Re: making telnet secure
- From: "Sudarshan Soma" <sudarshan12s@xxxxxxxxx>
- Date: Tue, 25 Nov 2008 16:51:40 +0530
I managed to change the openssh to run "telnet 127.0.0.1
application-port" instead of /bin/bash for a particular user(with no
passwd) on login. With this login will be done by own application
server and communication is secured through ssh.
With this, there could arise a problem if i try to use SSH public key
authentication . Do you see any other major problems with the above
On Sat, Oct 18, 2008 at 1:37 AM, Robert Hajime Lanning
On Fri, Oct 17, 2008 at 7:51 AM, Sudarshan Soma <sudarshan12s@xxxxxxxxx> wrote:
Thanks all for your valuable inputs.
My telnet server application has its own way of handling
authentication, commands supported,..
Hence i cant easily move to ssh. I know i can use SSH to use my own
authentication using PAM, but the other things such as commands
supported are all not easily done just by moving to ssh server.
Based on my requirements , i think tunelling(either stunnel or ssh
tuneling) is the best option to go with, if not please suggest any
other way you could think of?
With tunneling, Can i somehow avoid the client side setup of
specifying a non-standard port which will forward requests to sshd.
Can it be as easy as below: (I think its not possible, but i just want
to confirm that )
on the server:
- A tunneling port (7778) listens , which forward connections to my
application running at port 4050.
on the client:
use ssh to connect to port 7778. This will make the server port 7778
forward the connections to my application port 4050 and back in the
This will be a complex setup on the client side, but this is how ssh
sshd listens on port 22, and has a configuration to allow the specific
port forwarding you need.
Accounts the clients will login to need to have a shell that just
sleeps. (don't allow other commands to run)
You need to configure the port forwarding: (openssh)
ssh -N -L4050:localhost:4050 account@server-host
then on the client:
telnet localhost 4050
And, did Galoka think the Ulus were too ugly to save?
- Prev by Date: Re: multihome box: why ssh over only one interface?
- Next by Date: Re: multihome box: why ssh over only one interface?
- Previous by thread: Re: making telnet secure
- Next by thread: utmp inconsistency between versions -- FreeBSD 7.1-PRELEASE (OpenSSH_5.1p1 FreeBSD-20080901, OpenSSL 0.9.8e 23 Feb 2007) vs. Mac OS/X 10.5.5 (OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006)