Re: making telnet secure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi ,
I managed to change the openssh to run "telnet 127.0.0.1
application-port" instead of /bin/bash  for a particular user(with no
passwd) on login. With this login will be done by own application
server and communication is secured through ssh.

With this, there could arise a problem if i try to use SSH public key
authentication . Do you see any other major problems with the above
alternative.

Please advice.

Best Regards,
Pavan.

On Sat, Oct 18, 2008 at 1:37 AM, Robert Hajime Lanning
<robert.lanning@xxxxxxxxx> wrote:
> On Fri, Oct 17, 2008 at 7:51 AM, Sudarshan Soma <sudarshan12s@xxxxxxxxx> wrote:
>> Thanks all for your valuable inputs.
>>
>> My telnet server application has its own way of handling
>> authentication, commands supported,..
>> Hence i cant easily move to ssh. I know i can use SSH to use my own
>> authentication using PAM, but the other things such as commands
>> supported are all not easily done just by moving to ssh server.
>>
>> Based on my requirements , i think tunelling(either stunnel or ssh
>> tuneling) is the best option to go with, if not please suggest any
>> other way you could think of?
>>
>> With tunneling, Can i somehow avoid the client side setup of
>> specifying a non-standard port which will forward requests to sshd.
>>
>> Can it be as easy as below: (I think its not possible, but i just want
>> to confirm that )
>>
>> on the server:
>> - A tunneling port (7778) listens , which forward connections to my
>> application running at port 4050.
>>
>> on the client:
>> use ssh to connect to port 7778. This will make the server port 7778
>> forward the connections to my application port 4050 and back in the
>> same way.
>>
>> Please advice.
>>
>> Best Regards,
>> Pavan.
>
> This will be a complex setup on the client side, but this is how ssh
> tunneling works.
>
> Server:
> sshd listens on port 22, and has a configuration to allow the specific
> port forwarding you need.
> Accounts the clients will login to need to have a shell that just
> sleeps.  (don't allow other commands to run)
>
> Client:
> You need to configure the port forwarding:  (openssh)
> ssh -N -L4050:localhost:4050 account@server-host
> then on the client:
> telnet localhost 4050
>
> --
> And, did Galoka think the Ulus were too ugly to save?
>                                         -Centauri
>

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux