a client or offered as a server. The default is ANY.

The Telnet protocol ENCRYPT option is used to negotiate whether streaming ciphers are to be used to protect the privacy of the connection, and if so, which encryption type to use in each direction. The encryption type is determined by each side offering the list of types it can use to receive data. Then the sender chooses the first type that it supports from the list. The ENCRYPT option cannot be negotiated without the AUTH option. Whenever both START_TLS and ENCRYPT are both available, START_TLS is used since TLS provides both privacy and integrity to the data stream.

SET TELOPT [ { /CLIENT, /SERVER } ] ENCRYPTION { ACCEPTED, REFUSED, REQUESTED, REQUIRED } { ACCEPTED, REFUSED, REQUESTED, REQUIRED }

The first parameter specifies the Kermit-to-peer state. The second parameter specifies the peer-to-Kermit state. The default is ACCEPTED REQUESTED: Kermit accepts encryption if offered, and requests it in case it is not offered.

SET TELNET ENCRYPTION TYPE { AUTOMATIC, CAST128_CFB64, CAST128_OFB64, CAST5_40_CFB64, CAST5_40_OFB64, DES_CFB64, DES_OFB64, DES3_CFB64, DES3_OFB64, NONE }

AUTOMATIC allows the host to choose the preferred type of encryption. Other values allow a specific encryption method to be specified. AUTOMATIC is the default. The list of options varies depending on the encryption types selected when Kermit was compiled. An encryption method can be used only if there is enough key data available. Kerberos 4 can use only DES encryption because it provides a shared secret just 56 bits in length.

The START_TLS option negotiates whether the current session is to be protected by Transport Layer Security (TLS), the same protocol used to secure all of the HTTP Web sites on the Internet. TLS uses X.509 certificates or Kerberos 5 credentials to authenticate the server and optionally authenticate the client.

START_TLS can be used with AUTH to allow Kerberos, Secure Remote Password, or other authentication methods to be used to authenticate the client. START_TLS can not be used with the ENCRYPT option. Nor is there any need to since the protection provided by TLS is stronger than all of the streaming ciphers supported by the ENCRYPT option.

SET TELOPT [ { /CLIENT, /SERVER } ] START_TLS { ACCEPTED, REFUSED, REQUESTED, REQUIRED }

ACCEPT or REFUSE a request to negotiate TLS, or actively REQUEST that TLS be negotiated. REQUIRED refuses and closes the connection if the peer refuses to negotiate TLS or the TLS negotiations end in failure. ACCEPTED by default when a client. REQUESTED by default when a server.

After the Telnet session is established and protected, it is possible to use it to protect the data associated with X Windows System clients started on the remote host via the Telnet session. The FORWARD_X option is used to negotiate and implement the protection of X Windows Systems data.

SET TELOPT [ { /CLIENT } ] FORWARD_X { ACCEPTED, REFUSED, REQUESTED, REQUIRED }

ACCEPT or REFUSE a request to negotiate FORWARD_X, or actively REQUEST that FORWARD_X be negotiated. REQUIRED refuses and closes the connection if the peer refuses to negotiate FORWARD_X or the FORWARD_X negotiations end in failure. ACCEPTED by default when a client. Kermit does not support FORWARD_X when it is a server.

After a Telnet session is authenticated and protected it is possible to forward the credentials used to authenticate the session to the host. When credentials are forwarded to the host you do not need to enter your password when making additional connections from it. This is referred to as Single Sign-On. Credentials forwarding is currently only supported when the authentication method is Kerberos 5.

SET TELNET AUTHENTICATION FORWARDING { ON, OFF }

When Kermit is the client, set this to ON to forward forwardable Kerberos V Ticket Granting Tickets to the host after authentication is complete, so you can make additional authenticated connections from there. When Kermit is the server, set this to ON to accept forwardable Kerberos V TGTs from the client. OFF by default.

When establishing a secure connection there are potentially three usernames associated with the connection: the name of the user on the local machine; the name under which the user authenticates (the Kerberos principal name or X.509 certificate name); and the name the user wants to login as. The login name can be set with either of the following commands:

SET TELNET ENVIRONMENT USER name

SET LOGIN USERID name

If a name is given, it sent to host during Telnet negotiations; if this switch is given but the string is omitted, no user ID is sent to the host. If this command is not given, your current USERID value, \v(userid), is sent. When a userid is sent to the host it is a request to login as the specified user.

All forms of authentication rely on some secret information that only the user (or service) being authenticated knows or has in their possession. Before Kermit can authenticate as the user it must acquire this secret information. This is usually done by prompting the user for the necessary information at the time of authentication. But what if you need to automate the process? The SET LOGIN PASSWORD command can be used to specify the password to Kermit prior to establishing the connection. However, we strongly advise that this command be used in a script that prompts for the password and then establishes the automated connection later. Storing a password in a script file defeats all of the hard work you have done to secure your connections.

An NTLM user ID consists of both a DOMAIN and a username. This is set in Kermit as SET LOGIN USER DOMAIN\\username due to the use of backslash (\) as the command quote character in Kermit's command lanaguage.

SET LOGIN PASSWORD password

If a password is given, it is treated as the password to be used (if required) by any Telnet Authentication protocol (Kerberos Ticket retrieval, Secure Remote Password (SRP), or X.509 certificate private key decryption). If no password is specified a prompt is issued to request the password if one is required for the negotiated authentication method.

If things go wrong when establishing a secure connection it is useful to be able to watch the telnet negotiations. Even when things go smoothly it can be fun to watch all of the action.

