Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Encrypt traffic between Solaris 8 hosts
Top Forums UNIX for Advanced & Expert Users Encrypt traffic between Solaris 8 hosts Post 62993 by blp001 on Tuesday 22nd of February 2005 06:09:36 AM
Old 02-22-2005
Encrypt traffic between Solaris 8 hosts
I have two Solaris 8 hosts that send data to one another throughout the day. It is a legacy system and the programs used are rdist, rcp and ftp. I have been asked to ensure that the data transferred is encrypted beween the two hosts.

My first thought was to replace these commands with ssh. However there are approximately 50 scripts and assorted programs that will need changing. Next I thought of the old Sun Skip program that will encrypt all traffic between the two hosts not matter what protocol is used. The problem with using Skip is that it is not supported on Solaris 9 or 10 so I do not have a long term solution.

Has anyone set up encryption between two Solaris hosts that encryts traffic no matter what the protocol?

Regards,
blp001
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

remote hosts access problem on solaris

hey guys, i am on a box named pluto and i need to be able to log into another box named genesis. i need to be able to ssh into genesis as root and not get asked for the password. what file do i need to edit on genesis to make this happen? i searched for the .rhosts file it doesn't seem to exist.... (1 Reply)
Discussion started by: Terrible
1 Replies

2. Solaris

Multiple Hosts on Solaris CDE window

I forgot how to configure multiple host servers on the my CDE windows in Solaris. I'll appreciate any help Thanks, Remi (2 Replies)
Discussion started by: Remi
2 Replies

3. UNIX for Dummies Questions & Answers

Traffic count in Solaris

Hello, Iam looking for a solution to keep track on my traffic usuage, monthly usuage. Anybody could recommend anything? /empty (2 Replies)
Discussion started by: empty
2 Replies

4. Red Hat

SSH broke and network traffic / talking issue between hosts and server

Ok Time warner cable / voip modem feeding Cisco PIX 501 Wan port from PIX 501 LAN port to WAN port on Linksys wrt54GL wireless router. so -->Modem-->PIX 501-->WRT54GL-->Linux Server, wireless desktop, wireless laptop (2), Wireless MAC Pro, Wireless Apple TV, Wireless printer. my... (0 Replies)
Discussion started by: tedeansiii
0 Replies

5. Solaris

Solaris 10 encrypt command: can't use heredocs

I'm trying to use the Solaris 10 "encrypt" command in a script. I want to encrypt a file called "database", but not using a keyfile, instead using a keyphrase. Running this from the cli requests the user to input "Enter key:" which is fair enough but I want to run this from a script. I've tried... (1 Reply)
Discussion started by: fixit9660
1 Replies

6. Solaris

[Solaris 10] /etc/hosts.allow

Hi, I am trying to find a Solaris 10 alternative to the HPUX inetd.sec functionality. I want to grant access to one service for one IP address only. # grep fme2eall /etc/services fme2eall 35000/tcp # svcs -a | grep fme2eall online Mar_09 ... (2 Replies)
Discussion started by: ejdv
2 Replies

7. Solaris

/etc/hosts.allow on Solaris 10

I added some entries in the /etc/hosts.allow on a Solaris 10 system. Do I need to bounce inetd? I have read some accounts where any changes made to the /etc/hosts.allow will be taken in automatically. And other accounts where you need to run: svcadm refresh inetd My... (1 Reply)
Discussion started by: snoman1
1 Replies

8. Solaris

Solaris Question - How to find outgoing traffic on UDP ports

Hello All, I am trying find a command that would show me the stats of outgoing traffic on UPD ports on a Solaris 10 box. I would appreciate if anybody could help me out on this. Thank you much!!! Best Regards Sudharma. (7 Replies)
Discussion started by: sudharma
7 Replies

9. Solaris

HBA data traffic monitor in Solaris 10.

Hi All We have T4-4 Server with 2 HBA configured for SAN connectivity. We want to monitor Data traffice going through these HBA. On other AIX system we have that capability with nmon. Following screen shows nmon HBA monitoring can we achieve same in Solaris 10. ... (1 Reply)
Discussion started by: uxravi
1 Replies

10. Proxy Server

IPtable rules for DNS/http/https traffic for specific hosts only, not working.

