Regular users can setup an SSH tunnel, but this requires you to have a login on another
machine, so that you can setup a tunnel between these two machines and use the other
to hop on to the BBS. Note that the final part of the link will not be encrypted this way.
For more information on how to how to do this, I say, enter something like "ssh port forwarding howto pop imap" in your favourite Web search engine.
A nicer setup is that the BBS administrator allows users to connect to his (or her) machine using SSH, and connecting (locally) to the BBS from there.
Here is how to set up this kind of configuration.
The trick is to create a special user on the server, that has telnet as login shell, and
let 'him' connect back to the BBS. As a consequence, you will not be able to see where a user
connects from, but this also ensures the user's privacy.
To set this up, create a login on the server machine named 'bbs-user'. Give the bbs user an empty password. Put the following setting in /etc/sshd_config:
PermitEmptyPasswords yesIf your system uses PAM (Pluggable Authentication Modules), you may need to add the option nullok to the password line in either /etc/pam.conf or /etc/pam.d/sshd (depending on which platform you are on), so that it looks something like:
sshd password required /lib/security/pam_unix.so shadow nullok use_authtok md5or if you have /etc/pam.d/sshd:
password required /lib/security/pam_unix.so shadow nullok use_authtok md5
Now change the login shell of the bbs-user to telnet, in /etc/passwd:
bbs-user:x:501:501:bbs100 user:/:/usr/bin/telnet -E localhost 1234Note the -E option, if you omit it, users will be able to log through your machine and possibly use it for malicious actions.
Now you can try 'ssh email@example.com'. It should log you on without asking for an SSH password. Note that users always have to connect as user 'bbs-user'. Jose Nazario has donated a patch to OpenSSH-2.5.2 which sets the username to bbs-user by default -- letting you connect to the bbs100 in a slightly more comfortable way: 'ssh your.bbs100.site'. Mind that if you install this patched sshd, you will NOT be able to use regular ssh to login to your machine as a different user (that is, a user other than 'bbs-user'). As a solution to this, you can configure a 'normal' un-patched sshd on a different port number (say, 222) and use that one for regular ssh connects.
Some systems don't allow you to specify arguments behind the shell (telnet) in
/etc/passwd. As a solution, you can use the bbs_shell program
and place 'bbs_shell' as shell in the /etc/passwd entry for the
Most systems don't just allow you to specify any program as login shell, usually you would enter its full pathname in the file /etc/shells, which lists the valid login shells of the system.
Credits go to Jose Nazario for the OpenSSH patch
and to Myth of MatrixBBS for thinking up a way
to have users connect to bbs100 in a secure way.
To prove it works, try 'ssh firstname.lastname@example.org'.
Patch to OpenSSH-2.5.2
special BBS shell
The OpenSSH website is at www.openssh.org.
You may also want to read about redirecting bbs100 to the default telnet port.
Back to main page