SET TELNET DEBUG ON

Displays all TELNET negotiations in full detail.

3.2.1.2. SSH Connections

SET SSH AGENT-FORWARDING { ON, OFF }

If an authentication agent (ssh-agent.exe) is in use, setting this value to ON results in the connection to the agent being forwarded to the remote computer. The default is OFF.

SET SSH CHECK-HOST-IP { ON, OFF }

Specifies whether the remote host's ip-address should be checked against the matching host key in the known_hosts file. This can be used to determine if the host key changed as a result of DNS spoofing. The default is ON.

SET SSH COMPRESSION { ON, OFF }

Specifies whether compression will be used. The default is ON.

SET SSH DYNAMIC-FORWARDING { ON, OFF }

Specifies whether Kermit is to act as a SOCKS4 service on port 1080 when connected to a remote host via SSH. When Kermit acts as a SOCKS4 service, it accepts connection requests and forwards the connections through the remote host. The default is OFF.

SET SSH GATEWAY-PORTS { ON, OFF }

Specifies whether Kermit should act as a gateway for forwarded connections received from the remote host. The default is OFF.

SET SSH GSSAPI DELEGATE-CREDENTIALS { ON, OFF }

Specifies whether Kermit should delegate GSSAPI credentials to the remote host after authentication. Delegating credentials allows the credentials to be used from the remote host. The default is OFF.

SET SSH IDENTITY-FILE filename [ filename [ ... ] ]

Specifies one or more files from which the user's authorization identities (private keys) are to be read when using public key authorization. These are files used in addition to the default files:

  V1 RSA:  \v(appdata)ssh/identity
  V2 RSA:  \v(appdata)ssh/id_rsa
  V2 DSA:  \v(appdata)ssh/id_dsa

SET SSH KERBEROS4 TGT-PASSING { ON, OFF }

Specifies whether Kermit should forward Kerberos 4 TGTs to the host. The default is OFF.

SET SSH KERBEROS5 TGT-PASSING { ON, OFF }

Specifies whether Kermit should forward Kerberos 5 TGTs to to the host. The default is OFF.

SET SSH PRIVILEGED-PORT { ON, OFF }

Specifies whether a privileged port (less than 1024) should be used when connecting to the host. Privileged ports are not required except when using SSH V1 with Rhosts or RhostsRSA authorization. The default is OFF.

SET SSH QUIET { ON, OFF }

Specifies whether all messages generated in conjunction with SSH protocols should be suppressed. The default is OFF.

SET SSH STRICT-HOST-KEY-CHECK { ASK, ON, OFF }

Specifies how Kermit should behave if the the host key check fails. When strict host key checking is OFF, the new host key is added to the protocol-version-specific user-known-hosts-file. When strict host key checking is ON, the new host key is refused and the connection is dropped. When set to ASK, Kermit prompt you to say whether the new host key should be accepted. The default is ASK. Strict host key checking protects you against Trojan horse attacks. It depends on you to maintain the contents of the known-hosts-file with current host keys.

SET SSH USE-OPENSSH-CONFIG { ON, OFF }

Specifies whether Kermit should parse an OpenSSH configuration file after applying Kermit's SET SSH commands. The configuration file would be located at \v(appdata)ssh/ssh_config. The default is OFF.

SET SSH V1 CIPHER { 3DES, BLOWFISH, DES }

Specifies which cipher should be used to protect SSH version 1 connections. The default is 3DES.

SET SSH V1 GLOBAL-KNOWN-HOSTS-FILE filename

Specifies the location of the system-wide known-hosts file. The default location depends on the operating system:

  Windows 95/98/98SE/ME:  %windir%\ssh_known_hosts
  Windows NT/2000/XP:     \v(common)ssh\ssh_known_hosts

SET SSH V1 USER-KNOWN-HOSTS-FILE filename

Specifies the location of the user-known-hosts-file. The default location is:

  \v(appdata)ssh/known_hosts

SET SSH V2 AUTHENTICATION { EXTERNAL-KEYX, GSSAPI, HOSTBASED, KEYBOARD-INTERACTIVE, PASSWORD, PUBKEY, SRP-GEX-SHA1 } [ ... ]

Specifies an ordered list of SSH version 2 authentication methods to be used when connecting to the remote host. The default list is:

  external-keyx gssapi hostbased publickey srp-gex-sha1 
  keyboard-interactive password none

SET SSH V2 CIPHERS { 3DES-CBC, AES128-CBC, AES192-CBC, AES256-CBC, ARCFOUR, BLOWFISH-CBC, CAST128-CBC, RIJNDAEL128-CBC, RIJNDAEL192-CBC, RIJNDAEL256-CBC }

Specifies an ordered list of SSH version ciphers to be used to encrypt the established connection. "Rijndael" is an alias for "aes". The default list is:

  aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour aes192-cbc aes256-cbc

SET SSH V2 GLOBAL-KNOWN-HOSTS-FILE filename

Specifies the location of the system-wide known-hosts file. The default location depends on the operating system:

  Windows 95/98/98SE/ME: %windir%\ssh_known_hostss
  Windows NT/2000/XP:    \v(common)ssh\ssh_known_hosts2

SET SSH V2 HOSTKEY-ALGORITHMS { SSH-DSA, SSH-RSA }

Specifies an ordered list of hostkey algorithms to be used to verify the identity of the host. The default list is

  ssh-rsa ssh-dsa

SET SSH V2 MACS { HMAC-MD5 HMAC-MD5-96 HMAC-RIPEMD160 HMAC-SHA1 HMAC-SHA1-96 }

Specifies an ordered list of Message Authentication Code algorithms to be used for integrity protection of the established connection. The default list is:

  hmac-md5 hmac-sha1 hmac-ripemd160 hmac-sha1-96 hmac-md5-96

SET SSH V2 USER-KNOWN-HOSTS-FILE filename

Specifies the location of the user-known-hosts file. The default location is:

  \v(appdata)ssh/known_hosts2

SET SSH VERBOSE level

Specifies how many messages should be generated by the OpenSSH engine. The level can range from 0 to 7. The default value is 2.

