Anybody got an ssh shell account (on a server) they could put waste
behind?

Do it like this, set up the ssh server on a machine with port 1337
closed, then create an account to tunnel in on the ssh port.

If you run a waste client on the ssh server that is set to do network
routing (by default waste is set to do this, in Prefs/Network the
option 'Route Traffic' is enabled by default), then any incoming ssh
connections that have port 1337 forwarded to the ssh server will be
connected & routed by the waste client running on the server.

The trick on the system connecting to the ssh/waste server is to
close waste before connecting to the remote ssh/waste server, &
establish the ssh connection first (in Putty this requires forwarding
port 1337 to the internal IP address on the remote server). Once the
ssh connection is established, start the waste client locally &
connect it to remote address 127.0.0.1 (more about the process here: http://pigtail.net/LRP/printsrv/tunnel-how.html)

As long as the remote ssh/waste server has the key for the connecting
client in advance (& versa-vice), the connecting client will then
tunnel in to the remote server through the Putty ssh tunnel.

The advantage to doing it this way is the ssh tunnel is encrypted, as
is the waste traffic. However to systems that do port scanning or
packet traffic captures, they now have two layers of encryption to
crack, & the only port they will see open on the server side is port
22 (the ssh port). This is good because they then have no idea that
there is a waste connection tunneling in through the ssh connection.
The encrypted ssh tunnel shields the waste connection going through
it as well as the port that waste is connecting in by.

I have done this setup a few times myself on my servers. I don't
recommend using port 22 because it requires leaving the port open on
a firewall/router & port 22 is a notorious hacker magnet port. The
few times I ran 22 open I got hundreds of connection attempts
incoming to port 22 (as in, hundreds.. per.. day..!)

If you are going to try this, I would recommend doing a port
reassignment for port 22; move the service port to something else,
some unused port number (we use high port numbers like 22222). This
prevents bonehead hack attempts by scanners trying to connect after
scanning open ports on an IP address & finding an open ssh port.

Anyway, I don't have any servers here anymore that I can open
directly to the Internet to allow ssh accounts (we're using VPNs here
& only allowing company traffic on this network). But this does work,
I have set it up & run it from servers with direct connections to the
Internet, or from collocation servers, proxy servers, shell servers,
etc.

I wish the nullnet guys would do this, grr.

Somebody please do this, I want to try it by routing a connection in this way
to the nullnet ;-)

have fun :-D

http://img136.imageshack.us/my.php?image=pimg2022tk3.jpg