Linux DevCenter    
 Published on Linux DevCenter (http://www.linuxdevcenter.com/)
 See this if you're having trouble printing code examples


Secure Chat with YTalk and SSH

by Robert Bernier
02/13/2003

Security and trust have always been big issues to me. I still remember my early days on the Internet. My ISP had 33.6 modems and no load balancing. Many of the customers had comparable modems but little old me had only a 14.4; consequently, I had somewhat reduced bandwidth. I was thrilled when I discovered that sending a ping flood to a certain port on the Win95 machines resulted in my having an "improved" Internet experience.

One day I realized that I might want to chat with my buddies, coworkers, and fellow conspirators securely without depending on 3rd party commercial utilities. Maybe there were firewalls that I needed to get through where server security was at a premium. I wanted to discuss the issues of the day with a small group of like-minded people with little system overhead using standard Unix utilities.

I settled on two pieces of technology: YTalk and SSH.

Under normal conditions, when everybody trusts everybody else, YTalk, talk, ntalk, et cetera will work without any problems. Alas, I found the real world a little more difficult and disappointing. It turned out my buddies couldn't reach me because of firewalls. Either their firewall rules would block the UDP connection or my firewall rules would stop it. Then there was the issue of corporate firewalls and even the ISP who sometimes played the big brother by blocking certain ports for the protection of our Windows brethren. Rather than taking the time to reset my firewall to better rules and hoping my buddies could take the same effort for theirs, I opted for another approach: remote logging with SSH and using guest accounts expressly setup for the purpose.

YTalk is a multi-user chat program that has been around on the Unix systems for a number of years now. Its strength lies in its ability to interface with both talk and ntalk, Unix-based daemons permitting more that two parties to talk at the same time.

Here is the ytalk command:

ytalk [-x] [-s] [-Y] [-i] [-h hostname_or_ip] username...

It accepts multiple usernames. They can take many forms:

name formatexplanation
namesome user on your machine
name@hostsome user on a different machine
name#ttysome user on a particular terminal
name#tty@hostsome user on a particular tty on a different machine
name@host#ttysame as name#tty@host
aliasnamean alias defined in your .ytalkrc

SSH, the secure shell, is the standard method to do remote logins by applying encryption so that third parties can't see or manipulate your activities.

Related Reading

SSH, The Secure Shell: The Definitive Guide
By Daniel J. Barrett, Richard E. Silverman

Both YTalk and SSH have both what are called servers and clients. You must use a client to contact a specific resident program, or server, on another machine. Once you, the client, are in communication with the server you can then communicate with other users.

As there's more than one way to skin a cat, so too are there many ways of secure communication with YTalk and SSH.

Here's how I went about to make all the fun stuff happen:

Getting It to Work

I started off with the simplest implementation i.e. just getting online with a tty console. The advantage here is that all you really need to make this work is an SSH client and an existing account on the talk server. This is great for people on non-Unix platforms.

Assume the following:

Type the following:

ssh -l salt@www.munchies.org

The server responds by asking for a password. After typing it in, voila, you're logged in over an encrypted tunnel.

Now type

ytalk -x vinegar@ www.munchies.org.

The x option is used to disable X11 interface. My personal preference is working with consoles in the X11 environment. We'll look at the other available configuration options later. If all goes well then this is what you will see:

-----------= YTalk version 3.1.1 =----------
[Waiting for connection...]

This is what vinegar should see on his console:

Message from Talk_Daemon@www.munchies.org at 10:50 ...
talk: connection requested by salt@www.munchies.org.
talk: respond with:  talk salt@www.munchies.org.

If he types ytalk -x salt@www.munchies.org., he should see:

----------= YTalk version 3.1.1 =---------- 

----------= vinegar@www.munchies.org =----------

Now vinegar will see a similar screen. The positions will be reversed, though:

----------= YTalk version 3.1.1 =----------


----------= salt@www.munchies.org =----------

salt and vinegar can now talk to their hearts' delight. To end the link, just press Ctrl-C to return to the prompt.

