"racoon2" is a system to exchange and to install security parameters
for the IPsec.
Currently the system supports the following specification:
Internet Key Exchange (IKEv2) Protocol
draft-ietf-ipsec-ikev2-17.txt
Kerberized Internet Negotiation of Keys (KINK)
draft-ietf-kink-kink-06.txt
PF_KEY Key Management API, Version 2
RFC2367
The Internet Key Exchange (IKE)
RFC2409
The OATH Toolkit contains a shared library, command line tool
and a PAM module that makes it possible to build one-time
password authentication systems. Supported technologies include
the event-based HOTP algorithm and the time-based TOTP algorithm.
OATH is the Open AuTHentication organization which specify
the algorithms.
The components included in the package is:
- liboath: A shared and static C library for OATH handling.
- oathtool: A command line tool for generating and validating OTPs.
- pam_oath: A PAM module for pluggable login authentication for OATH.
OpenBSD's OpenSSH portable version
Normal OpenSSH development produces a very small, secure, and easy to maintain
version for the OpenBSD project. The OpenSSH Portability Team takes that pure
version and adds portability code so that OpenSSH can run on many other
operating systems (Unfortunately, in particular since OpenSSH does
authentication, it runs into a *lot* of differences between Unix operating
systems).
The portable OpenSSH follows development of the official version, but releases
are not synchronized. Portable releases are marked with a 'p' (e.g. 3.1p1).
The official OpenBSD source will never use the 'p' suffix, but will instead
increment the version number when they hit 'stable spots' in their development.
ssh-copy-id is a small script which copies your ssh public-key to a remote host;
appending it to your remote authorized_keys.
A small SSH Askpass replacement written with GTK2. Features fullscreen
dialog and translucent background.
SubWeb is a proxy/reverse proxy for HTTP flows. It is possible
with SubWeb to handle and visualize HTTP request, headers, body
on the fly.
It has three operating modes : proxy, reverse proxy, and midproxy
(a proxy which requires the pages from another proxy). It can
also act as a virtual web server, i.e. answer certain request
based on keyword match.
SubWeb can also allow filtering, and is highly customizable.
Sancp is a network security tool designed to collect
statistical information regarding network traffic, as
well as, collect the traffic itself in pcap format, all
for the purpose of: auditing, historical analysis, and
network activity discovery. Rules can be used to distinguish
normal from abnormal traffic and support tagging connections
with: rule id, node id, and status id. From an intrusion
detection standpoint, every connection is an event that must
be validated through some means. Sancp uses rules to identify,
record, and tag traffic of interest. 'Tagging' a connection
is a new feature since v1.4.0 Connections ('stats') can be
loaded into a database for further analysis.
This program implements a standard PGP Key Server, which can be assumed
to be in addition to the public key server at MIT.
Shishi is a free implementation of the Kerberos 5 network security system.
The goals of this project are:
* Full standards compliance.
* Thread safe library.
* Internationalization, both for client messages but also for non-ASCII
username and passwords.
* Integrate with existing password management systems (/etc/passwd, PAM,
SASL).
* Clean room implementation with clear copyright and license.
sig2dot can be used to generate a graph of all of the signature relationships
in a GPG/PGP keyring. It converts the output of "gpg --list-sigs" to a .dot
file, which is a graph definition that can be rendered by springgraph or
graphviz.