 |
Zugg
MASTER
Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA
|
 Posted: Fri Jan 19, 2007 10:03 pm
SSH Port forwarding and Tunnels question
|
OK, I need some help from some of you SSH experts out there.
I need you to start telling me how you use SSH and what you need within CMUD. I'm reading about all sorts of features available within SSH. Some of them are easy to understand. But then I come across stuff like "Port forwarding" and "tunnels". The SSH components that I'm using support these features, but I really have no idea what they are used for.
Are these advanced features relevant to a MUD client or Telnet client? If so, what do you use them for?
Any suggestions on how you'd like to see SSH implemented within CMUD would be very helpful. This is your chance to get an SSH client that works exactly how *you* want it to. |
|
|
|
|
Seb
Wizard
Joined: 14 Aug 2004
Posts: 1269
|
|
|
|
|
Zugg
MASTER
Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA
|
Posted: Sat Jan 20, 2007 1:07 am
|
Seb, thanks for the links, but that's not exactly what I meant. I understand the abstract concept of tunneling and I can see why you would want to tunnel stuff within SSH (like X windows, etc).
But my question is: why would CMUD need to do this? Doesn't seem like you would use CMUD to perform the tunneling. Seems like the VNC program, or other remote X display program, for example, would have it's own SSH socket connection to handle this. |
|
|
|
|
Guinn
Wizard
Joined: 03 Mar 2001
Posts: 1127
Location: London
|
Posted: Sat Jan 20, 2007 1:37 am
|
We use Putty to establish the tunnel, then connect VNC via localhost:port (which was mapped to the remote host by putty)
|
|
_________________
CMUD Pro, Windows Vista x64
Core2 Q6600, 4GB RAM, GeForce 8800GT
Because you need it for text... ;) |
 |
|
|
frenchie
Newbie
Joined: 20 Jan 2007
Posts: 1
|
Posted: Sat Jan 20, 2007 2:34 am
|
In short, if you're using CMUD to talk to ssh enabled mud's only then you're not likely to need tunnels.
If you're planning to have a SSH client built into CMUD for connecting to other SSH-services then adding tunnel support is probably a good idea as it's very useful.
Tunnels are essentially a wrapper, your VNC software etc, doesn't need anything special to be able to use them. If you connect to a remote server with a tunnel, the SSH client opens a local port and listens for traffic locally. Any traffic to that port is encrypted and sent over the ssh connection to the ssh server. At the remote side, the ssh server decrypts the traffic and sends it to the appropriate host/port. Of course, return traffic is handled in a similar fashion.
Take the example of a local mailserver behind a firewall. Port 25 is blocked to the world but it allows SSH traffic in.
telnet <mailserver-host> 25
wouldn't connect (obviously)
But if I then open a tunnel which forwards local port 2500 to the mailserver's port 25.
(in OpenSSH that's: "ssh <mailserver-host> -L 2500:localhost:25")
and then try:
telnet localhost 2500
I'll get a connection (well assuming the mail server allows traffic on localhost:25).
In summary:
Traffic sent to 2500 is encrypted and sent over the link.
The SSH server decrypts the traffic, and sends it on to the specified host:port (so the remote host sees the traffic as coming from the SSH server).
The response traffic goes back to the SSH server which encrypts it and sends it over the ssh session.
The SSH client decrypts the traffic and sends it back as a response to the initial traffic.
The other way of handling tunnels is to open a remote port and forward traffic from it to a local host/port. Essentially the same idea, just backwards in operation.
Basically, it really depends on what you're planning to include SSH support for. |
|
|
|
|
Elcor
Newbie
Joined: 24 Nov 2000
Posts: 3
Location: USA
|
Posted: Sat Jan 20, 2007 9:07 am
|
Hi All. I have been a Zmud/Cmud user for quite a long time now. I enjoy the software very much, thanks Zugg, so much in fact I use it for various other tasks besides Mudding. I am a Network Engineer for a Regional ISP, and use Zmud to regularly telnet to various servers, routers etc. I have built a few "frontends" for some of this equipment, and have been trying my hand at one Using the new features of Cmud. Ok, on to my point. As you all know Security is an ever growing concern for anybody running ANY size network, and one of the things I have been excited about was the inclusion of SSH support in Cmud. I admit I don't use even one-quarter of the features currently available with SecureCRT, BUT I do find myself reading about those features and DO plan on implementing them on the network. So, I would like to see a good set of features included, even though they may not apply to Mudding specifically so I would have the option of expanding the number of devices that I could connect to.
Just an observation from an Avid user of Z/Cmud for things other than mudding.
(Can't believe I'm talking about work, and not MUDDING!!!) 