SET SSH VERSION { 1, 2, AUTOMATIC }

Specifies which SSH version should be negotiated. The default is AUTOMATIC which means use version 2 if supported; otherwise to fall back to version 1.

SET SSH X11-FORWARDING { ON, OFF }

Specifies whether X Windows System Data is to be forwarded across the established SSH connection. The default is OFF. When ON, the DISPLAY value is either set using the SET TELNET ENV DISPLAY command or read from the DISPLAY environment variable.

SET SSH XAUTH-LOCATION filename

Specifies the location of the xauth executable (if provided with the X11 Server software.)

---

3.2.1.3. Secure FTP Connections

C-Kermit 8.0 and Kermit 95 2.00 provide support for authenticated and encrypted file transfers using Kerberos 4, GSSAPI-Kerberos 5, Secure Remote Password (SRP), Secure Sockets Layer (SSL), and Transport Layer Security (TLS).

Complete details on how to use the FTP support can be found at the Kermit website. Here we explain how to make secure FTP connections (server willing) with the FTP OPEN command:

FTP [ OPEN [ { /SSL, /TLS } ] ] hostname [ port ] [ switches ]

Opens a connection to the FTP server on the given host. The default TCP port is 21 (or 990 if /SSL or /TLS are specified), but a different port number can be supplied if necessary. /SSL or /TLS should be used if the FTP daemon is accessed through an SSL Proxy Server. Optional switches are:

/ANONYMOUS

Logs you in anonymously.

/USER:text

Supplies the given text as your username.

/PASSWORD:text

Supplies the given text as your password. If you include a username but omit this switch and the server requires a password, you are prompted for it.

/ACCOUNT:text

Supplies the given text as your account, if required by the server.

/ACTIVE

Forces an active (rather than passive) connection.

/PASSIVE

Forces a passive (rather than active) connection.

The following commands configure the use of FTP Security when establishing connections:

SET FTP AUTHTYPE list

Specifies an ordered list of authentication methods to be attempted when FTP AUTOAUTHENTICATION is ON. The default list is: GSSAPI-KRB5, SRP, KERBEROS_V4, TLS, SSL. If none of the specified methods are supported by the server, an insecure login is used as a fallback. It should be noted that TLS and SSL can be used to secure an anonymous connection.

SET FTP AUTOAUTHENTICATION { ON, OFF }

Specifies whether or not authentication should be negotiated by the FTP OPEN command. Default is ON.

SET FTP AUTOENCRYPTION { ON, OFF }

Specifies whether encryption and message integrity (privacy) should be negotiated by the FTP OPEN command. Default is ON.

SET FTP AUTOLOGIN { ON, OFF }

Tells Kermit whether to try to automatically log you in (using the FTP USER command) during the FTP OPEN command. Default is ON.

SET FTP COMMAND-PROTECTION-LEVEL { CLEAR, CONFIDENTIAL, PRIVATE, SAFE }

Tells what level of protection is applied to the FTP command channel. CLEAR means no protection at all. CONFIDENTIAL means the messages are encrypted but not integrity protected. PRIVATE means the messages are encrypted and integrity protected. SAFE means the messages are integrity protected but not encrypted.

SET FTP CREDENTIAL-FORWARDING { ON, OFF }

Specifies whether end-user credentials are to be forwarded to the server if supported by the authentication method. At the moment only GSSAPI-KRB5 supports credentials forwarding.

SET FTP DATA-PROTECTION-LEVEL { CLEAR, CONFIDENTIAL, PRIVATE, SAFE }

Tells what level of protection is applied to the FTP data channel. The levels are the same as for SET FTP COMMAND-PROTECTION-LEVEL.

SET FTP SRP CIPHER cipher

Specifies a cipher to be used to encrypt FTP data if SRP security is negotiated. The default cipher is DES3_ECB.

SET FTP SRP HASH hash

Specifies a hash to be used to integrity protect FTP data if SRP security is negotiated. The default hash is SHA1.

---

3.2.1.4. Secure HTTP Connections

Reference: Kermit HTTP Client Documentation

C-Kermit 8.0 and Kermit 95 2.00 provide support for secure HTTP requests via the use of SSL or TLS. Secure connections are established automatically when the destination service name is "https" or the port number is 443. Alternatively, SSL or TLS may be utilized with arbitrary port numbers if you include the appropriate switch in the HTTP OPEN command:

HTTP [ switches ] OPEN [ { /SSL, /TLS } ] hostname [ service/port ]

Instructs Kermit to open a new connection for HTTP communication with the specified host on the specified port. The default port is "http" (80). If /SSL or /TLS are specified a secure connection is established. If switches are specified, they are applied to all subsequent HTTP actions (GET, PUT, ...) until an HTTP CLOSE command has been executed.

---

3.2.2. The SET AUTHENTICATION Command

The SET AUTHENTICATION command lets you configure Kermit's authentication methods and set defaults for the AUTHENTICATE command so you don't always have to include all the switches if you give more than one AUTHENTICATE command in a Kermit session.

