Re: Create a secure telnet connection via a Windows 2000 server

• Previous message: Bob: "Re: Permission denied question"
• In reply to: Jon Cox: "Re: Create a secure telnet connection via a Windows 2000 server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 14 Mar 2004 15:36:53 -0500

"Jon Cox" <sysreb@nospam.yahoo.com> wrote in message
news:404c27f9$1@news.star.co.uk...
>
> "Nico Kadel-Garcia" <nkadel@comcast.net> wrote in message
> news:nbCdnRoytplL5tbdRVn-ug@comcast.com...
> >
>
> > The easy way is "find a job with a clue".
>
> Er... yes, thanks for that helpful insight - I do have a clue, and have
> researched this problem by reading various web pages and newsgroup
articles
> before posting a short and specific question to the newsgroup - I am
however
> from a Windows background, so my knowledge of SSH is limited (which is why
I
> asked the questions).

You're welcome. I wasn't referring to *you*, who are trying to do the right
thing, but to the workplace that is preventing you as a policy from using
the right tools to protect your users and your company's data.

> > The second way, which may serve
> > your needs better, is to install stunnel on that box and run VNC on it
> over
> > an SSL-tunneled port. This provides an X-based session on the box for
> normal
> > logins, and can be configured to allow an arbitrary number of people to
> > share the session quite easily. If you need to have multiple logins on
the
> > box at the same time, that's another story.
> >
> > Why do you need telnet-style sessions on the Windows box?
> >
> >
>
> Thank you for your suggestion, I'm not sure that I have explained exactly
> what I am trying to achieve:
>
> I'm looking at our home users using Accuterm Internet edition to connect
> commercial system (Accuterm supports SSH) - however, our commercial system
> does not have SSH installed (and our suppliers do not support it - hence
we
> can't install it) - We currently use MS ISA as a firewall and I was trying
> to find a way of allow our "home" users to create a secure connection to a
> windows server that would then telnet to our commercial system.

It sounds like your suppliers need a serious clue about system security for
remote applications.

> If there is no such program for Windows, I would consider installing Linux
> server to allow users to connect to (using SSH and then run a telnet
session
> to our commercial system from their login script)

There are: CygWin includes an SSH server along with SSH clients, and could
actually be run on the "commercial system" server, unless they're quite
conservative about permitted software on it. There are also Windows based
commercial packages that could be installed there, such as that from
www.vandyke.com, which might be easier to set up with a tech support person
on the phone with you.

> I have tried installing Cygwin with SSH and have been trying the following
> command to create an encrypted port forwarded tunnel to a telnet session
on
> our commercial system:
>
> ssh -L 2222:UnixServer:23 localhost
>
> however, when I try to connect to port 2222 using PuTTY, it doesn't work.
If
> I use a normal telnet client to port 2222 it forwards correctly to the
> UnixServer (but not encrypted).

See Richard's note about this. "localhost" should be pointed to the machine
that is running the telnet based server you're trying to connect to. Unless
you installed CygWin on the application server itself and are connecting
directly to that?

> The information at
> http://security.web.cern.ch/security/ssh/encrypt_connections.htm appears
to
> be exactly what I am trying to achieve, but I have been unsuccessful in my
> attempts.
>
> I trust the above gives an insight as to what action I have taken and that
I
> may possibly "have a clue".

And I hope that clue pays off for you!

• Previous message: Bob: "Re: Permission denied question"
• In reply to: Jon Cox: "Re: Create a secure telnet connection via a Windows 2000 server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]