Thanks all for your valuable inputs.

My telnet server application has its own way of handling
authentication, commands supported,..
Hence i cant easily move to ssh. I know i can use SSH to use my own
authentication using PAM, but the other things such as commands
supported are all not easily done just by moving to ssh server.

Based on my requirements , i think tunelling(either stunnel or ssh
tuneling) is the best option to go with, if not please suggest any
other way you could think of?

With tunneling, Can i somehow avoid the client side setup of
specifying a non-standard port which will forward requests to sshd.

Can it be as easy as below: (I think its not possible, but i just want
to confirm that )

on the server:
- A tunneling port (7778) listens , which forward connections to my
application running at port 4050.

on the client:
use ssh to connect to port 7778. This will make the server port 7778
forward the connections to my application port 4050 and back in the
same way.

Please advice.

Best Regards,

On Fri, Oct 17, 2008 at 12:26 AM, Bob Rasmussen wrote:
> On Thu, 16 Oct 2008, Sudarshan Soma wrote:
>> HI ,
>> I have telnet server implemented on the server. Now i want the ssh
>> client to connect to this modified telnet server by adding
>> encryption/decryption functions in it.
>> Can I do this easily by just putting the appropriate encrypt/decrypt
>> functions , session key establishment code from ssh server to telnet
>> server.
>> Tunelling is one solution , i can think of . Is there any other easy
>> alternative for this apart from changing the telnet server code.

> It is not a trivial thing to add encryption to the telnet protocol. It
> would have to be added on both ends (client and server), and it was not
> widely done. One approach was called SRP, from Stanford University. I
> haven't heard anything from them for a long time, since SSH became common.
> Other ideas:
> 1. Use telnet with SSL. I have heard that there are SSL implementations of
> the client and server sides of telnet, but I have not worked with them.
> 2. Use SSH to establish a secure connection to a) the same server, or b)
> one nearby, inside the site's firewall. Establish client-side tunnelling
> on port 23. Then on the client machine, telnet to localhost, so that it is
> tunnelled to the server.
> This can be useful for Windows-based server-side systems that accept
> telnet connections but not SSH connections. I have even considered adding
> a special telnet-over-ssh mode for our terminal emulation client, Anzio.
> Regards,
> ....Bob Rasmussen, President, Rasmussen Software, Inc.
> personal e-mail:
> company e-mail:
> voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
> fax: (US) 503-624-0760
> web:
> street address: Rasmussen Software, Inc.
> 10240 SW Nimbus, Suite L9
> Portland, OR 97223 USA