I’d like to make a serial port available over the network. RFC-2217 provides extensions to Telnet to transport extra serial port info such as speed, data bits, stop bits, and hardware handshaking lines.
However, I want to ensure it’s not freely accessible to just anyone on the network, so I want to do authentication and encryption. Telnet is weak on authentication and does not provide encryption. SSH is generally preferred over Telnet.
Is there any protocol that allows serial port transport through SSH, similar to RFC-2217?
I realise one option could be to tunnel Telnet + RFC-2217 through an SSH tunnel. That is technically achievable, though in practical terms it’s a little awkward.
Zeroconf
The other question is, how could such a port be advertised with Zeroconf DNS-SD? E.g. how could a Telnet + RFC-2217 serial port, that is tunnelled through SSH, be advertised with Zeroconf? (plain Telnet + RFC-2217 might be advertised as _telnetcpcd._tcp from what I can tell.)
What you want is a secured serial-over-LAN connection.
The reason why you don’t find any free project which does this is simple – most open source projects seperate the transport layer security from the protocol (for good reasons). Instead of re-inventing the wheel for every application, you can just re-use the security component (SSH in this case) and apply it to your unsecured protocol (RFC-2217-compatible, for example).
Just use a SSH tunnel or stunnel to secure the connection. For Windows clients, you can use com2com and for *nix systems something like ttyd.
com2com, for example, does not even requires to be started manually after initial setup, so your users only have to establish a SSH tunnel (through PuTTY, for example).
ptyandopenssl-listenyou can do pretty much exactly what you want (slightly contradicts what I wrote above because it actually does implement transport layer security)