Re: making telnet secure



Hi ,
I managed to change the openssh to run "telnet 127.0.0.1
application-port" instead of /bin/bash for a particular user(with no
passwd) on login. With this login will be done by own application
server and communication is secured through ssh.

With this, there could arise a problem if i try to use SSH public key
authentication . Do you see any other major problems with the above
alternative.

Please advice.

Best Regards,
Pavan.

On Sat, Oct 18, 2008 at 1:37 AM, Robert Hajime Lanning
<robert.lanning@xxxxxxxxx> wrote:
On Fri, Oct 17, 2008 at 7:51 AM, Sudarshan Soma <sudarshan12s@xxxxxxxxx> wrote:
Thanks all for your valuable inputs.

My telnet server application has its own way of handling
authentication, commands supported,..
Hence i cant easily move to ssh. I know i can use SSH to use my own
authentication using PAM, but the other things such as commands
supported are all not easily done just by moving to ssh server.

Based on my requirements , i think tunelling(either stunnel or ssh
tuneling) is the best option to go with, if not please suggest any
other way you could think of?

With tunneling, Can i somehow avoid the client side setup of
specifying a non-standard port which will forward requests to sshd.

Can it be as easy as below: (I think its not possible, but i just want
to confirm that )

on the server:
- A tunneling port (7778) listens , which forward connections to my
application running at port 4050.

on the client:
use ssh to connect to port 7778. This will make the server port 7778
forward the connections to my application port 4050 and back in the
same way.

Please advice.

Best Regards,
Pavan.

This will be a complex setup on the client side, but this is how ssh
tunneling works.

Server:
sshd listens on port 22, and has a configuration to allow the specific
port forwarding you need.
Accounts the clients will login to need to have a shell that just
sleeps. (don't allow other commands to run)

Client:
You need to configure the port forwarding: (openssh)
ssh -N -L4050:localhost:4050 account@server-host
then on the client:
telnet localhost 4050

--
And, did Galoka think the Ulus were too ugly to save?
-Centauri




Relevant Pages

  • Re: Unable to print to networked printer - get access denied messa
    ... Check the permissions on the server assuming the client has a true RPC ... How is the Standard TCP/IP port configured for the device? ...
    (microsoft.public.windowsxp.print_fax)
  • Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)
    ... That's the problem tunneling (port forwarding) solves. ... >>can't get past the client firewall. ... > I don't understand why the server would be making the ... server initiates another connection to the client -- in this ...
    (Debian-User)
  • Re: Remote Connection Issue
    ... through port number 3389 and a workstation on the LAN through port number ... I understand that you want to allow a LAN client ... and you have configured server publishing rule ... > By default Terminal Server and Windows 2000 Terminal Services uses TCP ...
    (microsoft.public.windows.server.sbs)
  • Re: Explanation of SSH
    ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
    (comp.security.ssh)
  • Re: ssh security question
    ... In my case - the client is a windows client and the ssh is embedded into the windows nx client. ... Is there any reason I can't run ssh-keygen on the server and copy the private key to the client - and the public key to the "authorised" directory? ... sniffer can catch your passwords, and it would make it trivial to log in ...
    (SSH)