Re: How can I use sshd to satisfy my needs?

From: Brian Hatch (secure-shell@ifokr.org)
Date: 03/26/03

  • Next message: Frederic de Villamil: "Re: How can I use sshd to satisfy my needs?"
    Date: Wed, 26 Mar 2003 10:50:26 -0800
    From: Brian Hatch <secure-shell@ifokr.org>
    To: "Marcos D. Marado Torres" <marado@student.dei.uc.pt>
    
    
    

    > I'm looking forward to a way of running a ssh deamon in a
    > machine so that people who connects to it would be
    > instantly redirected (without any kind of autentication)
    > to a port using telnet protocol... (OK, this must sound a
    > bit confusing, I'll try to explain:)
    >
    > user -----> remote host ------> same remote host
    > ssh telnet
    >
    > In this way, for the user, making >ssh remote.host (some
    > port)> would result in the same thing as doing <telnet
    > remote.host (other port)>, getting the bennefict of
    > having the connection to "remote.host" encrypted.
    >
    > Any thoughts about how to do it?

    So you want SSH with no authentication, and then let telnet
    do the authentication? What is the point of this? Why not
    just let them use SSH entirely and forget the telnet leg?
    After all, that's SSH's purpose.

    You could probably do something like you're describing by
    creating a dummy user that had a shell that ran 'telnet localhost'
    automatically. This user would need to have no authentication
    required (probably whip up a PAM option for this user to let it
    in sans auth).

    But I still fail to see why this is a *good* idea.

    --
    Brian Hatch                  Why do we put suits
       Systems and                in garment bags
       Security Engineer          and garments in
    http://www.ifokr.org/bri/     a suitcase?
    Every message PGP signed
    
    



  • Next message: Frederic de Villamil: "Re: How can I use sshd to satisfy my needs?"

    Relevant Pages

    • R: Reflexive firewalls?
      ... Port knocking (e.g. sending a certain sequence of ping, with custom payloads, to allow ssh access) is far better technique, ... since it does not need having telnet exposed fulltime. ... Oggetto: Re: Reflexive firewalls? ... Looks a lot like a really primitive "port-knocking" authentication method... ...
      (Security-Basics)
    • Re: Reflexive firewalls?
      ... That sound like the user-auth feature on juniper firewalls, ... I've recently used an SSH server that had an interesting authentication ... You first had to telnet to the machine on a certain port. ...
      (Security-Basics)
    • Re: Reflexive firewalls?
      ... Looks a lot like a really primitive "port-knocking" authentication method... ... That sound like the user-auth feature on juniper firewalls, ... I've recently used an SSH server that had an interesting authentication ... You first had to telnet to the machine on a certain port. ...
      (Security-Basics)
    • Re: Reflexive firewalls?
      ... I've recently used an SSH server that had an interesting authentication ... You first had to telnet to the machine on a certain port. ... Commercial/Open Source Two-Factor Authentication ...
      (Security-Basics)
    • Re: Ssh & FW-1
      ... Are you trying to SSH to the firewall itself to do maintenance? ... As you stated telnet is also in ... clear text which makes the authentication dangerous as well. ...
      (Security-Basics)