Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
emulab
emulab-devel
Commits
5573f1e3
Commit
5573f1e3
authored
Jun 05, 2002
by
Chad Barb
Browse files
As requested, the skinny on my tip-without-ops approach.
parent
7cb8345a
Changes
1
Hide whitespace changes
Inline
Side-by-side
doc/tipwithoutops.txt
0 → 100644
View file @
5573f1e3
; crb, june 5 2002
Tip-without-ops:
Joe User has downloaded and installed "tiptunnel," telling it his favorite telnet client
and associating it with files of type "text/testbed-acl" in his web browser.
There is a Windows binary (and a FreeBSD binary?), as well as unix/windows source,
available for download, with adequate disclaimers all over it.
Joe User logs into his experiment, and opens up a "detail view" on a node
assigned to his experiment. A link on the page offers "Connect to serial line."
When he clicks on the link, the server sends a file of MIME type "text/testbed-acl".
This launches tiptunnel on his machine. The file contains a server name, a port number,
a key, and a certificate's SHA-hash.
Tiptunnel connects, via TCP/IP, to the server/port specified in the ACL file.
It is now talking to Capture. Capture, upon accepting a TCP/IP connection,
wants a secret key before it allows a client access to the serial line.
Tiptunnel sends "WANTSSL" as the secret key, and both initialize an OpenSSL
connection. Capture uses $TB/etc/capture.pem as its certificate, unless a different
certificate was specified on its command line.
Tiptunnel looks at the certificate given by Capture, and SHA-hashes it, verifying that
it matches the hash in the ACL file. If it does not, the user is warned of a possible
man-in-the-middle attack, and tiptunnel closes. If the hash does indeed match,
the key is sent over SSL. If the key is accepted by Capture, the connection begins.
Tiptunnel then forks.
The parent starts listening on a local port for a TCP/IP connection. A single
connection (from localhost only) will be accepted, and traffic to/from that port
will be tunnelled through the SSL connection. Upon accepting a connection,
special telnet commands will be sent to the client, turning off line-at-a-time and
local echo.
When the connection closes, this process will exit.
The child execs the telnet program chosen by the user,
telling it to connect to localhost:<someport> (the tiptunnel).
Joe User is now able to talk to his node's serial line.
When Joe User exits, the connection is dropped, and all processes exit.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
