Forum

Secure Channel Brea...
 
Notifications
Clear all

Secure Channel Break Extension (for RS-232 Break)

0 Posts
2 Users
0 Reactions
267 Views
(@bruce)
Active Member
Joined: 21 years ago
Posts: 4
Topic starter  

Hello, my company is adding SSHv2 support to our product line and I've been asked to evaluate a variety of SSH client applications. One criteria is whether or not the client applications that I recommend will support sending a Break through the SSH secure channel. The Ctrl-Break key combination works for AbsoluteTelnet's Telnet, but apparently not for SSH.
As I understand it, there is no Internet Engineering Task Force (IETF) standard for supporting a Break through SSH. However, there was a draft RFC that recently expired that we've followed for implementation, and so far I've found two SSH clients that support it. For more information about the expired draft RFC (expired 2/17/04 for unknown reasons) please web search for "draft-ietf-secsh-break-01.txt".
If AbsoluteTelnet can support a Break through SSH, please tell me how. Or, if there are any plans to add this capability, please let me know so I won't eliminate AbsoluteTelnet from our list.

[size=1][ April 16, 2004, 12:23 AM: Message edited by: Brian T. Pence ][/size]


   
ReplyQuote
(@bpence)
Member Admin
Joined: 12 months ago
Posts: 1375
 

Bruce,

What is your company and what is the product you're developing? I wouldn't rule out implementing the break completely, but as it was never formalized as a standard and isn't even a working draft any more, the details of implementation could be subject to change. I've e-mailed the draft authors to get their opinion on this. I'll wait to comment further until I hear back from them.


   
ReplyQuote
(@bruce)
Active Member
Joined: 21 years ago
Posts: 4
Topic starter  

The company is Server Technology and we engineer, manufacture, and market a line of Sentry Remote Power Managers and Power Towers that provide in-cabinet power distribution, load measurement, Fail-Safe transfer switching and comprehensive remote outlet control, with some models being available with serial console port Pass-through. We've added SSL to our product and are days away from releasing the version with SSH. For power management purposes most of our users hit our units through HTTPS, but for those who utilize our serial Pass-through, they need to use Telnet or SSH, with most preferring the secure option. Server Technology was founded in 1984 and started with serial communication products way back in 1986. We've put much effort into making our products "Break-Safe" while not inhibiting intentional passing of a Break to the remote equipment. Although the solution outlined in "draft-ietf-secsh-break-01.txt" was never formalized as as standard and has expired, we have found several other competitor's products that do support the feature and have found two SSH clients so far that do as well (SecureCRT and PuTTY). I appreciate the quick reply and I'll check back daily for further replies once you've heard from the authors of the expired draft.


   
ReplyQuote
(@bpence)
Member Admin
Joined: 12 months ago
Posts: 1375
 

Bruce, I've contacted the guys who drafted the spec. They did not even realoze that it had expired. They are re-submitting it, so it should show up on the IETF site again eventually. Meanwhile, I *have* implemented the feature and you should be able to try it in the latest beta:

https://www.celestialsoftware.net/beta-testing

Let me know how it goes! Brian

This post was modified 6 months ago by bpence

   
ReplyQuote
(@bruce)
Active Member
Joined: 21 years ago
Posts: 4
Topic starter  

Hi Brian, I downloaded the Beta version and gave it a try, without success. I do get connected fine, but using the key combination of + causes an immediate disconnect. Should I be using some other key combination? I've opened our firewall to allow connections to one of our units. You can connect with either Telnet (port 23) or SSH2 (port 22) to the following

ipaddress: 64.42.31.204

Username: *

Password: *

You'll be logged-in and will be presented a Sentry prompt. Users, at this point, can issue commands to turn remote outlets on or off, and they can also Pass-Through to the asynchronous serial interface port of other remote equipment. To route the Pass-through connection to a device that will respond to a Break, issue the command: CONNECT 2 You'll be connected serially, but the device (a very, very old Sentry from 1992) will not respond until a Break is received. When a Break is received, the unit will display our old Power Control System screen. Just receiving this screen indicates a Break was successfully sent and received; you should do nothing other than disconnect the Pass-Through with the following key sequence: !*break Even if you don't receive the old power control screen, the above sequence will disconnect the Pass-Through session and return you to the Sentry prompt. If you login with AboluteTelnet's Telnet, you'll have success using the + sequence to send a Break and receive the old power control screen after the "CONNECT 2" was issued. With your new Beta version, using SSH2, the entire secure session is ended abrubtly when + is used. With the previous non-beta release, there was no effect whatsoever with SSH2 and the + key combination. So, something is happening with the Beta and a + from SSH2, but not quite the right thing. I am not a programmer, but if you have any questions please contact Server Technology's own Brian at (800) 835-1515 x231. He is our Software Director and the programmer implementing SSH2 into our product line. You can also ask for me at x211.

By the way, you can also use SSL to connect to the unit using "https://64.42.31.204", but the web interface only allows remote power control. Still, for fun, you ought to take a look. For more information on Sentry and Power Tower Remote Power Managers, go to https://www.servertech.com .

Regards, Bruce Auclair Technical Sales Engineer Server Technology, Inc.

P.S. I will convert my AbsoluteTelnet to a fully paid and licensed version soon. 

 

This post was modified 6 months ago 2 times by bpence

   
ReplyQuote
(@bpence)
Member Admin
Joined: 12 months ago
Posts: 1375
 

Thanks for the update, Bruce. I'll take a look at it tonight.

As I don't have any other server that implements the break detection to test against, there was no way for me to test this new feature in the beta. I'll get it ironed out tonight.

I'm suspecting that your server is responding to the break sequence in some unexpected way, causing the connection to terminate. I'll know more when I'm able to throw it into the debugger.

BTW, I'm going to edit the username and password you posted in the previous message. Just to keep out prying eyes.

Brian


   
ReplyQuote
(@bpence)
Member Admin
Joined: 12 months ago
Posts: 1375
 

Ok, I've got it this time.

Same link.

Brian


   
ReplyQuote
(@bruce)
Active Member
Joined: 21 years ago
Posts: 4
Topic starter  

Looks great! The Break extension works now. I'll be sure to include AbsoluteTelnet in our product manuals and brochures as a recommended and tested SSH2 client. How long until you release this feature into the standard non-Beta version of AbsoluteTelnet?

-Thanks a bunch. Your expertise and support have been phenomenal! I'll register today.


   
ReplyQuote
(@bpence)
Member Admin
Joined: 12 months ago
Posts: 1375
 

No problem, Bruce!!

Glad I could do it. Send me a brochure when you get them printed up!


   
ReplyQuote
Share: