SSH tunneling can be used to route any traffic from one computer to another, as long as there is an SSH server on one end and an SSH client on the other end. It is a requirement that there be an account with shell access used to create the tunnel. One common use of SSH tunneling is to secure email transfers when the email server has no secure transport protocol in place. This is a problem at my place of work, which is a large university that does not provide a secure means to check email. In order to prevent my username and password from passing between my machine and the mailserver in the clear, I use SSH tunneling to encrypt all traffic. I will explain how I did this in the following steps:
1. First, setup the SSH tunnel between the local machine and the mailserver for pop3 and smtp transport, note the use of high-end port numbers to allow the tunnels to be established by a non-privileged user:
ssh -L 52110:localhost:110 -L 52025:localhost:25 -l
This command will be answered with a password prompt, which is the password for the SSH account you are using to connect to the mailserver. To verify the tunnels have been established, open another shell and use netstat to see if your machine is now listening on those two ports:
netstat -l --inet
2. Next, configure your mail client to check for mail on localhost:52110 and to send mail on localhost:52025 host/port configurations.
No comments:
Post a Comment