Hi there, I have a VPS and am working on a little side project for myself and friend which is a DNS proxy. Everything was great till recently. My VPS IP has been detected by some botnet or something, and I believe SMURF attacks are occuring. The VPS provider keeps shutting down my VPS... (3 Replies)
Discussion started by: phi0x
3 Replies

LEARN ABOUT DEBIAN

scp

SCP(1)							    BSD General Commands Manual 						    SCP(1)

NAME

     scp -- secure copy (remote file copy program)

SYNOPSIS

     scp [-12346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] [-l limit] [-o ssh_option] [-P port] [-S program] [[user@]host1:]file1 ...
	 [[user@]host2:]file2

DESCRIPTION

     scp copies files between hosts on a network.  It uses ssh(1) for data transfer, and uses the same authentication and provides the same secu-
     rity as ssh(1).  Unlike rcp(1), scp will ask for passwords or passphrases if they are needed for authentication.

     File names may contain a user and host specification to indicate that the file is to be copied to/from that host.	Local file names can be
     made explicit using absolute or relative pathnames to avoid scp treating file names containing ':' as host specifiers.  Copies between two
     remote hosts are also permitted.

     The options are as follows:

     -1      Forces scp to use protocol 1.

     -2      Forces scp to use protocol 2.

     -3      Copies between two remote hosts are transferred through the local host.  Without this option the data is copied directly between the
	     two remote hosts.	Note that this option disables the progress meter.

     -4      Forces scp to use IPv4 addresses only.

     -6      Forces scp to use IPv6 addresses only.

     -B      Selects batch mode (prevents asking for passwords or passphrases).

     -C      Compression enable.  Passes the -C flag to ssh(1) to enable compression.

     -c cipher
	     Selects the cipher to use for encrypting the data transfer.  This option is directly passed to ssh(1).

     -F ssh_config
	     Specifies an alternative per-user configuration file for ssh.  This option is directly passed to ssh(1).

     -i identity_file
	     Selects the file from which the identity (private key) for public key authentication is read.  This option is directly passed to
	     ssh(1).

     -l limit
	     Limits the used bandwidth, specified in Kbit/s.

     -o ssh_option
	     Can be used to pass options to ssh in the format used in ssh_config(5).  This is useful for specifying options for which there is no
	     separate scp command-line flag.  For full details of the options listed below, and their possible values, see ssh_config(5).

		   AddressFamily
		   BatchMode
		   BindAddress
		   ChallengeResponseAuthentication
		   CheckHostIP
		   Cipher
		   Ciphers
		   Compression
		   CompressionLevel
		   ConnectionAttempts
		   ConnectTimeout
		   ControlMaster
		   ControlPath
		   ControlPersist
		   GlobalKnownHostsFile
		   GSSAPIAuthentication
		   GSSAPIDelegateCredentials
		   HashKnownHosts
		   Host
		   HostbasedAuthentication
		   HostKeyAlgorithms
		   HostKeyAlias
		   HostName
		   IdentityFile
		   IdentitiesOnly
		   IPQoS
		   KbdInteractiveAuthentication
		   KbdInteractiveDevices
		   KexAlgorithms
		   LogLevel
		   MACs
		   NoHostAuthenticationForLocalhost
		   NumberOfPasswordPrompts
		   PasswordAuthentication
		   PKCS11Provider
		   Port
		   PreferredAuthentications
		   Protocol
		   ProxyCommand
		   PubkeyAuthentication
		   RekeyLimit
		   RhostsRSAAuthentication
		   RSAAuthentication
		   SendEnv
		   ServerAliveInterval
		   ServerAliveCountMax
		   StrictHostKeyChecking
		   TCPKeepAlive
		   UsePrivilegedPort
		   User
		   UserKnownHostsFile
		   VerifyHostKeyDNS

     -P port
	     Specifies the port to connect to on the remote host.  Note that this option is written with a capital 'P', because -p is already
	     reserved for preserving the times and modes of the file in rcp(1).

     -p      Preserves modification times, access times, and modes from the original file.

     -q      Quiet mode: disables the progress meter as well as warning and diagnostic messages from ssh(1).

     -r      Recursively copy entire directories.  Note that scp follows symbolic links encountered in the tree traversal.

     -S program
	     Name of program to use for the encrypted connection.  The program must understand ssh(1) options.

     -v      Verbose mode.  Causes scp and ssh(1) to print debugging messages about their progress.  This is helpful in debugging connection,
	     authentication, and configuration problems.

EXIT STATUS

     The scp utility exits 0 on success, and >0 if an error occurs.

SEE ALSO

     rcp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY

     scp is based on the rcp(1) program in BSD source code from the Regents of the University of California.

AUTHORS

     Timo Rinne <tri@iki.fi>
     Tatu Ylonen <ylo@cs.hut.fi>

BSD
								 September 5, 2011							       BSD
All times are GMT -4. The time now is 04:27 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy