Private IRC Channel

Question

Assume I have an IRC server running on a linux box and the only way to get to that box is over ssh. I don't want to open any ports to the world, I just want folks with logins on that server to be able to connect to the IRC server running on that host.

I could always ssh to the server and forward some ports over SSH. Is there a better way? Are there IRC clients that will let me install my private key and then forward the IRC ports for me?

score 1 · Answer 1 · answered Jan 16 '10 at 16:14

1

I imagine you should be able to write a script in many clients that will execute a command line to open a SSH connection with port forwarding, then connect to the appropriate port at localhost.

answered Jan 16 '10 at 16:14

Jeff

130
4

Beat me to it. For the OP, based on your criteria you have to use either an SSH tunnel or open a port on the public interface. The script is a nice way to bundle everything up. – Scott Arrington Jan 16 '10 at 16:16

score 0 · Answer 2 · answered Jan 17 '10 at 19:27

0

If your users are all able to run irc clients on the same system as the ircd: Many clients and servers are able to use connections over UNIX domain sockets, so the only thing listening for incoming traffic is your sshd.

answered Jan 17 '10 at 19:27

Alex Holst

2,240
1
15
13

score 0 · Answer 3 · answered Jan 18 '10 at 00:42

If you know how to set up SSH to authenticate using keys in the authorized_keys file you are already half-way there. You can configure the file to automatically run a script/command when the user with the private key logs in. This can even include running an IRC client on the server side.

Alternatively, on the client end, you will want to do a -L 6667:ircserver:6667 port forwarding. Then, just connect your IRC client to localhost:6667 and it should work fine.

score 0 · Answer 4 · answered Jan 19 '10 at 01:06

If you have access to your firewall, you can possibly use something called portKnocking, which allows you to add a really sweet layer of security. Basically you "knock" on a specific range of ports a specific amount of times, and for a pre-determined set of time a specific port is opened for you to connect through. All of these variables can be set by you. I set it up on my router, which runs DD-WRT and its pretty nice.

URL: http://www.dd-wrt.com/wiki/index.php/Knockd

score 0 · Answer 5 · answered Aug 06 '13 at 20:32

I'd think that if you only wanted shell users on the ircd, the fastest, low tech way is run the ircd on local IPs only, 127.0.0.1 for example then install a CLI based IRC client like weechat, irssi, bitchx or epic. Shell users then must ssh to the server, then start the irc client.

Installing and using screen can also help by allowing users to return to their shell without closing the irc client.

Hope that helps.

Private IRC Channel

5 Answers5