TLS Shell
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
debian
doc
src
test
.gitignore
HACKING
INSTALL
LICENSE
Makefile.am
README
TODO
acinclude.m4
bootstrap.sh
configure.ac

README

tlssh/README

  By Thomas Habets <thomas@habets.se> 2010-2012


What is it?
-----------
It's like SSH but based on TLS. And you only log in using client
certificates, never usernames or passwords.


Why?
----
I often find that OpenSSH is too big, has too many features that can
subvert security. Yet it doesn't have the features that I want.

I wanted a minimal crypto layer on top of the SSL crypto model.


Compared to OpenSSH
-------------------
Pros:
* TCP-MD5
* Write contents of local file as if I typed it (not done yet, but
  OpenSSH don't want it)
* xmodem file xfer (not done yet)
* TLS is the only manner of authentication = only thing security
  depends on (besides kernel, firmware and hardware that are all out of scope)
* CA model. Server can have VeriSign signed server cert.
* Expiring & revoking keys (OpenSSH certificates have this now)
* Can store private keys in TPM.

Cons:
* Less portable
* Less tested
* Less audited
* Fewer features (channels, etc). This is on purpose.
* Requires CA
* SSL data structs are pure madness, odds of OpenSSL being perfect
  when parsing them is less than 100%


Where can I get it?
-------------------
http://github.com/ThomasHabets/tlssh
git clone git://github.com/ThomasHabets/tlssh.git


Installing
----------
See INSTALL file.


Notes
-----
* Support for TCP MD5 in Linux is always on since 2.6.27
* Cacert.org Class 1 CRL: http://crl.cacert.org/revoke.crl
* Telnet protocol RFC: http://www.faqs.org/rfcs/rfc854.html


--------------------------------------------------------------------------
Send questions/suggestions/patches/rants/0days to synscan@googlegroups.com