Re: Speaking of ssh->pop

["Aaron D. Turner" <aturner () vicinity com>]

Hey Lance,

On your your.mail.server:110 you need the pop3d
running.  Basically -L does:

<port_on_your_workstation>:<remote_host>:<dest_port>

And anything that goes in on <port_on_your_workstation> will be
encrypted and send to the machine you ssh'd to, decrypted, and sent to
<remote_host>:<dest_port>.  Note that one really cool thing is that
your <remote_host> doesn't have to be the same system that you're
sshing to!  So you can do:

ssh shell.server -L 110:mail.server:110

where shell.server can reach, but is != mail.server.  Of course the
disadvantage is that the communication between shell.server and
mail.server is not encrypted.  I use this trick a lot to ssh to behind
the firewall, and port forward connections to internal web servers,
mail servers, etc.  Also be aware that if you use the -g option, ssh
will accept connections on your localmachine on port 110 and forward
them too.  If you don't use -g, the port is firewalled off.


-- 
Aaron Turner        aturner () vicinity com  650.237.0300 x252
Security Engineer                         Vicinity Corp.        
Cell: 408-314-9874  Pager: 650-317-1821   http://www.vicinity.com

On Mon, 13 Dec 1999, Lance Spitzner wrote:

> I be ssh challenged.  How do I setup the server
> side to accept ssh tunnels and forward them to
> the pop server? 
>
> On the client, all we have to do is follow
> Crispin's nice little script:
>
> #!/bin/sh
> ssh -C -l crispin -f \
>         -L 6666:your.mail.server:110 \
>         your.mail.server xbiff -geom +17+690
>
> Now, what do I have listening at port 110 on
> the remote end, POP or ssh?
>
> We, the ssh challenged, greatly appreciate
> your words of wisdom :)
>
> Lance Spitzner
> http://www.enteract.com/~lspitz/papers.html