On Wed, Feb 19, 2003 at 04:51:04PM -0600, George Smith wrote:
> The basic goal is to provide a SSH connection
> to a machine running mvBase. MvBase is a operating system
> running on top of windows NT4.0 or windows 2000. It is where
> our applications reside in a blob - they are
> not windows applications. When you connect
> to a mvBase telnet server you can do not have
> access to the windows world.
maybe I did not understand the question, but:
if you want ssh connection to some machine, there obviously has to be a
ssh server on that side.
if you want ssh connection TO the mvBase, you need a ssh server
implementation for mvBase, and install that. and you need a ssh client
on the client PCs.
if you have neither, and you want to tunnel all your ports through SSH
between your debian box and the mvBase host system (winbox),
you have the options to
· install some ssh server on the winbox,
and on the debian box do
ssh -L 8031:mvBase:8031 -L 8032:mvBase:8032 [...] winbox
and have "GatewayPorts yes" in $HOME/.ssh/config, or
do some transparent redirection with iptables (if you don't say
"GatewayPorts yes", port forwarding is bound to the loopback device,
and thus not reachable by your clients)
· use some ssh client (e.g. putty) from you winbox to the debian box,
and use remote port forwarding, which depends on the respective client
you use. the equivalent of "ssh -R 8031:mvBase:8031 [...] debian"
on the debian box this time you need "GatewayPorts yes" in the
sshd_config (note the "d" for deamon).
preferably you use a separate config file, and start a dedicated
sshd server for this purpose on some other port, like
sshd -p 10022 [...] -f /etc/ssh/sshd_config.telnet_tunnel
so your standard ssh does not bind port forwardings to the wildcard
adress.
or, as above, don't use GatewayPorts, but redirect with iptables
transparently.
in any case, make sure you restrict access to the forwarded ports by
some other means, like iptables.
I'd prefer some kind of VPN. use FreeS/WAN on the debian, and some kind
of VPN client on the winbox. AFAIK win nt has problems here, so use
win2000, probably the "server" variant...
or maybe a FreeS/WAN implementation for cygwin (is there a native win
implementation?)
... but thats a different problem ...
hth,
Lars
