Basically, this is how to run ratchet on linux or windows, using openssh or plink (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) (can be done via putty too) for ssh tunneling. This resolves the main security issues with inetd-mode. It adds a layer of authentication (you need a valid user on the box, but you don't limit it to user X) and encrypts data transfers.
You run plink / ssh on the 'client' machine, and on the server you just run a plain ol' sshd, irssi2 via inetd and proper firewalling.
hostname is the remote server, user is the remote username.
Setting up openssh or plink: (You can add -C to these to get compression, but I doubt it's needed)
plink.exe -L 1027:127.0.0.1:1027 user@hostname ssh -L 1027:127.0.0.1:1027 user@hostname
Connecting: Tell ratchet to connect to 127.0.0.1 on standard port (1027) - Tadaa!
Limiting non-tunneled access
To limit non-tunnel access I recommend either iptables & inetd or xinetd.
For xinetd, add this to your /etc/xinetd.d/irssi2:
only_from = 127.0.0.1
For iptables & inetd, add this to be run automatically on boot:
iptables -I INPUT -p tcp --destination-port 1027 --destination \! 127.0.0.1 -j REJECT iptables -I INPUT -p tcp --destination-port 1027 --destination \! 127.0.0.1 -j DROP # use this if the REJECT target is unavailable, or if you don't want to announce that the port is closed.