Subject: Re: Protecting telnet, w/o modifying client or server.
To: None <netbsd-help@NetBSD.ORG>
From: CEBKA <CEBKA@smtp.ru>
List: netbsd-help
Date: 01/26/2003 21:34:09
Hello, Richard.
You wrote at 25.01.2003, :
RR> (For those who know what a MUD is, for concreteness I have in mind
RR> MUD's and MUD clients. If you don't know what a MUD is...it's a
RR> multi-user online (generally text) game. Usually connected to via
RR> telnet or moral equivalent. There are many MUD's and many MUD clients.)
RR> I'd like to take an existing telnet based system and, without changing
RR> the client or server, wrap the session in some kind of encryption.
RR> It is not required (and is even actively not desired) to use UNIX
RR> level login; the clients do not go through a normal UNIX login and
RR> do not have UNIX accounts, in general.
RR> What options are there? I can think of a few:
RR> * If the user is on, or close-enough-to, a UNIX-alike box (say
RR> NetBSD), one could open up a local-only telnet port for the MUD
RR> client to use, then ssh out from there.
RR> * Reading ssh's docs, it almost sounds as if there is a way to
RR> get this kind of thing to work with port forwarding or perhaps
RR> with "subsystems". Is this viable? What should I be looking
RR> for?
I think that it is good idea. First try to set up openssh on all
machines, then start ssh server on server machine and do this on each
client:
$ ssh -f -L10023:localhost:23 remotesystem sleep 10
^^^^^^^^
command to execute
and then start telnet like this:
telnet localhost 10023
^^^^^^^^^ ^^^^^
RR> * How about something more in the network layer? How easy is it
RR> to set up IPSec?
It is more difficult than making a tunnel IMHO
RR> Any other ways? Relative merits of any ideas that might actually
RR> work? (^&
You can also use stunnel forwarding(http://www.stunnel.org), it might
work under win32 too.
RR> Thanks in advance.
--
Best regards,
CEBKA mailto:CEBKA@smtp.ru