Subject: Protecting telnet, w/o modifying client or server.
To: None <netbsd-help@netbsd.org>
From: Richard Rauch <rkr@olib.org>
List: netbsd-help
Date: 01/25/2003 05:47:28
(For those who know what a MUD is, for concreteness I have in mind
MUD's and MUD clients.  If you don't know what a MUD is...it's a
multi-user online (generally text) game.  Usually connected to via
telnet or moral equivalent.  There are many MUD's and many MUD clients.)

I'd like to take an existing telnet based system and, without changing
the client or server, wrap the session in some kind of encryption.

It is not required (and is even actively not desired) to use UNIX
level login; the clients do not go through a normal UNIX login and
do not have UNIX accounts, in general.

What options are there?  I can think of a few:

 * If the user is on, or close-enough-to, a UNIX-alike box (say
   NetBSD), one could open up a local-only telnet port for the MUD
   client to use, then ssh out from there.

 * Reading ssh's docs, it almost sounds as if there is a way to
   get this kind of thing to work with port forwarding or perhaps
   with "subsystems".  Is this viable?  What should I be looking
   for?

 * How about something more in the network layer?  How easy is it
   to set up IPSec?

Any other ways?  Relative merits of any ideas that might actually
work?  (^&

Thanks in advance.


-- 
  "I probably don't know what I'm talking about."  --rkr@olib.org