If you always use the same setup, you can put the appropropriate SET AUTHENTICATION commands in your Kermit customization file: K95CUSTOM.INI (Windows) or ~/.mykermrc (UNIX).

3.2.2.1. SET AUTHENTICATION Commands for Kerberos

SET AUTHENTICATION { KERBEROS5 } ADDRESSES { list-of-IP-addresses }

When a list of IP addresses is specified, these addresses are added to the contents of Kerberos 5 tickets retrieved via Kermit commands.

SET AUTHENTICATION { KERBEROS4, KERBEROS5 } AUTODESTROY { ON-CLOSE, ON-EXIT, NEVER }

When ON, Kermit destroys all credentials in the default credentials cache upon Kermit termination. Default is NEVER.

SET AUTHENTICATION { KERBEROS4, KERBEROS5 } AUTOGET { ON, OFF }

When ON and the protocol is TELNET or FTP, if the host offers Kerberos 4 or Kerberos 5 authentication and Kermit is configured to use that authentication method and there is no TGT, Kermit automatically attempts to retrieve one by prompting for the password (and principal if needed.) Default is ON.

SET AUTHENTICATION KERBEROS5 CREDENTIALS-CACHE cache-name

Specifies an alternative credentials cache, useful when you need to maintain two or more sets of credentials for different realms or roles. The default is specified by the environment variable KRB5CCNAME or as reported by the Kerberos 5 library.

SET AUTHENTICATION { KERBEROS4, KERBEROS5 } CHECK-ADDRESSES { ON, OFF }

When ON, Kermit uses the embedded IP address(es) in the ticket to determine validity. When OFF, IP addresses are ignored by Kermit. The default is ON.

SET AUTHENTICATION KERBEROS5 FORWARDABLE { ON, OFF }

ON specifies that Kerberos 5 credentials should be forwardable to the host. If SET TELNET AUTHENTICATION FORWARDING is ON, forwardable credentials are sent to the host. Default is OFF.

SET AUTHENTICATION KERBEROS5 GET-K4-TGT { ON, OFF }

ON specifies that Kerberos 4 credentials should be requested each time Kerberos 5 credentials are requested with AUTH KERBEROS5 INIT. The default is OFF.

SET AUTHENTICATION KERBEROS4 INSTANCE instance

Allows a Kerberos 4 instance to be specified as a default (if needed).

SET AUTHENTICATION { KERBEROS4, KERBEROS5 } LIFETIME minutes

Specifies the lifetime of the TGTs requested from the KDC. The default is 600 minutes (10 hours).

SET AUTHENTICATION KERBEROS5 NO-ADDRESSES { ON, OFF }

Kerberos 5 tickets contain a list of all of the IP addresses associated with the computer used to acquire them. This allows the recipient of a ticket to check whether it came from the machine to which it was issued, and makes stolen Kerberos tickets useless. Network Address Translators and other Proxy services have the side effect of changing the IP address from which a connection appears to originate. This causes the IP address check to fail and for Kerberos 5 tickets to be rejected as invalid. When ON, the NO-ADDRESSES command prevents the inclusion of IP addresses in Kerberos 5 tickets retrieved with Kermit's AUTHENTICATE KERBEROS5 INIT command enabling the tickets to be accepted from any host.

SET AUTHENTICATION KERBEROS4 PREAUTH { ON, OFF }

Allows Kerberos 4 preauthenticated TGT requests to be turned off. The default is ON. Only use if absolutely necessary. We recommend that preauthenticated requests be required for all tickets returned by a KDC to a requestor.

SET AUTHENTICATION { KERBEROS4, KERBEROS5 } PRINCIPAL name

When Kermit starts, it attempts to set the principal name to that stored in the current credentials cache. If no credential cache exists, the current SET LOGIN USERID value is used. SET LOGIN USERID is set to the operating systems current username when Kermit is started. To force Kermit to prompt the user for the principal name when requesting TGTs, place:

  SET AUTH K4 PRINCIPAL {}
  SET AUTH K5 PRINCIPAL {}

in the Kermit initialization file or connection script.

SET AUTHENTICATION { KERBEROS4, KERBEROS5 } PROMPT PASSWORD prompt

Specifies a custom prompt to be used when prompting for a password. The Kerberos prompt strings may contain two "%s" replacement fields. The first %s is replaced by the principal name; the second by the realm.

SET AUTHENTICATION { KERBEROS4, KERBEROS5 } PROMPT PRINCIPAL prompt

Specifies a custom prompt to be used when prompting for the Kerberos principal name. No %s replacement fields may be included. Kermit prompts for a principal name when retrieving a TGT if the command:

  SET AUTHENTICATION { KERBEROS4, KERBEROS5 } PRINCIPAL {}

has been issued.

SET AUTHENTICATION KERBEROS5 PROXIABLE { ON, OFF }

When ON, specifies that Kerberos 5 credentials should be proxiable. The default is OFF.

SET AUTHENTICATION KERBEROS5 RENEWABLE minutes

When minutes is greater than the ticket lifetime a TGT may be renewed with AUTH K5 INIT /RENEW instead of granting a new ticket as long as the ticket is not expired and it's within the renewable lifetime. Default is 0 (zero) minutes.

SET AUTHENTICATION { KERBEROS4, KERBEROS5 } REALM name

If no default is set, the default realm configured for the Kerberos libraries is used. Abbreviations are accepted.

