Re: Telnet forwarding ??

To: debian-security@lists.debian.org
Subject: Re: Telnet forwarding ??
From: Lars Ellenberg <l.g.e@web.de>
Date: Thu, 20 Feb 2003 01:35:50 +0100
Message-id: <[🔎] 20030220003550.GA2988@minna.ipt.aol.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 000001c2d869$622b5d50$366fa8c0@budgetext.com>
References: <[🔎] 000001c2d869$622b5d50$366fa8c0@budgetext.com>

On Wed, Feb 19, 2003 at 04:51:04PM -0600, George Smith wrote:
> The basic goal is to provide a SSH connection
> to a machine running mvBase. MvBase is a operating system
> running on top of windows NT4.0 or windows 2000. It is where
> our applications reside in a blob - they are
> not windows applications. When you connect
> to a mvBase telnet server you can do not have
> access to the windows world.

maybe I did not understand the question, but:
if you want ssh connection to some machine, there obviously has to be a
ssh server on that side.
if you want ssh connection TO the mvBase, you need a ssh server
implementation for mvBase, and install that. and you need a ssh client
on the client PCs.

if you have neither, and you want to tunnel all your ports through SSH
between your debian box and the mvBase host system (winbox),
you have the options to

· install some ssh server on the winbox,
  and on the debian box do
  ssh -L 8031:mvBase:8031 -L 8032:mvBase:8032 [...] winbox
  and have "GatewayPorts yes" in $HOME/.ssh/config, or 
  do some transparent redirection with iptables (if you don't say
  "GatewayPorts yes", port forwarding is bound to the loopback device,
  and thus not reachable by your clients)

· use some ssh client (e.g. putty) from you winbox to the debian box,
  and use remote port forwarding, which depends on the respective client
  you use. the equivalent of "ssh -R 8031:mvBase:8031 [...] debian"
  on the debian box this time you need "GatewayPorts yes" in the
  sshd_config  (note the "d" for deamon).
  preferably you use a separate config file, and start a dedicated
  sshd server for this purpose on some other port, like
  sshd -p 10022 [...] -f /etc/ssh/sshd_config.telnet_tunnel
  so your standard ssh does not bind port forwardings to the wildcard
  adress.
  or, as above, don't use GatewayPorts, but redirect with iptables
  transparently.

in any case, make sure you restrict access to the forwarded ports by
some other means, like iptables.

I'd prefer some kind of VPN. use FreeS/WAN on the debian, and some kind
of VPN client on the winbox.  AFAIK win nt has problems here, so use
win2000, probably the "server" variant...
or maybe a FreeS/WAN implementation for cygwin (is there a native win
implementation?)
... but thats a different problem ...

hth,
	Lars

Reply to:

Follow-Ups:
- Re: Telnet forwarding ??
  - From: Dale Amon <amon@vnl.com>

References:
- Telnet forwarding ??
  - From: "George Smith" <gsmith@budgetext.com>

Prev by Date: Re: Telnet forwarding ??
Next by Date: Re: Telnet forwarding ??
Previous by thread: Re: Telnet forwarding ??
Next by thread: Re: Telnet forwarding ??
Index(es):
- Date
- Thread