Elcor
KallistiMud |
|
|
|
|
Seb
Wizard
Joined: 14 Aug 2004
Posts: 1269
|
Posted: Sat Jan 20, 2007 2:20 pm Re: SSH Port forwarding and Tunnels question
|
Zugg, really it comes down to why you want to add SSH to CMUD. Do you just want to support basic SSH for remote admin of MUDs and MUDs that support SSH? Or do you want to create a fully featured solution that goes beyond MUDding?
I was trying to answer this:
| Zugg wrote: |
| The SSH components that I'm using support these features, but I really have no idea what they are used for. |
Rather than this:
| Zugg wrote: |
| Are these advanced features relevant to a MUD client or Telnet client? If so, what do you use them for? |
As I alluded to though, SSH tunneling can be useful for traversing restrictive firewalls. Restrictive firewalls can be a problem for many MUD users, so this is a feature relevant to a MUD client.
| Zugg wrote: |
| But my question is: why would CMUD need to do this? Doesn't seem like you would use CMUD to perform the tunneling. Seems like the VNC program, or other remote X display program, for example, would have it's own SSH socket connection to handle this. |
It is the SSH program that performs the SSH tunneling. VNC or X or SMTP just talks through the SSH program, which is acting like a proxy (or tunnel) to the VNC client, X client, or SMTP client. The point is that VNC, X, SMTP, SMB, FTP, etc. know nothing about the SSH protocol. You can think of an SSH tunnel as a VPN lite.
See my earlier links for details of how to set it up with some SSH programs plus more info on PuTTY here:
Using port forwarding in SSH
Also the section above on X11 forwarding.
Of course, it is quite possible to use z/CMUD with PuTTY SSH (client-side) tunneling and people have done that in the past. But it does mean using an extra program and so is a bit untidy and probably harder to get working. |
|
|
|
|
Fang Xianfu
GURU
Joined: 26 Jan 2004
Posts: 5155
Location: United Kingdom
|
Posted: Sat Jan 20, 2007 2:49 pm
|
I personally used SSH tunnelling with PuTTY and zMUD's SOCKS Proxy option all the time. Much more often than I actually played on SSH-enabled MUDs.
|
|
|
|
|
Taz
GURU
Joined: 28 Sep 2000
Posts: 1395
Location: United Kingdom
|
Posted: Sun Jan 21, 2007 12:37 pm
|
Ditto Fang and is exactly what I put the info into this forum post for because it shows how you can overcome firewall port restriction if you have a shell you can connect to and port 23 is allowed through the firewall you can then tunnel to your MUDs. As Seb mentions it means using an extra program so if CMUD was able to do the tunneling for you the whole solution for traversing firewalls would be in the one program.
|
|
_________________
Taz :) |
|
|
|
Rainchild
Wizard
Joined: 10 Oct 2000
Posts: 1551
Location: Australia
|
Posted: Sun Jan 21, 2007 9:23 pm
|
I don't really see SSH tunnels as being necessary - for adminning my MUD box I just need SSH and SFTP (which I'm happy to use a different client for). Our source control is done via SSH, but tortoise handles the tunneling required to do it, so it's not necessary there either.
|
|
|
|
|
wedrifid
Beginner
Joined: 10 Dec 2006
Posts: 15
|
Posted: Tue Jan 23, 2007 7:57 am
|
In an earlier life I used port forwarding extensively with ZMUD. My LAN firewall wasn't a huge fan of TELNET so I sshed to various destinations and forward a port from localhost through the ssh server to the mud. ZMUD would then access localhost:9999.
This usage is a big difference from enabling port forwarding via the mud being connected to. It more fits along the lines of a proxy setting. However, if ZMUD were capable of forwarding ports to connections then it would be quite handy even if it meant opening up a dummy window to set up a port forward and then a real window for the mud connection.
If it is at all a possibility I'd love to see it as a feature. |
|
|
|
|
TonDiening
GURU
Joined: 26 Jul 2001
Posts: 1958
Location: Canada
|
Posted: Tue Jan 23, 2007 8:13 pm
|
Game perception:
Perhaps you just want to:
1) establish the ssh connection
2) telnet mymud:9999
3) use CMUD to parse the remote telnet session
Might be useful to skip the tunnelling aspects if they are tedious.
Corporate perception:
SSH (putty) and STFP (http://www.winscp.com/)
1) establish a ssh connection
2) disconnection and reconnection
Reminds me of a zMud script I wrote for a client with 3-4 kinds of routers kinds for MAC address to connected port tracking and other such utilities. |
|
|
|
|
seamer
Magician
Joined: 26 Feb 2001
Posts: 358
Location: Australia
|
Posted: Sat Feb 03, 2007 11:57 am
|
I'm nerdy enough to want to SSH into my home box via cmud, launch a tt++ session and then ssh back out of the box to coffeemud - since it too supports ssh :P Then I can just dump tt++ into a screen daemon process and resume it later on
|
|
_________________
Active contributer to coffeemud.net, the advanced java-based mud system. |
|
|
|
|
|
|
