VOGONS


First post, by fragmentfi

User metadata
Rank Newbie
Rank
Newbie

The original SSH2DOS was last updated in 2006 and the protocols and ciphers it uses are outdated and basically it does not work anymore. I've patched the program to be up to date (as of 2021).

The old programs can be still used if the ssh server configuration is changed to allow using less secure connection methods. The patched ones have been tested with the latest Ubuntu (20.04.2 LTS) release and needs to changes to ssh server configuration.

Old protocols and ciphers have been replaced as follows:
diffie-hellman-group1-sha1 -> diffie-hellman-group14-sha256
aes128-cbc -> aes128-ctr
hmac-sha1 -> hmac-sha2-256

I have only tested ssh and scp clients with password authentication. Key based authentication is most likely broken and needs some more work. Other changes to the program are minimal, the goal was just to get it working again with minimum effort.

I'm open for comments, bug reports and improvement ideas!

Source and binaries are available on GitHub:
https://github.com/AnttiTakala/SSH2DOS/

Reply 3 of 14, by mr.cat

User metadata
Rank Member
Rank
Member

Tervehdys Antti 😁

I'm not a DOS user but got curious: What are these DOS versions using as an entropy source?
There is no /dev/random for DOS is there? I know in some other systems there are separate entropy daemons used, and they need to be configured by the user.

Reply 4 of 14, by fragmentfi

User metadata
Rank Newbie
Rank
Newbie

Good question. The original implementation only uses rand() for randomness so it really isn't cryptographically secure at all. This could be addressed in the future but I wouldn't be surprised if the implementation has other potential security issues. On the other hand I would not use DOS based systems or programs for anything serious anyway 😁

Reply 5 of 14, by mr.cat

User metadata
Rank Member
Rank
Member

Thanks, that's pretty much what I suspected. You're right it's more of a convenience to provide connectivity to modern machines, not really for security.
Hopefully the potential users are aware of that.

Anyways, nice to see that even the humble ole DOS hasn't been left behind 😁

Reply 7 of 14, by fragmentfi

User metadata
Rank Newbie
Rank
Newbie

There is now a release package on GitHub for the initial release.

Something to note: the non-386 versions are slow. The process between starting the program and prompting for a password takes 11 seconds on my 266MHz Pentium II when connecting to a machine in the same network. For the 386 version it takes only about one second. As I currently only have Pentium class DOS machines, I'd be interested hearing some feedback and test results from slower machines.

Reply 8 of 14, by keenmaster486

User metadata
Rank l33t
Rank
l33t
fragmentfi wrote on 2021-04-15, 16:38:

There is now a release package on GitHub for the initial release.

Something to note: the non-386 versions are slow. The process between starting the program and prompting for a password takes 11 seconds on my 266MHz Pentium II when connecting to a machine in the same network. For the 386 version it takes only about one second. As I currently only have Pentium class DOS machines, I'd be interested hearing some feedback and test results from slower machines.

I can attempt this later today on my 286.

I flermmed the plootash just like you asked.
World's foremost 486 enjoyer.

Reply 9 of 14, by Stiletto

User metadata
Rank l33t++
Rank
l33t++
fragmentfi wrote on 2021-04-15, 10:21:

Good question. The original implementation only uses rand() for randomness so it really isn't cryptographically secure at all. This could be addressed in the future but I wouldn't be surprised if the implementation has other potential security issues. On the other hand I would not use DOS based systems or programs for anything serious anyway 😁

Time for the return of the lava lamp entropy generator? 😁

"I see a little silhouette-o of a man, Scaramouche, Scaramouche, will you
do the Fandango!" - Queen

Stiletto

Reply 11 of 14, by keenmaster486

User metadata
Rank l33t
Rank
l33t
fragmentfi wrote on 2021-04-15, 16:38:

There is now a release package on GitHub for the initial release.

Something to note: the non-386 versions are slow. The process between starting the program and prompting for a password takes 11 seconds on my 266MHz Pentium II when connecting to a machine in the same network. For the 386 version it takes only about one second. As I currently only have Pentium class DOS machines, I'd be interested hearing some feedback and test results from slower machines.

So I tried this, and after waiting several minutes, it never did give me the password prompt. Not sure if it ever would have if I had simply continued waiting. Either way it is just too slow to be usable.

I flermmed the plootash just like you asked.
World's foremost 486 enjoyer.

Reply 12 of 14, by fragmentfi

User metadata
Rank Newbie
Rank
Newbie

Thanks for testing. I haven't had any time to work on this recently but my plan is to add a faster (but way less secure) method as an option. Also I now have a 33MHz 486 setup to test with.

Reply 13 of 14, by HandOfFate

User metadata
Rank Member
Rank
Member

Thanks for updating the client fragmentfi!

I usually start a FTP server for incidental file transfers but using SSH will be much more convenient.

Stiletto wrote on 2021-04-19, 05:59:
fragmentfi wrote on 2021-04-15, 10:21:

Good question. The original implementation only uses rand() for randomness so it really isn't cryptographically secure at all. This could be addressed in the future but I wouldn't be surprised if the implementation has other potential security issues. On the other hand I would not use DOS based systems or programs for anything serious anyway 😁

Time for the return of the lava lamp entropy generator? 😁

Or input noise from poorly shielded microphone inputs 😜 (although I believe reading that fans and other repeating things nearby also make such noise somewhat predictable)

Am486 DX4 120MHz, no L2, 16MB, Tseng ET4000/W32 1MB VLB, ESS ES1869 /// 5x86 133MHz, 256kb L2, 64MB, S3 Virge/DX 4MB PCI, SB16 + Yucatan FX /// Pentium III 1GHz, 512MB, Asus V7700 64MB AGP, SB Live!