; This file contains an overview of the design of tiptunnel, which allows users ; secure access to serial console lines, directly from their desktop machine ; crb, june 5 2002 Tip-without-ops: Joe User has downloaded and installed "tiptunnel," telling it his favorite telnet client and associating it with files of type "text/testbed-acl" in his web browser. There is a Windows binary (and a FreeBSD binary?), as well as unix/windows source, available for download, with adequate disclaimers all over it. Joe User logs into his experiment, and opens up a "detail view" on a node assigned to his experiment. A link on the page offers "Connect to serial line." When he clicks on the link, the server sends a file of MIME type "text/testbed-acl". This launches tiptunnel on his machine. The file contains a server name, a port number, a key, and a certificate's SHA-hash. Tiptunnel connects, via TCP/IP, to the server/port specified in the ACL file. It is now talking to Capture. Capture, upon accepting a TCP/IP connection, wants a secret key before it allows a client access to the serial line. Tiptunnel sends "WANTSSL" as the secret key, and both initialize an OpenSSL connection. Capture uses $TB/etc/capture.pem as its certificate, unless a different certificate was specified on its command line. Tiptunnel looks at the certificate given by Capture, and SHA-hashes it, verifying that it matches the hash in the ACL file. If it does not, the user is warned of a possible man-in-the-middle attack, and tiptunnel closes. If the hash does indeed match, the key is sent over SSL. If the key is accepted by Capture, the connection begins. Tiptunnel then forks. The parent starts listening on a local port for a TCP/IP connection. A single connection (from localhost only) will be accepted, and traffic to/from that port will be tunnelled through the SSL connection. Upon accepting a connection, special telnet commands will be sent to the client, turning off line-at-a-time and local echo. When the connection closes, this process will exit. The child execs the telnet program chosen by the user, telling it to connect to localhost: (the tiptunnel). Joe User is now able to talk to his node's serial line. When Joe User exits, the connection is dropped, and all processes exit.