Re: How can I use sshd to satisfy my needs?

From: Brian Hatch (secure-shell@ifokr.org)
Date: 03/26/03

Next message: Frederic de Villamil: "Re: How can I use sshd to satisfy my needs?"

Previous message: Marcos D. Marado Torres: "How can I use sshd to satisfy my needs?"
In reply to: Marcos D. Marado Torres: "How can I use sshd to satisfy my needs?"
Next in thread: Marcos D. Marado Torres: "Re: How can I use sshd to satisfy my needs?"
Reply: Marcos D. Marado Torres: "Re: How can I use sshd to satisfy my needs?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 26 Mar 2003 10:50:26 -0800
From: Brian Hatch <secure-shell@ifokr.org>
To: "Marcos D. Marado Torres" <marado@student.dei.uc.pt>

> I'm looking forward to a way of running a ssh deamon in a
> machine so that people who connects to it would be
> instantly redirected (without any kind of autentication)
> to a port using telnet protocol... (OK, this must sound a
> bit confusing, I'll try to explain:)
>
> user -----> remote host ------> same remote host
> ssh telnet
>
> In this way, for the user, making >ssh remote.host (some
> port)> would result in the same thing as doing <telnet
> remote.host (other port)>, getting the bennefict of
> having the connection to "remote.host" encrypted.
>
> Any thoughts about how to do it?

So you want SSH with no authentication, and then let telnet
do the authentication? What is the point of this? Why not
just let them use SSH entirely and forget the telnet leg?
After all, that's SSH's purpose.

You could probably do something like you're describing by
creating a dummy user that had a shell that ran 'telnet localhost'
automatically. This user would need to have no authentication
required (probably whip up a PAM option for this user to let it
in sans auth).

But I still fail to see why this is a *good* idea.

--
Brian Hatch                  Why do we put suits
   Systems and                in garment bags
   Security Engineer          and garments in
http://www.ifokr.org/bri/     a suitcase?
Every message PGP signed

application/pgp-signature attachment: stored

Next message: Frederic de Villamil: "Re: How can I use sshd to satisfy my needs?"

Previous message: Marcos D. Marado Torres: "How can I use sshd to satisfy my needs?"
In reply to: Marcos D. Marado Torres: "How can I use sshd to satisfy my needs?"
Next in thread: Marcos D. Marado Torres: "Re: How can I use sshd to satisfy my needs?"
Reply: Marcos D. Marado Torres: "Re: How can I use sshd to satisfy my needs?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

R: Reflexive firewalls?
... Port knocking (e.g. sending a certain sequence of ping, with custom payloads, to allow ssh access) is far better technique, ... since it does not need having telnet exposed fulltime. ... Oggetto: Re: Reflexive firewalls? ... Looks a lot like a really primitive "port-knocking" authentication method... ...
(Security-Basics)
Re: Reflexive firewalls?
... That sound like the user-auth feature on juniper firewalls, ... I've recently used an SSH server that had an interesting authentication ... You first had to telnet to the machine on a certain port. ...
(Security-Basics)
Re: Reflexive firewalls?
... Looks a lot like a really primitive "port-knocking" authentication method... ... That sound like the user-auth feature on juniper firewalls, ... I've recently used an SSH server that had an interesting authentication ... You first had to telnet to the machine on a certain port. ...
(Security-Basics)
Re: Ssh & FW-1
... Are you trying to SSH to the firewall itself to do maintenance? ... As you stated telnet is also in ... clear text which makes the authentication dangerous as well. ...
(Security-Basics)
Re: Reflexive firewalls?
... I've recently used an SSH server that had an interesting authentication ... You first had to telnet to the machine on a certain port. ... Commercial/Open Source Two-Factor Authentication ...
(Security-Basics)