SET AUTHENTICATION { KERBEROS4, KERBEROS5 } SERVICE-NAME name

This command specifies the service ticket name used to authenticate to the host when Kermit is used as a client; or the service ticket name accepted by Kermit when it is acting as the host. If no default is set, the default service name for Kerberos 4 is "rcmd" and for Kerberos 5 is "host".

3.2.2.2. SET AUTHENTICATION Commands for SRP

SET AUTHENTICATION SRP PROMPT PASSWORD text

Specifies a custom prompt to be used when prompting for a password. prompt may contain a single instance of "%s" to be replaced by the user's login name.

3.2.2.3. SET AUTHENTICATION Commands for SSL/TLS

SET AUTHENTICATION { SSL, TLS } CIPHER-LIST list-of-ciphers

This command applies to both SSL and TLS. A colon-separated list of any of the following (case-sensitive) options is accepted, depending on the options chosen when OpenSSL was compiled:

Key Exchange Algorithms:

kRSA: RSA key exchange

kDHr: Diffie-Hellman key exchange (key from RSA cert)

kDHd: Diffie-Hellman key exchange (key from DSA cert)

kEDH: Ephemeral Diffie-Hellman key exchange (temporary key)

kKRB5: Kerberos 5

Authentication Algorithm:

aNULL: No authentication

aRSA: RSA authentication

aDSS: DSS authentication

aDH: Diffie-Hellman authentication

aKRB5: Kerberos 5

Cipher Encoding Algorithm:

eNULL: No encodiing

AES256: 256-bit AES encoding

AES128: 128-bit AES encoding

DES: DES encoding

3DES: Triple DES encoding

RC4: RC4 encoding

RC2: RC2 encoding

IDEA: IDEA encoding

MAC Digest Algorithm:

MD5: MD5 hash function

SHA1: SHA1 hash function

SHA: SHA hash function (should not be used)

Aliases:

ALL: all ciphers

SSLv2: all SSL version 2.0 ciphers (should not be used)

SSLv3: all SSL version 3.0 ciphers

EXP: all export ciphers (40-bit)

EXPORT56: all export ciphers (56-bit)

LOW: all low strength ciphers (no export)

MEDIUM: all ciphers with 128-bit encryption

HIGH: all ciphers using greater than 128-bit encryption

RSA: all ciphers using RSA key exchange

DH: all ciphers using Diffie-Hellman key exchange

EDH: all ciphers using Ephemeral Diffie-Hellman key exchange

ADH: all ciphers using Anonymous Diffie-Hellman key exchange

DSS: all ciphers using DSS authentication

KRB5: all ciphers using Kerberos 5

AES: all ciphers using AES

NULL: all ciphers using no encryption

Each item in the list may include a prefix modifier:

"+"

Move cipher(s) to the current location in the list

"-"

Remove cipher(s) from the list (may be added again by a subsequent list entry)

"!"

Kill cipher from the list (it may not be added again by a subsequent list entry)

If no modifier is specified the entry is added to the list at the current position. "+" may also be used to combine tags to specify entries such as "RSA+RC4" describes all ciphers that use both RSA and RC4.

For example, all available ciphers not including ADH key exchange:

  ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

All algorithms including ADH and export but excluding patented or trade secreted algorithms:

  HIGH:MEDIUM:LOW:EXPORT56:EXP:ADH:!RC4:!RC2:!IDEA

The OpenSSL command:

  openssl ciphers -v list-of-ciphers

may be used to list all of the ciphers and the order described by a specific list-of-ciphers.

SET AUTHENTICATION { SSL, TLS } CRL-DIR directory

Specifies a directory that contains certificate revocation files, where each file is named by the hash of the certificate issuer name. OpenSSL expects the hash symlinks to be made like this:

  ln -s crl.pem `openssl crl -hash -noout -in crl.pem`.r0

Since all file systems do not have symlinks you can use the following command in Kermit to copy the crl.pem file to the hash file name:

  copy crl.pem {\fcommand(openssl crl -hash -noout -in crl.pem).r0}

This produces a hash based on the issuer field in the CRL such that the issuer field of a Cert may be quickly mapped to the correct CRL.

In Kermit 95, the default directory is \v(exedir)crls

SET AUTHENTICATION { SSL, TLS } CRL-FILE filename

Specifies a file that contains certificate revocations used to reject the validation of certificates.

In Kermit 95, the default file is \v(exedir)ca_crls.pem

SET AUTHENTICATION { SSL, TLS } DEBUG { ON, OFF }

Tells whether debug information should be displayed about the SSL/TLS connection. When DEBUG is ON, the VERIFY command does not terminate connections when set to FAIL-IF-NO-PEER-CERT and a certificate is presented that cannot be successfully verified; instead each error is displayed but the connection automatically continues.

SET AUTHENTICATION { SSL, TLS } DH-PARAM-FILE filename

Specifies a file containing DH parameters used to generate temporary DH keys. If a DH parameter file is not provided Kermit uses a fixed set of parameters depending on the negotiated key length. Kermit provides DH parameters for key lengths of 512, 768, 1024, 1536, and 2048 bits.

SET AUTHENTICATION { SSL, TLS } DSA-CERT-CHAIN-FILE filename

Specifies a file containing a DSA certificate chain to be sent along with the DSA-CERT to the peer. This file must only be specified if Kermit is being used as a server and the DSA certificate was signed by an intermediary certificate authority.

SET AUTHENTICATION { SSL, TLS } DSA-CERT-FILE filename

Specifies a file containing a DSA certificate to be sent to the peer to authenticate the host or end user. The file may contain the matching DH private key instead of using the DSA-KEY-FILE command.

