Basically, this is how to run ratchet on linux or windows, using openssh or plink ( (can be done via putty too) for ssh tunneling. This resolves the main security issues with inetd-mode. It adds a layer of authentication (you need a valid user on the box, but you don't limit it to user X) and encrypts data transfers.

You run plink / ssh on the 'client' machine, and on the server you just run a plain ol' sshd, irssi2 via inetd and proper firewalling.
hostname is the remote server, user is the remote username.

  1. Setting up openssh or plink: (You can add -C to these to get compression, but I doubt it's needed)

    plink.exe -L 1027: user@hostname
    ssh -L 1027: user@hostname
  2. Connecting: Tell ratchet to connect to on standard port (1027) - Tadaa! :D

Limiting non-tunneled access

To limit non-tunnel access I recommend either iptables & inetd or xinetd.

For xinetd, add this to your /etc/xinetd.d/irssi2:

    only_from =

For iptables & inetd, add this to be run automatically on boot:

iptables -I INPUT -p tcp --destination-port 1027 --destination \! -j REJECT
iptables -I INPUT -p tcp --destination-port 1027 --destination \! -j DROP # use this if the REJECT target is unavailable, or if you don't want to announce that the port is closed.

SshInetdHowto (last edited 2009-03-15 22:42:38 by localhost)