Hi,
Over the past few years, I've needed to establish a robust
tunnel from work to home, trying to make it as secure as I can.
Ultimately, I wound up developing three programs of varying
complexity. Basically, every time I learned some new thing
that made it work better either for the sake of security or
robustness, I glued it into this stuff. It took too much
work and research to get all the parameters to play nice.
Anyway, I'm offering it ups under a BSD license so it can be
improved and so I don't have to maintain it just for myself.
The three things are:
1. a daemon on the server that keeps trying to connect to a
remote node/work station. It must invoke ssh with all
those strange parameters to establish the tunnel.
2. a wont-do-anything-at-all login shell for the only user
allowed to login on the work station. It parses it's
"command" (the argument after the "-c") as some options,
including a host name and port number. It journals
its activities in /var/log/noopsh and creates a file in
/var/run/noopsh/${hostname} containing the port number.
This file is removed "atexit(3C)".
3. The tssh program (Tunneled-Secure-SHell) that resolves
the host argument by looking for it in /var/run/noopsh
and getting the correct port number from that file.
Had I had such a thing, it would have saved me a lot of
research and futzing around. So, if you-all have a place for
such an addon, I'll polish it a bit and send it along.
Cheers - Bruce
p.s. they all come with man pages.