SET AUTHENTICATION { SSL, TLS } DSA-KEY-FILE filename

Specifies a file containing the private DH key that matches the DSA certificate specified with DSA-CERT-FILE. This command is only necessary if the private key is not appended to the certificate in the file specified by DSA-CERT-FILE.

Note: When executing a script in the background or when it is running as an Internet Kermit Service Daemon, Kermit cannot support encrypted private keys. When attempting to load a private key that is encrypted, a prompt will be generated requesting the passphrase necessary to decrypt the keyfile. To automate access to the private key you must decrypt the encrypted keyfile and create an unencrypted keyfile for use by Kermit. This can be accomplished by using the following command and the passphrase:

  openssl dsa -in encrypted-key-file -out unencrypted-key-file

SET AUTHENTICATION { SSL, TLS } RANDOM-FILE filename

Specifies a file containing random data to be used when initializing the Pseudo Random Number Generator (PRNG) engine. This file is overwritten with new random data after the file is read.

SET AUTHENTICATION { SSL, TLS } RSA-CERT-CHAIN-FILE filename

Specifies a file containing a RSA certificate chain to be sent along with the RSA-CERT to the peer. This file must only be specified if Kermit is being used as a server and the RSA certificate was signed by an intermediary certificate authority.

SET AUTHENTICATION { SSL, TLS } RSA-CERT-FILE filename

Specifies a file containing a RSA certificate to be sent to the peer to authenticate the host or end user. The file may contain the matching RSA private key instead of using the RSA-KEY-FILE command.

SET AUTHENTICATION { SSL, TLS } RSA-KEY-FILE filename

Specifies a file containing the private RSA key that matches the RSA certificate specified with RSA-CERT-FILE. This command is only necessary if the private key is not appended to the certificate in the file specified by RSA-CERT-FILE.

Note: When executing a script in the background or when it is running as an Internet Kermit Service Daemon, Kermit cannot support encrypted private keys. When attempting to load a private key that is encrypted, a prompt will be generated requesting the passphrase necessary to decrypt the keyfile. To automate access to the private key you must decrypt the encrypted keyfile and create an unencrypted keyfile for use by Kermit. This can be accomplished by using the following command and the passphrase:

  openssl rsa -in encrypted-key-file -out unencrypted-key-file

SET AUTHENTICATION { SSL, TLS } VERBOSE { ON, OFF }

Specifies whether information about the authentication (the certificate chain) should be displayed when making a connection.

SET AUTHENTICATION { SSL, TLS } VERIFY { NO, PEER-CERT, FAIL-IF-NO-PEER-CERT }

Specifies whether certificates should be requested from the peer; whether they should be verified when they are presented; and whether they should be required. When set to NO (the default for IKSD), Kermit does not request that the peer send a certificate and if one is presented it is ignored. When set to PEER-CERT (the default when not IKSD), Kermit requests a certificate be sent by the peer. If the certificate is presented, it is verified. Any errors during the verification process result in queries to the end user. When set to FAIL-IF-NO-PEER-CERT, Kermit asks the peer to send a certificate. If the certificate is not presented or fails to verify successfully, the connection is terminated without querying the user.

If an anonymous cipher (i.e., ADH) is desired the NO setting must be used; otherwise the receipt of the peer certificate request is interpreted as a protocol error and the negotiation fails.

If you wish to allow the peer to authenticate using either an X.509 certificate to userid mapping function or via use of a ~/.tlslogin file, you must use either PEER-CERT or FAIL-IF-NO-PEER-CERT. Otherwise, any certificates that are presented are ignored. In other words, use NO if you want to disable the ability to use certificates to authenticate a peer.

SET AUTHENTICATION { SSL, TLS } VERIFY-DIR directory

Specifies a directory that contains root CA certificate files used to verify the certificate chains presented by the peer. Each file is named by a hash of the certificate.

OpenSSL expects the hash symlinks to be made like this:

  ln -s cert.pem `openssl x509 -hash -noout -in cert.pem`.0

Since all file systems do not have symlinks you can use the following command in Kermit to copy the cert.pem file to the hash file name:

  copy cert.pem {\fcommand(openssl x509 -hash -noout -in cert.pem).0}

This produces a hash based on the subject field in the cert such that the certificate may be quickly found.

In Kermit 95, the default directory is \v(exedir)certs

SET AUTHENTICATION { SSL, TLS } VERIFY-FILE file

Specifies a file that contains root CA certificates to be used for verifying certificate chains.

In Kermit 95, the default file is \v(exedir)ca_certs.pem

3.2.3. The AUTHENTICATE Command (Kerberos Only)

The AUTHENTICATE command obtains or destroys Kerberos tickets and lists information about them. The general format is:

AUTHENTICATE { KERBEROS4, KERBEROS5 [ switches ] } action [ switches ]

The use of command switches is described in Section 1.5 of the C-Kermit 7.0 Update Notes. The actions are INITIALIZE, DESTROY, and LIST-CREDENTIALS.

The AUTHENTICATE command's INITIALIZE option is the most complex of Kermit's security commands, and its format is different for Kerberos 4 and Kerberos 5:

Kerberos 4:

AUTH K4 INITIALIZE [ k4-switches ] [ principal ]

Kerberos 5:

AUTH K5 [ k5-switches ] { INITIALIZE ..., DESTROY, LIST-CREDENTIALS, ...}

AUTHENTICATE K4 INITIALIZE switches (all optional):

/INSTANCE:name

Allows an Instance to be specified (see Glossary).

