tipwithoutops.txt 2.26 KB
Newer Older
1 2 3
; This file contains an overview of the design of tiptunnel, which allows users
; secure access to serial console lines, directly from their desktop machine

4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
; crb, june 5 2002

Tip-without-ops:

Joe User has downloaded and installed "tiptunnel," telling it his favorite telnet client
and associating it with files of type "text/testbed-acl" in his web browser.
There is a Windows binary (and a FreeBSD binary?), as well as unix/windows source,
available for download, with adequate disclaimers all over it.

Joe User logs into his experiment, and opens up a "detail view" on a node
assigned to his experiment. A link on the page offers "Connect to serial line."
When he clicks on the link, the server sends a file of MIME type "text/testbed-acl".
This launches tiptunnel on his machine. The file contains a server name, a port number,
a key, and a certificate's SHA-hash.

Tiptunnel connects, via TCP/IP, to the server/port specified in the ACL file.
It is now talking to Capture. Capture, upon accepting a TCP/IP connection, 
wants a secret key before it allows a client access to the serial line. 
Tiptunnel sends "WANTSSL" as the secret key, and both initialize an OpenSSL
connection. Capture uses $TB/etc/capture.pem as its certificate, unless a different
certificate was specified on its command line.

Tiptunnel looks at the certificate given by Capture, and SHA-hashes it, verifying that
it matches the hash in the ACL file. If it does not, the user is warned of a possible
man-in-the-middle attack, and tiptunnel closes. If the hash does indeed match,
the key is sent over SSL. If the key is accepted by Capture, the connection begins.

Tiptunnel then forks.

The parent starts listening on a local port for a TCP/IP connection. A single 
connection (from localhost only) will be accepted, and traffic to/from that port
will be tunnelled through the SSL connection. Upon accepting a connection,
special telnet commands will be sent to the client, turning off line-at-a-time and
local echo.
When the connection closes, this process will exit.

The child execs the telnet program chosen by the user,
telling it to connect to localhost:<someport> (the tiptunnel).
Joe User is now able to talk to his node's serial line.
When Joe User exits, the connection is dropped, and all processes exit.