A.P. Lawrence

Best of the Newsgroups: secure printing ssh

If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):

From: Bob Rasmussen <ras@anzio.com>
Subject: Re: Encryption of printer files
Date: Sat, 24 May 2003 12:09:04 -0700 References: <nRHza.19690$io.358154@iad-read.news.verio.net>

On Sat, 24 May 2003, moncho wrote:

> OS 5.0.5 and OS 5.0.6
>
> With people moving from Telnet to SSH and ftp to Sftp along with other
> security measures, I was wondering what people are due to secure their print
> jobs from the server to the network attached printers?
>
> I cannot remember the name of the company or website, but someone is
> currently developing an encryption printer driver but only for MS products.
>
> Anyone out there investigated this and found something reliable?

You have hit on one of the under-mentioned aspects of security. I've been
watching and looking for solutions. So far:

1. Some of the HP JetDirect devices appear to have SSL support. I have not
determined what kind of host level support there is.

2. CUPS seems to have some encryption capability.

Unix and Linux Support

There are many links in the chain of security, as has been pointed out.
One of the links that we are addressing is the Internet link to a remote
printer. Suppose, for instance, you're running a medical billing service,
and clients are accessing your system over the Internet. Now you need to
print reports in their office. According to HIPAA, this needs to be
encrypted when it travels over the Internet, at least.

One solution, for character-based applications, is passthrough print,
through an SSH session. If I run AnzioWin (our SSH client) to a host
system, then do passthrough print through that session, the print data is
travelling on the same authenticated, encrypted channel as the screen
data. And regardless of what you may have heard in the past, passthrough
print can be made to work very well. The data is encrypted to the point of
the user's PC, where it can be sent to a directly-wired desktop printer,
or to a networked printer, in which case security analysis would be needed
on that link.

We are also working on a feature called "back channel printing", again in
an SSH connection. With this feature, the multiplexing nature of SSH is
used to create a back channel, using a different pty on the host system.
Printout can be routed to that pty (which can be soft-linked to a knowable
name), and it again travels over the authenticated, encrypted session. In
this approach, the print data positively can not mix with the screen data,
and the Unix spooler can be used if desired.

Finally, there is web-server based printing. Our Web Print Object (WePO)
allows precise printing in this environment. The WePO object actually
fetches the data to be printed from the server, and can use HTTPS to do
so, so data is encrypted. I believe that external means could be used to
authenticate (is this person authorized to view this data?), but we are
still experimenting with that.

More info on web site below.

Regards,
....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras@anzio.com
 company e-mail: rsi@anzio.com
          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
            fax: (US) 503-624-0760
            web: http://www.anzio.com

Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)

Lone-Tar Backup and Disaster Recovery
for Linux and Unix

/Bofcusm/2094.html copyright 1997-2004 (various authors) All Rights Reserved

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here