Date: Mon, 02 Jun 1997 16:12:44 -0700
From: "Zot O'Connor" <zot@crl.com>
Subject: ssh proxy for tn-gw

Here is info from the README.  This requires a host to have tn-gw on
the receiving end.  Apparently tn-gw uses several characters as codes
and tn-nav-gw escapes these for the client, and then unescapes them
for the server.

This works for me since I go to many clients who have tn-gw up and I
cannot control the firewall.  Once out to my home, I can ssh to the
site I need.


What is it?
-----------

tn-gw-nav is a program to allow you to use SSH (http://www.cs.hut.fi/ssh/) to
connect to a host which is on the outside of a TIS fwtk derived telnet
gateway. The host on the outside must also be configured to use
tn-gw-nav.

Getting the Source
------------------

ftp://ftp.nlc.net.au/pub/unix/tn-gw-nav


Contact the Authors
-------------------

John Saunders <john.saunders@nlc.net.au>
Charlie Brady <charlie.brady@nlc.net.au>

How does it work?
-----------------

SSH has a feature which allows you to use a program as a proxy to
establish a connection to the SSHD server. One of the functions of
tn-gw-nav is to negotiate the connection through the telnet gateway.

The other function of tn-gw-nav is to create a clean 8 bit stream
between ssh and sshd after the connection is created. The telnet
gateway unfortunately treats a few characters as special - these need
to be escaped to traverse the gateway safely, then unescaped before
being fed to the SSHD server.

Because tn-gw-nav must run at both ends of the connection, it does not
directly provide a general solution to using ssh through the telnet
gateway.  Once you have one ssh connection with a tn-gw-nav equipped
host, however, you will then be able to use ssh from there to anywhere
else using ssh.

If the unescaping code was added to sshd, enabled on a host by host
basis through a config entry in /etc/sshd_config, then tn-gw-nav would
only be required at the SSH client end. A patch for SSHD is on the
TODO list.

Zot O'Connor