Exploiting the Full Power of YTalk While Online

YTalk can become quite cool when its options are used properly. Press Escape for a menu:

###########################
#        Main Menu
#
#a: add a user
#d: delete a user
#k: kill all unconnected
#o: options
#s: shell
#u: user list
#w: output user to file
#q: quit
###########################

I won't repeat details that can be found in the man pages. The menu allows you to know who's on the talk server, react to new users, reply to talk requests, connect and disconnect, as well as output everything to a file.

Suppose salt@www.munchies.org and vinegar@www.munchies.org are chatting away. Suddenly ketchup wants to join in and talk to vinegar. Here's what vinegar will see:

----------= YTalk version 3.1.1 =----------

       ######################################
       # Talk to ketchup@www.munchies.org?  #
       ######################################

----------= salt@www.munchies.org =----------

All vinegar has to do is type y for yes. He will now see:

----------= YTalk version 3.1.1 =----------


----------= salt@www.munchies.org =----------


----------= ketchup@www.munchies.org =----------

If salt@www.munchies.org wants to talk to ketchup@www.munchies.org, all he has to do is to select a: add a user from the YTalk main menu. He will see:

###########################
#        Main Menu        
#                         
# a: add a user           
######################################
# Add Which User?                                       
# >                                                   
#######################################
# u: user list            
# w: output user to file  
# q: quit                 
###########################

All salt has to do is type ketchup to add him to the conversation. Deleting a user is just as simple.

Setting Options Before Going Online with .ytalkrc

There are a number of useful options that give power and flexibility to YTalk, but let's stick to the basics for the sake of brevity and simplicity. Options may be set in the .ytalkrc file located in your home directory. Otherwise, the system wide defaults are in /usr/local/etc/ytalkrc. Here a typical .ytalkrc:

################
#  a user's window will scroll when he reaches the bottom 
#  instead of wrapping back around to the top.
turn scrolling on

# re-ring any user who does not respond to your
# invitation within 30 seconds.
turn rering on

# re-rings a user without asking permission.
turn prompt-rering off

# any word which would overextend the right margin will
# be automatically moved to the next line on your screen.
turn word-wrap on

# will add these users to your session 
# automatically, without asking you for verification.
turn auto-import on

# will automatically accept any connection
# requested by another user and add 
# them to your session. You will not be asked for verification.
turn auto-invite on
#################

Remember to look at the man page for further referencing.

Extra Tricks

One of the unfortunate aspects of your garden variety chat lines and instant messaging systems is the inability to navigate up or down one or more lines to retype a letter, word or phrase, much less copy and paste something you may have said 10 minutes earlier. You are condemned to retype. However, if salt@www.munchies.org were to use the shell command and activate vi (or, my preference, vim), he would have the control and versatility of this powerful editor within YTalk. For the truly enterprising, you can't go wrong using emacs; just think of all those horizontal and vertical screens you can generate.

Most of my explorations were involved figuring out YTalk but there was a lot I could have done with SSH. We could have set up public key authentication, for example, but remember it is only available on SSH protocol version 2. A simple SSH contact would have resulted in an immediate login without typing a password. This is great for the typing handicapped among us.

Simplifying and securing the login process can be further enhanced by restricting the login profile and default account shell--bash in my case. Everybody can use the same account and when YTalk is automatically invoked in the script it will look for certain terminals to log into.

Conclusions

Are there limitations? YTalk works best when there are no more than 3 users. Why? Terminal size: the more people log in, the less space each user receives. Are there nifty features that could be incorporated? The X version of YTalk, although primitive, is going in the right direction. Wouldn't it be great if somebody could look at the code and incorporate X11 forwarding so as to allow graphical utilities to be tunneled through it, say, xpaint? Now that I think of it SSH already has X11 port forwarding...

References

Robert Bernier is the PostgreSQL business intelligence analyst for SRA America, a subsidiary of Software Research America (SRA).


Return to the Linux DevCenter.

Copyright © 2009 O'Reilly Media, Inc.