[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: a little progress on control software/more

To: Stupendous Man <richmond@a188-l009.rit.edu>, tass@listserv.wwa.com
Subject: Re: a little progress on control software/more
From: Chris Albertson <chrisalbertson90278@yahoo.com>
Date: Sun, 16 Dec 2001 23:41:51 -0800
References: <200112161933.OAA28992@a188-l009.rit.edu> <3C1D9194.288A47AC@yahoo.com>
Reply-To: chrisalbertson90278@yahoo.com
Sender: owner-tass@listserv.wwa.com


> > If you can tell me how to modify my /etc/services or other files
> > to do this in a secure fashion, I'd appreciate it.  I'd also appreciate
> > advice from people who say, "It can't be made secure -- don't bother."

You can hard code the port number you listen.  Pick say 6371 and
hope no one else picked it.  Or you can add a line to either
/etc/services or your "services" NIS map and then your server
can use a system call to get the port number from the services
file or map.  My socket library does this.  If you don't
specify a port it will try and look it up failing this if defaults.

Just look in /etc/services and copy one of the existing lines.
Pick an un-used name for your servive and an unused port
number.  Add the new line any place in the file.

As for security.  Just use a TCP/IP port.  Any port will do.
Now make sure that port is _blocked_ on your firewall. So your
Mark IV servr is now inaccessable to the world.  Now to get at
it you use "ssh".  You will need to read the ssh man page about
"port forwarding".  

Basically it works like this:

1) your server listens on port 52887

2) your real-time control computer also runs sshd, the secure shell
deamon.  sshd listens on port 22 (I think??  Anyway it is port
twenty something.)

3) On your home PC (This even works on MS Windows.) you run
ssh _and_ your client.

4) Using instructiions in the ssh man page under "port forwarding"
you run ssh and tell it to accept a connection on port 52887 and
forward it to port 52887 on the real time computer.  You local
SSH will connect using port 22 to the SSHD running on the control
computer. SSHD will connect to your server using 52887.

What you've done is made an encrypted tunnel.  All the commands
sent and data returned will be encrytped.

In fact if you realy want to make your computer secure you can
disable ALL network services except SSHD.  You can still
access FTP, HTTP and so on but using port forwarding.

If you don't want the user (you) to have to go through the
hassel of setting up a secure tunnel with SSH you can in you
program make use of SSL.  This is what SSH uses but it is not
easy to learn to use.  Just add some aliases to your .cshrc
file for the tunnel and you are as secure as it gets in 2001.

Note there are two impementations of SSH.  One is free and
one is comercial.  If you have Linux or BSD you will likley
also have ssh/sshd.  Others will have to get either of the
versions off the 'net.


--
   Chris Albertson             
   Redondo Beach, California
   home:   310-376-1029   chrisalbertson90278@yahoo.com
   cell:   310-990-7550
   office: 310-336-5189   Christopher.J.Albertson@aero.org

References:
- a little progress on control software
  - From: Stupendous Man <richmond@a188-l009.rit.edu>
- Re: a little progress on control software
  - From: Chris Albertson <chrisalbertson90278@yahoo.com>

Prev by Date: Re: a little progress on control software
Next by Date: RE: Stacking
Prev by thread: Re: a little progress on control software
Next by thread: Re: Time
Index(es):
- Date
- Thread