HPE Community
Operating System - HP-UX
1833458 Members
3249 Online
110052 Solutions
New Discussion

Re: secure tunneling between two servers

 
SOLVED
Go to solution
James Ellis_1
Super Advisor

‎08-20-2002 09:13 AM

‎08-20-2002 09:13 AM

secure tunneling between two servers

I am looking into securing the communication path between two servers (NT and HPUX) in our network. On a daily basis, data is FTPed from the NT server to the HPUX server, and this script includes the password for the account that runs the FTP process...this potentially poses security risks. For example, if someone breaks in our network, they could get control of this account if they had the password.

One solution is setting up a VPN between these two FTP endpoints. But VPN is typically used at the router between two distinct LANs across the internet.

What other application/software can be used just between the ports of these two servers (NT and HPUX) to secure just this FTP process (and if the security is breached, the connection is lost). Basically, this would be a connection to connection secure medium.

Any other suggestions?

Thanks.
"In the middle of difficulty lies opportunity" -Einstein
0 Kudos
Reply
10 REPLIES 10
Hai Nguyen_1
Honored Contributor

‎08-20-2002 09:17 AM

‎08-20-2002 09:17 AM

Re: secure tunneling between two servers

James,

Look into configuring /var/adm/inetd.sec on HP box. Man inetd.sec for more information.

Hai
0 Kudos
Reply
James Ellis_1
Super Advisor

‎08-20-2002 09:37 AM

‎08-20-2002 09:37 AM

Re: secure tunneling between two servers

Hai,

I looked at the /var/adm/inetd.sec man-pages. This is another option, but this is basically security controlled at the onset of ftp, like denying FTP from another server. I don't think this kind of security can protect any of the data that is being transmitted via FTP...for the duration of the FTP session. Basically, what I need is to have a secure server to server communication channel, for the duration of the FTP session. VPN usually does this between two routers across the internet. I was wonderiing if there is a method to secure the point to point between two servers within the LAN (or between two routers in the LAN).

Thanks and I'll continue to look into the /var/adm/inetd.sec issue and see if this is possible.
"In the middle of difficulty lies opportunity" -Einstein
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎08-20-2002 09:53 AM

‎08-20-2002 09:53 AM

Solution

Re: secure tunneling between two servers

Hi James,

I'd take a look at installing ssh on the HP system, the ssh client on the NT system & using scp (Secure Copy) to make the transfer from NT to HP. Has the added beneift of encrypting the data as well.

Available at:

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Rodney Hills
Honored Contributor

‎08-20-2002 09:54 AM

‎08-20-2002 09:54 AM

Re: secure tunneling between two servers

Can you use "openssh"? You can find it on the HP software porting and archive centre. It sends secure information across the network.

-- Rod Hills
There be dragons...
0 Kudos
Reply
Keith Buck
Respected Contributor

‎08-21-2002 08:24 AM

‎08-21-2002 08:24 AM

Re: secure tunneling between two servers

Like Jeff said, install Secure Shell (T1471AA) on your HP-UX server.

A great windows client for Secure Shell is called "putty" and it comes with a command-line pscp that you can use to transfer files.

You can also setup keys using puttygen and install the public key on the HP-UX server (~/.ssh/authorized_keys2) allowing just the person with the key to transfer files (without typing the password or scripting it in some way like you have to do with ftp)
Reply
James Ellis_1
Super Advisor

‎08-30-2002 12:32 PM

‎08-30-2002 12:32 PM

Re: secure tunneling between two servers

Anyone know if this SEcure Shell can be installed on a HP AND Win NT? I need a secure ftp communication from a Win NT and Hp machine. Someone mentioned installing the software on a HP 11.0 system, and the client on a Win NT? Where do I find this client software?

Thanks.
"In the middle of difficulty lies opportunity" -Einstein
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎08-30-2002 01:40 PM

‎08-30-2002 01:40 PM

Re: secure tunneling between two servers

Certainly. A quick Google search for putty ssh will find the site:

http://www.chiark.greenend.org.uk/~sgtatham/putty/

NOTE: Putty is SSH-1, not the more secure SSH-2, which would cost about $100 per PC client. SSH-1 is very much better than no secure communication, but I would look at the OpenSSH or F-Secure products. Note that a good SecureShell book is also important. O'Reilley publishes and excellent book on SSH.


Bill Hassell, sysadmin
Reply
Wodisch_1
Honored Contributor

‎08-30-2002 04:20 PM

‎08-30-2002 04:20 PM

Re: secure tunneling between two servers

Hi James,

why not get the real OpenSSH for Windows? Go to http://sources.redhat.com/cygwin and install all the tools you want onto your PC(s) - if you only want SSH, you will only need the "cygwin1.dll" and "ssh.exe", which are less than 1MB, resp. 256KB on my system...

Just my $0.02,
Wodisch (who installed ALL the cygwin tools onto his PC)
Reply
James Ellis_1
Super Advisor

‎09-03-2002 05:09 AM

‎09-03-2002 05:09 AM

Re: secure tunneling between two servers

Bill,

Where do I find information on SSH-2 and the $100 per client pc? Is this an HP product?

I need to emphasis that the secure shell I need to implement is to protect the data when FTPing from Win NT to HP-UX box.

I have not found much regarding the capability of the OpenSSH to work with other systems, and what client software is neded on another machine like Win NT.

I will need to find out whether a SSH-1 is sufficient for our needs. Although I suspect they want SSH-2.

Thanks.
"In the middle of difficulty lies opportunity" -Einstein
0 Kudos
Reply
Helen French
Honored Contributor

‎09-04-2002 10:46 AM

‎09-04-2002 10:46 AM

Re: secure tunneling between two servers

James,

You can purchase the license from the website and even get a trial version if you like. Take a look at http://www.f-secure.com/download-purchase/
We are using version 4.2 and connect to aix, solaris and hp servers without much complexity. I like this product over Exceed, Putty, or even Reflection (HP Term). It has been some time since we've bought the license so I don't know how much it is but I'm sure the website can give you that information. I do not know how this works specifically with NT because I work with the unix side but if it is anything similar it is a must have.
Life is a promise, fulfill it!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.