encrypted tunnel between linux endpoints

Question

I have 2 linux servers with an app that communicate over a simple telnet protocol (unencrypted).

I would like to force the app to run over some form of encrypted tunnel/etc. Is there a simple way to create a point-to-point encrypted tunnel, and force only my apps' traffic over that tunnel (? (eg: create a virtual NIC thats encrypted traffic) I don't want to route all network traffic over this tunnel.

Maybe I do not understand you question, but if you are using telnet (encrypted) why not use SSH which is encrypted? — Steven Carlson, Feb 22 '16 at 02:51
I cannot control the protocol the app uses - so it uses plaintext (telnet). — TSG, Feb 22 '16 at 03:04
@TSG If you cannot control the protocol the app uses, then can you clarify how this is a programming related question? — JBentley, May 09 '17 at 22:37

Jarra McIntyre · Accepted Answer · 2016-02-22T22:09:29.310

2

Use SSH port tunneling. You only need to change the connection (IP and port) on your client end once you have the tunnel set up.

Say system 1 listens on a socket on port AAAA and system 2 connects to system 1. Use ssh tunneling from an arbitrary port (say PPPP) on system 2 to port AAAA on system 1. Now direct the 'app' on system 2 to connect to 127.0.0.1:PPPP and the connection will be tunneled to system 1.

If both system listen and accept connections then also setup a tunnel in the opposite direction.

For completeness setup a custom user on both systems for your ssh tunnel. Set the new users login shell on both systems to /sbin/nologin and do not put them in any groups beyond their own. Now use 'sudo - u ' to launch ssh on system 2. Also block traffic from external interfaces to port AAAA on system 1, assuming you no longer need it. Also set ServerAliveInterval and ClientAlivalInterval in your ssh and sshd configurations respectively.

The alternative to this configuration is to set up a VPN between the two boxes.

edited Feb 22 '16 at 22:09

answered Feb 22 '16 at 02:59

Jarra McIntyre

1,265
8
13

The connection is APP to APP (server to server)...there is no user client (it does not run on a user workstation) – TSG Feb 22 '16 at 03:05
1

You still presumably have one end point which listens for connections on a particular port, and another end point which connects to that port. We'll call the side that listens on a port the server and the side that connects the client for ease of terminology. Use ssh tunneling from an arbitrary port (say PPPP) on the system that runs as a client to the port that is being listened to on the server. Now connect to 127.0.0.1:PPPP on the client system and the traffic will be tunneled to the server. – Jarra McIntyre Feb 22 '16 at 03:08
The info in your comment would be better added to your Answer. Good luck to all. – shellter Feb 22 '16 at 04:30

encrypted tunnel between linux endpoints

1 Answers1