Introduction

Basically, this is how to run ratchet on linux or windows, using openssh or plink (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) (can be done via putty too) for ssh tunneling. This resolves the main security issues with inetd-mode. It adds a layer of authentication (you need a valid user on the box, but you don't limit it to user X) and encrypts data transfers.

You run plink / ssh on the 'client' machine, and on the server you just run a plain ol' sshd, irssi2 via inetd and proper firewalling.
hostname is the remote server, user is the remote username.

  1. Setting up openssh or plink: (You can add -C to these to get compression, but I doubt it's needed)

    plink.exe -L 1027:127.0.0.1:1027 user@hostname
    ssh -L 1027:127.0.0.1:1027 user@hostname
  2. Connecting: Tell ratchet to connect to 127.0.0.1 on standard port (1027) - Tadaa! :D

Limiting non-tunneled access

To limit non-tunnel access I recommend either iptables & inetd or xinetd.

For xinetd, add this to your /etc/xinetd.d/irssi2:

    only_from = 127.0.0.1

For iptables & inetd, add this to be run automatically on boot:

iptables -I INPUT -p tcp --destination-port 1027 --destination \! 127.0.0.1 -j REJECT
iptables -I INPUT -p tcp --destination-port 1027 --destination \! 127.0.0.1 -j DROP # use this if the REJECT target is unavailable, or if you don't want to announce that the port is closed.

SshInetdHowto (last edited 2009-03-15 22:42:38 by localhost)