1

I'm setting up a BBS on a Raspberry Pi. The application answers ssh on port 22 and telnet on port 23. Now I'm thinking about how to make it public without advertising my home IP address. Cloudflare works For ports 80 and 443 (and many others), but not for ssh and telnet protocols.

The obvious answer (to me) is to deploy an instance on a cloud service and run an ssh tunnel, but I'm open to suggestions.

How would you proxy inbound SSH to hid the server's IP address?

opendna
  • 61
  • 9
  • 5
    And then the question would be, if you're running a proxy server on a cloud instance, why would you not run the BBS on the cloud instance instead of on the Pi and not worry about the proxy at all. – heavyd Mar 01 '17 at 21:22
  • That's fair question. Faster, more reliable, doesn't expose my home IP, more support for BBS flavors with less fiddling around... For ~$5/mo, why keep in on the rPi? I don't have a good answer yet. – opendna Mar 03 '17 at 11:15
  • If it isn't a secret, what BBS did you choose that support SSH? – Alex Mar 03 '17 at 12:15
  • 1
    @Alex It's Mystic BBS (because it was convenient on an rPi), which doesn't support SSH, but I worked out a hack to make it happen: jail a user but don't build the jail. A password-less user with no permissions (other than SSH) can access the port being answered by the board. A normal user will drop to shell upon quitting the board, but a jail-less jailed user will get kicked. I'm sure there's a security fail somewhere, but I haven't found it yet. Using the Public Key handshake for every connection isn't ideal, but it's still SSH. – opendna Mar 04 '17 at 13:22
  • @AnonymousCoward Thank you for info, interesting approach. Take a look also at `WWIV BBS` and `Synchronet` – Alex Mar 04 '17 at 22:25
  • @Alex Synchronet is a pain to compile on rPi, but I'll try it if I go VM-only. Thanks for the tip on WWIV (now on GitHub!). – opendna Mar 07 '17 at 07:32

1 Answers1

1

You can get some cheap VPS around 3-5 bucks/month and setup you SSH's BBS there or if you still prefer to keep it locally on your Raspberry Pi, then you need to install on VPS recent version of nginx (1.9.x +) that support TCP stream and redirect SSH to your home IP. More on this here. Another tool that can do that, it is HAproxy, you can take a look here for example how to set it up.

Community
  • 1
Alex
  • 6,187
  • 1
  • 16
  • 25