/LIFETIME:number

Specifies the requested lifetime in minutes for the ticket. If no lifetime is specified, 600 minutes is used. If the lifetime is greater than the maximum supported by the ticket granting service, the resulting lifetime is shortened accordingly.

/NOT-PREAUTH

Instructs Kermit to send a ticket granting ticket (TGT) request to the KDC without any preauthentication data.

/PASSWORD:string

Allows the inclusion of a password in a script file. If no /PASSWORD switch is included, you are prompted on a separate line. The password switch is provided for use by automated scripts. However, we strongly recommend that it not be used because clear-text passwords are easily compromised.

/PREAUTH

Instructs Kermit to send a preauthenticated ticket granting ticket (TGT) request to the KDC instead of a plaintext request. The default when supported by the Kerberos libraries.

/REALM:name

Allows an alternative Realm to be specified (see Glossary).

The Kerberos 4 principal format is:

  userid[.instance[.instance]]@[realm]

but can be omitted if it is the same as your username or SET LOGIN USERID value on the client system.

AUTHENTICATE K5 INITIALIZE switches (all optional):

/ADDRESSES:list-of-ip-addresses

Specifies a list of IP addresses that should be placed in the Ticket Granting Ticket in addition to the local machine addresses.

/FORWARDABLE

Requests forwardable tickets.

/KERBEROS4

Instructs Kermit to get Kerberos 4 tickets in addition to Kerberos 5 tickets. If Kerberos 5 tickets are not supported by the server, a mild warning is printed and Kerberos 4 tickets are requested.

/LIFETIME:number

Specifies the requested lifetime in minutes for the ticket. If no lifetime is specified, 600 minutes is used. If the lifetime is greater than the maximum supported by the ticket granting service, the resulting lifetime is shortened.

/NO-ADDRESSES

Instructs Kermit to not include a list of local IP addresses in the ticket retrieved from the KDC.

/NO-KERBEROS4

Instructs Kermit to not attempt to retrieve Kerberos 4 credentials.

/NOT-FORWARDABLE

Requests non-forwardable tickets.

/NOT-PROXIABLE

Requests non-proxiable tickets.

/PASSWORD:string

Allows the inclusion of a password in a script. If no password is specified you are prompted for one. The password switch is provided for use by automated scripts. However, we strongly recommend that it not be used because clear-text passwords can be easily compromised. See Chapter 19 of Using C-Kermit.

/POSTDATE:date-time

Requests a postdated ticket, valid starting at date-time. Postdated tickets are issued with the invalid flag set, and need to be fed back to the KDC before use with the /VALIDATE switch. See Section 1.6 of the C-Kermit 7.0 Update Notes for acceptable date-time formats.

/PROXIABLE

Requests proxiable tickets.

/REALM:string

Allows an alternative realm to be specified.

/RENEW

Requests renewal of a renewable Ticket Granting Ticket. Note that an expired ticket cannot be renewed even if it is within its renewable lifetime.

/RENEWABLE:number

Requests renewable tickets, with a total lifetime of number minutes.

/SERVICE:string

Allows a service other than the ticket granting service to be specified.

/VALIDATE

Requests that the Ticket Granting Ticket in the cache (with the invalid flag set) be passed to the KDC for validation. If the ticket is within its requested time range, the cache is replaced with the validated ticket.

The Kerberos 5 principal format is:

  userid[/instance][@realm]

and can be omitted if it is the same principal as stored in the current ticket cache at the time Kermit started; or the current username if a ticket cache did not exist.

Note: Kerberos 5 always attempts to retrieve a Ticket Granting Ticket (TGT) using the preauthenticated TGT request.

AUTHORIZE K5 LIST-CREDENTIALS [ switches ]

Shows start time, expiration time, service or principal name, plus the following additional information depending the switches:

/ADDRESSES

Displays the hostnames and/or IP addresses embedded within the tickets.

/ENCRYPTION

Displays the encryption used by each ticket (if applicable):

• DES-CBC-CRC
• DES-CBC-MD4
• DES-CBC-MD5
• DES-CBC-RAW
• DES-HMAC-SHA1
• DES3-CBC-RAW
• DES3-CBC-SHA
• DES3-HMAC-SHA1

/FLAGS

provides the following information (if applicable) for each ticket:

• F - Ticket is Forwardable
• f - Ticket was Forwarded
• P - Ticket is Proxiable
• p - Ticket is a Proxy
• D - Ticket may be Postdated
• d - Ticket has been Postdated
• i - Ticket is Invalid
• R - Ticket is Renewable
• I - Ticket is the Initial Ticket
• H - Ticket has been authenticated by Hardware
• A - Ticket has been Pre-authenticated

3.2.4. Other Security-Related Commands

SET TCP ADDRESS [ ip-address ]

Specifies the IP address of the computer that C-Kermit is running on. Normally this is not necessary. The exceptions would be if the host is multihomed (e.g. one host pointed to by many IP addresses, or one of many hosts pointed to by a "common" IP address) or has multiple physical network adapters, with a different address for each adapter, AND you want C-Kermit to either (a) accept an incoming TCP connection ("set host *") or (b) get a Kerberos ticket.

SET TCP REVERSE-DNS-LOOKUP { ON, OFF }

Specifies whether or not a Reverse DNS Lookup should be performed to determine the hostname assigned to the IP address used to connect to the host.

For mutual authentication to succeed, the client and the server must agree on the name to be used for the server. It is common for servers to have more than one name. This is especially true for clusters of servers that provide the same function and are referenced by an alias. For example, www.foo.com might be an alias for three machines www-1.foo.com, www-2.foo.com, and www-3.foo.com. If the hosts are configured to use separate credentials for authentication it would be necessary to know which host is actually in use since "www.foo.com" is not equal to "www-1.foo.com".

