Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
I'd be interested in your feedback on the following question...
Windows CE supports a Telnet server (SYSGEN_TELNETD) which can be password protected, the only problem with Telnet is that the username and password are sent as clear text, so Telnet isn't secure (anything that requires clear text username and password isn't secure).
If you're building/developing a device then Telnet could be useful during the development/debugging phase - John Spaith (blogs on the CE networking blog) talked about configuring Telnet on a development platform and how to disable authentication (if you're in the corporate network, and developing/debugging a system then why would you need authentication on the system?).
So, here's the question...
If you have a shipping/retail (not debug) device out in the field would you want to be able to secure remote shell (like SSH) into the device? - and if so, what would you use the shell for?
End users could use the Remote Administration (SYSGEN_REMOTECONFIG_FRAMEWORK) UI which is exposed through the HTTP Web Server (SYSGEN_HTTPD) [why do the Telnet and Web Server components have a 'D' on the end of the SYSGEN variable?] - the framework is extensible, so you could add your own remote config pages onto the framework (Chris Gray did an excellent job on the framework!).
So, let me know your thoughts on having a secure remote shell on Windows CE...
- Mike
- Anonymous
December 31, 2005
Mike, Happy New Year! Regarding the 'D' at the end of httpd and telnetd -- this is a holdover from UNIX times. Background processes or services were called daemons, so HTTPD = HyperText Transfer Protocol Daemon, and TelnetD = Telnet Daemon, which stayed around doing their own specific jobs. Of course, in Windows they're typically called services now. I would imagine keeping the D in SYSGEN or other internals would be useful because SYSGEN_HTTP without a D might indicate that it should include the HTTP protocol itself, but SYSGEN_HTTPD disambiguates the HTTP server. Entymology of the word Daemon: http://en.wikipedia.org/wiki/Daemon_%28computer_software%29
Hope this helps! - Anonymous
January 01, 2006
Happy New Year Joshua (and everyone else!) - ah, yes, HTTP'D'aemon, Duh! I should have figured that out. Thanks for pointing that out, it's been bugging me for a while <g>
- Mike - Anonymous
January 01, 2006
The comment has been removed - Anonymous
January 01, 2006
What Sean said. The real good about ssh is tunneling, the actual "shell" part is just a glorified telnet. So either an ssh server, or, much better, a VPN server, possibly one that requires a single port open and runs at the application layer (like OpenVPN and unlike PPTP). And a pony - Anonymous
January 01, 2006
I'd be very happy to have SSH. So, we could safely start/stop some services, ftp for instance, that usually aren't running.
Also, we could run some apps for certain tasks (eg, maintenance) that aren't exposed thru standard interfaces. - Anonymous
January 04, 2006
No one is going to be upset to have SSH as an option. Anyone with a use for telnet would have those same uses for SSH, and would appreciate the additional security. One option which may be less work to implement, though less supported by standard terminal clients, is Telnet + SSL. - Anonymous
January 05, 2006
I'm currently evaluating WinCE for use in our future products. SSH would definitely be beneficial to us.
Our current devices offer an AT command prompt on the serial port (i.e. similar to a standard modem) which users can use to configure their device and can get debugging information from the unit. Obviously with SSH, we could then safely provide this AT mechanism remotely. The tunneling aspect of SSH could also be of use to us. - Anonymous
January 10, 2006
Hey Mike - great to see you at CES.
To answer your question - I'm working with a bunch of Retail customers, some of whom are using CE 4.2/5.0. In those scenarios, the folks providing support are using SSH in all the other technologies other then CE. For them, a SSH implemtation on CE would be beneficial from a support and learning experience.