Ian Goldberg <iang@cs.berkeley.edu> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
In article <961002.235706.1R8.rnr.w165w@sendai.scytale.com>, Roy M. Silvernail <roy@scytale.com> wrote:
In list.cypherpunks, vax@linkdead.paranoia.com writes:
Anyone worked on, or know of a freely available, one of these beasts?
What threat model does this address? It'd be link encryption, where the best security is found in end-to-end encryption.
pppd doesn't necessarily run over a modem; you can "tunnel" it over another IP connection.
I have in fact done this very thing. Use ssh to (encrypted) log in to the ppp server, and start pppd at each end. It's been a while; I think I had to tweak something to make it work over a pty instead of a serial port.
Here's a little script for tunnelling SLIP over a ssh session on Linux: (sleep 2;\ /usr/local/bin/ssh -l username -e none remotehost</dev/ttyqe>&/dev/ttyqe)& (echo "port ptyqe";\ echo "wait ord: 15";\ echo "send secretpw\\n";\ echo "wait (shellprompt)> 60";\ echo "send slip\\n";\ echo get \$rmtip 192.168.0.1;\ echo get \$locip 192.168.0.2;\ echo "mode CSLIP";sleep 15)|/sbin/dip -tv PPP is a little more complicated; I found it's easier if you put the ssh on the pty instead of the tty side. You can't do this from a shell script, because the pty can only be opened once. This will take care of that: main(ac,av)int ac;char **av;{ int fd; fd=open("/dev/tty",O_RDWR); ioctl(fd,TIOCNOTTY); close(fd); fd=open("/dev/ptyqf",O_RDWR); if(fd<=0) exit(1); dup2(fd,0); dup2(fd,1); dup2(fd,2); execl("/usr/local/bin/ssh","ssh","-l","username","-e","none","-c","idea", "-t","remotehost","mesg n;/usr/sbin/ppp -direct mylink",(char *)0); exit(1); } Do remember that you can't route the ip addresses that you're tunneling inside the tunnel! So be sure to assign some alternate ip addresses to each end of the link. 192.168.x.x will work; those addresses aren't assigned to anyone. I used /dev/ttyqf for the tty, that is usually unused. If you have more than 30 users online then you'll need to increase it.