This is a discussion on Re: making telnet secure - openssh ; Actually, this is exactly what IPSec was designed for. Since it happens at a lower layer than telnet, your service doesn't even know about it. The downside to IPSec is setting it up. It was really designed to be on ...
Actually, this is exactly what IPSec was designed for. Since it happens at
a lower layer than telnet, your service doesn't even know about it.
The downside to IPSec is setting it up. It was really designed to be on all
the time and every host would have it's own globally recognized cert, etc.
Still, if you only have a couple of machines that need to do the telnet
session, IPSec is a perfect fit, and you don't have to mess with ports, etc.
If you have unknown/random or just lots of remote machines connecting into
your telnet server, then the overhead of IPSec setup will probably move you
back to stunnel or ssh tunneling.
On 10/17/08 7:51 AM, "Sudarshan Soma"
> Thanks all for your valuable inputs.
> My telnet server application has its own way of handling
> authentication, commands supported,..
> Hence i cant easily move to ssh. I know i can use SSH to use my own
> authentication using PAM, but the other things such as commands
> supported are all not easily done just by moving to ssh server.
> Based on my requirements , i think tunelling(either stunnel or ssh
> tuneling) is the best option to go with, if not please suggest any
> other way you could think of?
> With tunneling, Can i somehow avoid the client side setup of
> specifying a non-standard port which will forward requests to sshd.
> Can it be as easy as below: (I think its not possible, but i just want
> to confirm that )
> on the server:
> - A tunneling port (7778) listens , which forward connections to my
> application running at port 4050.
> on the client:
> use ssh to connect to port 7778. This will make the server port 7778
> forward the connections to my application port 4050 and back in the
> same way.
> Please advice.
> Best Regards,
> On Fri, Oct 17, 2008 at 12:26 AM, Bob Rasmussen
>> On Thu, 16 Oct 2008, Sudarshan Soma wrote:
>>> HI ,
>>> I have telnet server implemented on the server. Now i want the ssh
>>> client to connect to this modified telnet server by adding
>>> encryption/decryption functions in it.
>>> Can I do this easily by just putting the appropriate encrypt/decrypt
>>> functions , session key establishment code from ssh server to telnet
>>> Tunelling is one solution , i can think of . Is there any other easy
>>> alternative for this apart from changing the telnet server code.
>> It is not a trivial thing to add encryption to the telnet protocol. It
>> would have to be added on both ends (client and server), and it was not
>> widely done. One approach was called SRP, from Stanford University. I
>> haven't heard anything from them for a long time, since SSH became common.
>> Other ideas:
>> 1. Use telnet with SSL. I have heard that there are SSL implementations of
>> the client and server sides of telnet, but I have not worked with them.
>> 2. Use SSH to establish a secure connection to a) the same server, or b)
>> one nearby, inside the site's firewall. Establish client-side tunnelling
>> on port 23. Then on the client machine, telnet to localhost, so that it is
>> tunnelled to the server.
>> This can be useful for Windows-based server-side systems that accept
>> telnet connections but not SSH connections. I have even considered adding
>> a special telnet-over-ssh mode for our terminal emulation client, Anzio.
>> ....Bob Rasmussen, President, Rasmussen Software, Inc.
>> personal e-mail: email@example.com
>> company e-mail: firstname.lastname@example.org
>> voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
>> fax: (US) 503-624-0760
>> web: http://www.anzio.com
>> street address: Rasmussen Software, Inc.
>> 10240 SW Nimbus, Suite L9
>> Portland, OR 97223 USA