I am developing for a system that has an interactive telnet management console. Requirements dictate that we disable telnet access and add SSH instead. Changing the management console into a stand-alone program that we can use for SSH login would require a vendor to get involved. I was thinking of a less expensive solution that would be something like this:
Block the telnet management console from outside access but leave it running available for localhost connections.
Write a login shell (in C++, or maybe something as simple as this if I'm lucky) that acts as a proxy. The login shell will telnet to localhost and send all commands it receives from the user over telnet, and send all displays and prompts it receives from the telnet server back to the user.
Change /etc/passwd to launch this proxy shell when the user logs in over ssh.
Is what I'm thinking possible? Are there horrible pitfalls that I'll get stuck on? Are there better alternatives? I'm using OpenSSH as the ssh daemon.