4.2-RC3 Mail checker & pop3 entry: missing port number
Robert Klein
RoKlein at roklein.de
Tue Dec 28 12:56:43 CET 2004
Rob Lahaye schrieb:
> which works. However, using pop3 like this is risky,
> since it sends the password in clear text over the network.
>
> Instead, one should use a secure tunnel from the local machine
> to the server. Say, this tunnel operates on port 55110 with:
>
> ssh -N -f -L 55110:server:110 my.local.host
>
> then the following should be allowed in the mailchecker:
> pop3://user:password at localhost:55110
umm... I hink there is a slight misunderstanding.. SSH tunnels don't
work _this_way_.
If you use some argument like "-L 55110:machine1:110 machine2" you get
an encrypted session between the computer starting the ssh command and
machine2. The connection between machine2 and machine1 is still
unencrypted. (Just ask yourself, how the pop3 server (that is, the
program, not the computer) should know ssh..)
Your command above establishes a tunnel from the computer you start ssh
and port 55110 on the same to "my.local.host" (I guess it's the same
machine). Then "my.local.host" takes everything from its end of the
tunnel and opens a plain text connection to "server" port 110.
In order to get an encrypted connection to server you need ssh login
capability, there. Then you can do a "ssh -L 55110:server:110 server".
This establishes an encrypted connection to "server". "server" itself
uses a plain text connection (via the loopback interface) to connect to
the pop3 server on the same machine.
(Reference: german translation of "SSH, The Secure Shell: The Definitive
Guide", O'Reilly, 2001 -- the german edition has some nice graphics in
chapter 9, "Port and X-Forwarding", illustrating this.)
Regards,
Robert
More information about the Xfce4-dev
mailing list