Security and trust have always been big issues to me. I still remember my early days on the Internet. My ISP had 33.6 modems and no load balancing. Many of the customers had comparable modems but little old me had only a 14.4; consequently, I had somewhat reduced bandwidth. I was thrilled when I discovered that sending a ping flood to a certain port on the Win95 machines resulted in my having an "improved" Internet experience.
One day I realized that I might want to chat with my buddies, coworkers, and fellow conspirators securely without depending on 3rd party commercial utilities. Maybe there were firewalls that I needed to get through where server security was at a premium. I wanted to discuss the issues of the day with a small group of like-minded people with little system overhead using standard Unix utilities.
I settled on two pieces of technology: YTalk and SSH.
Under normal conditions, when everybody trusts everybody else, YTalk, talk, ntalk, et cetera will work without any problems. Alas, I found the real world a little more difficult and disappointing. It turned out my buddies couldn't reach me because of firewalls. Either their firewall rules would block the UDP connection or my firewall rules would stop it. Then there was the issue of corporate firewalls and even the ISP who sometimes played the big brother by blocking certain ports for the protection of our Windows brethren. Rather than taking the time to reset my firewall to better rules and hoping my buddies could take the same effort for theirs, I opted for another approach: remote logging with SSH and using guest accounts expressly setup for the purpose.
YTalk is a multi-user chat program that has been around on the Unix systems for a number of years now. Its strength lies in its ability to interface with both talk and ntalk, Unix-based daemons permitting more that two parties to talk at the same time.
Here is the ytalk command:
ytalk [-x] [-s] [-Y] [-i] [-h hostname_or_ip] username...It accepts multiple usernames. They can take many forms:
| name format | explanation |
|---|---|
name | some user on your machine |
name@host | some user on a different machine |
name#tty | some user on a particular terminal |
name#tty@host | some user on a particular tty on a different machine |
name@host#tty | same as name#tty@host |
aliasname | an alias defined in your .ytalkrc |
SSH, the secure shell, is the standard method to do remote logins by applying encryption so that third parties can't see or manipulate your activities.
|
Related Reading 
SSH, The Secure Shell: The Definitive Guide |
Both YTalk and SSH have both what are called servers and clients. You must use a client to contact a specific resident program, or server, on another machine. Once you, the client, are in communication with the server you can then communicate with other users.
As there's more than one way to skin a cat, so too are there many ways of secure communication with YTalk and SSH.
Here's how I went about to make all the fun stuff happen:
I started off with the simplest implementation i.e. just getting
online with a tty console. The advantage here is that all you
really need to make this work is an SSH client and an existing account on
the talk server. This is great for people on non-Unix platforms.
Assume the following:
www.munchies.org.salt.vinegar.Type the following:
ssh -l salt@www.munchies.orgThe server responds by asking for a password. After typing it in, voila, you're logged in over an encrypted tunnel.
Now type
ytalk -x vinegar@ www.munchies.org. The x option is used to disable X11 interface. My
personal preference is working with consoles in the X11 environment. We'll
look at the other available configuration options later. If all goes well
then this is what you will see:
-----------= YTalk version 3.1.1 =----------
[Waiting for connection...] This is what vinegar should see on his console:
Message from Talk_Daemon@www.munchies.org at 10:50 ...
talk: connection requested by salt@www.munchies.org.
talk: respond with: talk salt@www.munchies.org. If he types ytalk -x salt@www.munchies.org., he should
see:
----------= YTalk version 3.1.1 =----------
----------= vinegar@www.munchies.org =---------- Now vinegar will see a similar screen. The positions will be
reversed, though:
----------= YTalk version 3.1.1 =----------
----------= salt@www.munchies.org =---------- salt and vinegar can now talk to their hearts'
delight. To end the link, just press Ctrl-C to return to the
prompt.
|
YTalk can become quite cool when its options are used properly. Press
Escape for a menu:
###########################
# Main Menu
#
#a: add a user
#d: delete a user
#k: kill all unconnected
#o: options
#s: shell
#u: user list
#w: output user to file
#q: quit
###########################I won't repeat details that can be found in the man pages. The menu allows you to know who's on the talk server, react to new users, reply to talk requests, connect and disconnect, as well as output everything to a file.
Suppose salt@www.munchies.org and
vinegar@www.munchies.org are chatting away. Suddenly
ketchup wants to join in and talk to
vinegar. Here's what vinegar will see:
----------= YTalk version 3.1.1 =----------
######################################
# Talk to ketchup@www.munchies.org? #
######################################
----------= salt@www.munchies.org =---------- All vinegar has to do is type y for yes. He will now see:
----------= YTalk version 3.1.1 =----------
----------= salt@www.munchies.org =----------
----------= ketchup@www.munchies.org =---------- If salt@www.munchies.org wants to talk to
ketchup@www.munchies.org, all he has to do is to select
a: add a user from the YTalk main menu. He will see:
###########################
# Main Menu
#
# a: add a user
######################################
# Add Which User?
# >
#######################################
# u: user list
# w: output user to file
# q: quit
########################### All salt has to do is type ketchup to add
him to the conversation. Deleting a user is just as simple.
.ytalkrc There are a number of useful options that give power and flexibility
to YTalk, but let's stick to the basics for the sake of brevity and
simplicity. Options may be set in the .ytalkrc file located
in your home directory. Otherwise, the system wide defaults are in
/usr/local/etc/ytalkrc. Here a typical
.ytalkrc:
################
# a user's window will scroll when he reaches the bottom
# instead of wrapping back around to the top.
turn scrolling on
# re-ring any user who does not respond to your
# invitation within 30 seconds.
turn rering on
# re-rings a user without asking permission.
turn prompt-rering off
# any word which would overextend the right margin will
# be automatically moved to the next line on your screen.
turn word-wrap on
# will add these users to your session
# automatically, without asking you for verification.
turn auto-import on
# will automatically accept any connection
# requested by another user and add
# them to your session. You will not be asked for verification.
turn auto-invite on
#################Remember to look at the man page for further referencing.
One of the unfortunate aspects of your garden variety chat lines and
instant messaging systems is the inability to navigate up or down one or
more lines to retype a letter, word or phrase, much less copy and paste
something you may have said 10 minutes earlier. You are condemned to
retype. However, if salt@www.munchies.org were to use the
shell command and activate vi (or, my preference,
vim), he would have the control and versatility of this
powerful editor within YTalk. For the truly enterprising, you can't go
wrong using emacs; just think of all those horizontal and
vertical screens you can generate.
Most of my explorations were involved figuring out YTalk but there was a lot I could have done with SSH. We could have set up public key authentication, for example, but remember it is only available on SSH protocol version 2. A simple SSH contact would have resulted in an immediate login without typing a password. This is great for the typing handicapped among us.
Simplifying and securing the login process can be further enhanced by
restricting the login profile and default account shell--bash
in my case. Everybody can use the same account and when YTalk is
automatically invoked in the script it will look for certain terminals to
log into.
Are there limitations? YTalk works best when there are no more than 3
users. Why? Terminal size: the more people log in, the less space each
user receives. Are there nifty features that could be incorporated? The
X version of YTalk, although primitive, is going in the right direction.
Wouldn't it be great if somebody could look at the code and incorporate
X11 forwarding so as to allow graphical utilities to be tunneled through
it, say, xpaint? Now that I think of it SSH already has X11
port forwarding...
Robert Bernier is the PostgreSQL business intelligence analyst for SRA America, a subsidiary of Software Research America (SRA).
Return to the Linux DevCenter.
Copyright © 2009 O'Reilly Media, Inc.