> So I've just used the plug-gw on port 22 to transparently (if
> your box supports it) go through.
What I'd like would be something that did an ssh connection to tn-gw, so
I could use ssh to connect to tn-gw on the outside, authenticating from
the authserve database on the firewall. I'm not sure that ssh can handle
that, unless you use simple password authentication (that is, does the ssh
protocol support the two-stage handshake of challenge-response for an skey
connection?). I don't want to abandon skey since not all my users have
ssh. In fact, none of them do at this point...