I want a secure way for people to log into a server on my Windows machine from the internet. I have an idea; is it good?
I'd like to set up a TradeWars 2002 server
for strangers (in particular, Mefites - that is, people I don't know personally) to play on. The game server is Windows only, and runs a telnet server that people log into.
On my home network, I have exactly two ports forwarded on my router's firewall - one for VPN and one for SSH. These ports forward to a little ARM server running debian, with updated security patches, etc. Both ports are nonstandard port numbers, and SSH logins are restricted to public-key only. I also have a Windows 7 Home-Premium machine, on which I'd like to run the server. But I don't want to open any ports directly to the Windows machine.
My idea is this: create a special user on the Linux machine. Create a different SSH private key for every player (so I can tell who's logging in). In my sshd_config on the server, I turn off port-forwarding, etc (anything nonessential) and set ForceCommand as
telnet -e '' host port
so that shell access is disabled for the user. Also, I set the users shell to rbash, just in case. The user will have no password set, so login via anything other than the keys will be impossible. The ForceCommand, of course, will connect to the Windows machine on the proper port. (I could even chroot the user, if I wanted, as long as telnet had everything it needed to run in the chroot)
So from the players' perspective, they are just logging into the server with via publickey, and immediately getting the game (using PuTTY, or whatever). Is this secure? Are there any better ideas out there?