Hi , I managed to change the openssh to run "telnet 127.0.0.1 application-port" instead of /bin/bash for a particular user(with no passwd) on login. With this login will be done by own application server and communication is secured through ssh. With this, there could arise a problem if i try to use SSH public key authentication . Do you see any other major problems with the above alternative. Please advice. Best Regards, Pavan. On Sat, Oct 18, 2008 at 1:37 AM, Robert Hajime Lanning <robert.lanning@xxxxxxxxx> wrote: > On Fri, Oct 17, 2008 at 7:51 AM, Sudarshan Soma <sudarshan12s@xxxxxxxxx> wrote: >> Thanks all for your valuable inputs. >> >> My telnet server application has its own way of handling >> authentication, commands supported,.. >> Hence i cant easily move to ssh. I know i can use SSH to use my own >> authentication using PAM, but the other things such as commands >> supported are all not easily done just by moving to ssh server. >> >> Based on my requirements , i think tunelling(either stunnel or ssh >> tuneling) is the best option to go with, if not please suggest any >> other way you could think of? >> >> With tunneling, Can i somehow avoid the client side setup of >> specifying a non-standard port which will forward requests to sshd. >> >> Can it be as easy as below: (I think its not possible, but i just want >> to confirm that ) >> >> on the server: >> - A tunneling port (7778) listens , which forward connections to my >> application running at port 4050. >> >> on the client: >> use ssh to connect to port 7778. This will make the server port 7778 >> forward the connections to my application port 4050 and back in the >> same way. >> >> Please advice. >> >> Best Regards, >> Pavan. > > This will be a complex setup on the client side, but this is how ssh > tunneling works. > > Server: > sshd listens on port 22, and has a configuration to allow the specific > port forwarding you need. > Accounts the clients will login to need to have a shell that just > sleeps. (don't allow other commands to run) > > Client: > You need to configure the port forwarding: (openssh) > ssh -N -L4050:localhost:4050 account@server-host > then on the client: > telnet localhost 4050 > > -- > And, did Galoka think the Ulus were too ugly to save? > -Centauri >