dcsimg

An Alternative to ssh

Yes, there are simpler, albeit less flexible solutions available. One possibility is zebedee (http://www.winton.org.uk/zebedee). Designed by Neil Winton and based on the Blowfish (http://www.counterpane.com/blowfish.html) encryption algorithm, zebedee is a lighter-weight, secure tunneling application. While zebedee does require a couple of libraries to run, the zebedee package includes the libraries and the install is very simple to perform. The current stable release of zebedee is 2.4.1, and is provided as Linux RPMs and as a Windows install package.

I’ve heard of ssh, but it’s cryptic to setup. Are there alternatives?

Yes, there are simpler, albeit less flexible solutions available. One possibility is zebedee (http://www.winton.org.uk/zebedee). Designed by Neil Winton and based on the Blowfish (http://www.counterpane.com/blowfish.html) encryption algorithm, zebedee is a lighter-weight, secure tunneling application. While zebedee does require a couple of libraries to run, the zebedee package includes the libraries and the install is very simple to perform. The current stable release of zebedee is 2.4.1, and is provided as Linux RPMs and as a Windows install package.

To install the zebedee client and server on a Linux machine, download zebedee-2.4.1-1.i586.rpm and execute the command rpm -i zebedee-2.4.1-1.i586.rpm as root. Once installed, starting zebedee is as simple as:


washin% zebedee -s

Here, zebedee has been started on host washin, and is listening for connections from zebedee clients; that connection between client and server provides the tunnel. Any user can start zebedee (but you may want root to; see the caveat below).

To start a secure telnet session to washin from another host, isshin, execute the command:


isshin% zebedee washin:telnet

This command says, “Establish a zebedee tunnel for telnet from this host to washin.” The zebedee command on isshin returns with a message similar to:


zebedee(2205/1024): Listening on local port 1048

The local port number shown in the message is the important piece of information. In this case, zebedee has connected local port 1048 to the remote (washin) telnet port (port 23) via a secured channel. So, to use the connection, you simply telnet to the local port…


isshin% telnet localhost 1048

…and login as normal. All telnet communication is now carried securely via the zebedee tunnel. You can also do all of this in one command:


isshin% zebedee -e “telnet localhost %d” washin

The %d is replaced with the port number when the telnet command is executed. This method simplifies the use of zebedee in scripts. Similarly, ftp can also be used:


isshin% zebedee -e “ftp localhost %d” washin

You say, “Cool, great. But what if I need a specific port to connect to?” zebedee can do that as well. Assuming you need port 9000 for a secured connection to a web server, and using the same hosts as before, the command…


isshin% zebedee 9000:washin:80

…does the trick. Now enter the URL http://localhost: 9000/ in your local web browser and you have a secure connection to the web server on washin.

Finally, it’s possible to make multiple secure connections in one command, saving typing and time:


% zebedee 9000,9001,9002:washin:http,\
telnet,ftp

Decoding this is very straight forward: just take the first port on the left hand side, and match it with the first port on the right hand side: 9000 connects to http; 9001 connects to telnet; and 9002 connects to ftp.

zebedee was originally created to use with VNC (http://www.uk.research.att.com/vnc) over dialup connections. Indeed, the zebedee/VNC combination works well over the Internet for secure, remote maintainance of PCs at remote client sites. The online manual (http://www.winton.org.uk/zebedee/manual.html) has detailed information regarding VNC connections.

All of these connections are TCP/IP connections. If a UDP connection is needed, zebedee provides the -U option. The manual warns that UDP connections timeout if left idle, causing the appearance of poor performance. If you need UDP connections, check the man page for more details.

One caveat: If you don’t use the -T option to start your own server and another zebedee process is running, you’ll share that zebedee instance with the owner of that process. If that user quits zebedee, all active connections — even yours — are terminated. A simple way to avoid this problem is to start zebedee at boot time as root, and let all users connect to the system-wide instance, no -T needed.



John R. S. Mascio is a systems and network manager. He can be reached at mascio@ryu.com.

Comments are closed.