snip..............

Not so. I used to think I couldn't do a nailed ssh port also, until I was
shown how to do it. Now I use it heavily.

Art Martz

Art wrote:

bruce ackman wrote:
Just like telnet in /etc/xinetd.d but change a few
parameters like so for service d316099.


server = /usr/sbin/sshd
server_args = -i
port = 16099

YMMV Patrick, <;=)

P.S. No warranty expressed or implied.

Patrick:

Out of curiosity, how does this return a D3 login prompt when the client
connects?

Bill

"(latimerp)" <"(latimerp)"@comcast.net> wrote

On Sat, 03 Dec 2005 14:16:42 -0500, bruce ackman wrote:


I have remote linux PCs connecting to a central IBM aix box, running a
sshd server. The aix box has nailed telnet ports defined in the inittab
file, just like you would for a standard telnet session. On the remote
linux box, I put two records, the first for cosmetics for the user:

conmsg

Now connecting to the Main System, this will take a couple of minutes!

Please wait for the connected message...................


The second record is the ssh command, as follows:


cat conmsg

ssh -2 -L 2000:127.0.0.1:99999 aixuser (AT) 99 (DOT) 999.999.99 -i
/home/linuxuser/.ssh/ssh_host_dsa_key -f TERM="ansi";export TERM;telnet
localhost 2000 (this is all one line)

where "99999" is your nailed telnet port on the host machine, and
"99.999.999.99" is the static IP address on the host machine. "aixuser" is
a valid login on the host machine (required), and "linuxuser" is on the
remote linux system. ssh uses key pairs, the private part is in
/home/linxuser/.ssh, and the public part gets put on the aix box in its
..ssh directory.

This opens a ssh connection between the two machines, and then the "-f"
option forks the ssh execution, and starts a telnet session. Since the ssh
connection is parked on port 2000 on the linux box, the telnet is pointed
at port 2000 on localhost. The other end of the encrypted tunnel is port
"99999" (or whatever) on the aix box. So in other words, you use a
standard telnet command *thru* the ssh connection.

Art

Art wrote:
I understand what you are trying to accomplish but what happens when
the user's network connection is dropped? D3 does not release the port.
I have tried many ways in order for the port to be "cleaned up" when
the connection is dropped. We have to go into D3 and log off port and
kill the linux processes. Any way of getting them to clean up without
having to do it manually? this has been an ongoing problem with D3 and
telnet. Is ssh anymore robust?

Using ssh doesnt help too much with that problem. I think the network
socket will have to time out before D3 gets the message that the port
is gone which can take a minute or three. Its the same as the user
X'ing out of (or improperly shutting down) a terminal proggie.

One workaround I've found helpful in this situation is to use a shell
script that logs into a specific port. That same script can give the
user the option to kill the port and then try to login again if the
first login returns that port already being used.

On Tue, 20 Dec 2005 06:29:00 -0800, kim wrote:
I wrote a little program to automate exactly that. I posted it a while
ago, which of course invites the critics.

As Tedd says, it's still a problem, but I think ssh helps a lot. Telnet
connections time out easily. ssh connections can have a keep-alive turned
on. This has made a large difference for me. If your ISP drops the
connection, then telnet or ssh doesn't make any difference, and you still
usually have to reset the port. Although I think that with linux clients
your odds are a little better of not needing to reset, but that's just a
personal opinion. But probably the majority of my drops where from
time-outs, and that's where the ssh keep-alive helps a lot.

Art