On the other hand, since DNS is not a secure service, using an additional lookup to verify the name associated with a particular IP address increases the susceptibility that the authentication may be forged by an attacker.

For the highest level of security, Reverse DNS Lookups should be turned OFF.

[ Kermit Home ] [ C-Kermit ] [ Kermit 95 ]

---

3.3. Making Secure Connections

SECTION CONTENTS

  3.3.1. The SET HOST Command
  3.3.2. The TELNET Command
  3.3.3. The SSH Command
  3.3.4. The RLOGIN Command
  3.3.5. Making Secure FTP Connections
  3.3.6. Making Secure HTTP Connections
  3.3.7. Using Only SSL or TLS
  3.3.8. Using Kerberos 5 User-to-User Protocol

TCP/IP connections established by Kermit are initiated either with the SET HOST command; a protocol-specific command such as TELNET or RLOGIN; or in the case of FTP and HTTP an OPEN command.

3.3.1. The SET HOST Command

When using the SET HOST command to establish a secure connection, several switches are available between SET HOST and the hostname, plus a protocol switch at the end:

SET HOST [ switches ] hostname-or-address [ service ] [ protocol-switch ]

Establishes a connection to the specified network host on the currently selected network type. For TCP/IP connections, the default service is TELNET and the default protocol is TELNET. Not all protocols have a default service name.

The following SET HOST switches are useful with secure connections:

/CONNECT

Tells Kermit to enter CONNECT (terminal) mode automatically if the connection is successful.

/SERVER

Tells Kermit to enter server mode automatically if the connection is successful.

/USERID:[name]

This switch is equivalent to SET LOGIN USERID or SET TELNET ENVIRONMENT USER . If a string is given, it sent to host during Telnet negotiations; if this switch is given but the string is omitted, no user ID is sent to the host. If this switch is not given, your current USERID value, \v(userid), is sent. When a userid is sent to the host it is a request to login as the specified user.

/PASSWORD:[string]

This switch is equivalent to SET LOGIN PASSWORD. If a string is given, it is treated as the password to be used (if required) by any Telnet Authentication protocol (Kerberos Ticket retrieval, Secure Remote Password, or X.509 certificate private key decryption.) If no password switch is specified a prompt is issued to request the password if one is required for the negotiated authentication method.

The SET HOST protocol-switches used with secure connections are:

/RLOGIN

Use Rlogin protocol even if this is not an Rlogin port.

/TELNET

Send initial Telnet negotiations even if this is not a Telnet port.

/K4LOGIN

Use Kerberos IV klogin protocol even if this is not a klogin port.

/EK4LOGIN

Use Kerberos IV Encrypted login protocol even if this is not an eklogin port.

/K5LOGIN

Use Kerberos V klogin protocol even if this is not a klogin port.

/EK5LOGIN

Use Kerberos V Encrypted login protocol even if this is not an eklogin port.

/K5USER2USER

Use Kerberos V User to User protocol.

/SSL

Perform SSL negotiations.

/SSL-TELNET

Perform SSL negotiations and if successful start Telnet negotiations.

/TLS

Perform TLS negotiations.

/TLS-TELNET

Perform TLS negotiations and if successful start Telnet negotiations.

3.3.2. The TELNET Command

The TELNET command combines a number of commands related to secure telnet connections into a single interface.

TELNET /AUTH:type /ENCRYPT:type /USERID:[name] /PASSWORD:[string] host port

The TELNET command is a shortcut for making interactive terminal connections on a TCP/IP network using Telnet protocol. When used for secure connections, Kermit's TELNET command is the equivalent of:

  SET TELOPT AUTH ...
  SET TELNET AUTH TYPE ...
  SET TELOPT ENCRYPT ...
  SET TELNET ENCRYPT TYPE ...
  SET LOGIN USERID ...
  SET LOGIN PASSWORD ...
  SET HOST /CONNECT host port /TELNET

The optional TELNET command switches are:

/AUTH:type

Equivalent to SET TELNET AUTH TYPE type and SET TELOPT AUTH REQUIRED with the following exceptions. If the type is AUTO, then SET TELOPT AUTH REQUESTED is executed and if the type is NONE, then SET TELOPT AUTH REFUSED is executed. If START_TLS is negotiated REQUIRED becomes REQUESTED.

/ENCRYPT:type

Equivalent to SET TELNET ENCRYPT TYPE type and SET TELOPT ENCRYPT REQUIRED REQUIRED with the following exceptions. If the type is AUTO then SET TELOPT AUTH REQUESTED REQUESTED is executed and if the type is NONE then SET TELOPT ENCRYPT REFUSED REFUSED is executed. If START_TLS is negotiated REQUIRED becomes REFUSED.

/USERID:[name]

Equivalent to SET LOGIN USERID name or SET TELNET ENVIRONMENT USER name. If a string is given, it sent to host during Telnet negotiations; if this switch is given but the string is omitted, no user ID is sent to the host. If this switch is not given, your current USERID value, \v(userid), is sent. When a userid is sent to the host it is a request to login as the specified user.

/PASSWORD:[string]

This switch is equivalent to SET LOGIN PASSWORD. If a string is given, it is treated as the password to be used (if required) by any Telnet Authentication protocol (Kerberos Ticket retrieval, Secure Remote Password, or X.509 certificate private key decryption.) If no password switch is specified a prompt is issued to request the password if one is required for the negotiated authentication method.

3.3.3