Firewall Wizards mailing list archives
Re: Speaking of ssh->pop
From: Brian Hatch <ssh () ifokr org>
Date: Thu, 16 Dec 1999 11:55:50 -0600
dom () devitto com wrote:
I be ssh challenged. How do I setup the server side to accept ssh tunnels and forward them to the pop server? On the client, all we have to do is follow Crispin's nice little script: #!/bin/sh ssh -C -l crispin -f \ -L 6666:your.mail.server:110 \ your.mail.server xbiff -geom +17+690 Now, what do I have listening at port 110 on the remote end, POP or ssh?Your (recently upgraded ;-) popper, running of inetd as normal. If people should only be able to connect to it via the ssh forward, tcpd wrap it to accept connections only from localhost and 'your.mail.server' above.Or use the sshd config file to limit clients (IPs and usernames) that can connect.
Let me rephrase: sshd can be configured in it's sshd_config to allow only certain ips/users/etc through the Allow directives. However to force people to use an ssh forwarding to connect to your POP server, make sure it's controlled by tcpd in /etc/inetd.conf, similar to the following: pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d and make sure /etc/hosts.allow has ipop3d: localhost your.mail.server Then people could only pop 'locally', ie via a mail client that popped off of localhost, or via an ssh (or other) forwarding. -- brianhatch () onsight com Computer (n): Systems and A device designed Security Engineer to speed and http://www.onsight.com/ automate errors. Every message PGP signed
Attachment:
_bin
Description:
Current thread:
- Speaking of ssh->pop Lance Spitzner (Dec 14)
- Re: Speaking of ssh->pop Horst Meyerdierks (Dec 15)
- Re: Speaking of ssh->pop Brian Hatch (Dec 15)
- RE: Speaking of ssh->pop Dom De Vitto (Dec 17)
- Re: Speaking of ssh->pop Brian Hatch (Dec 17)
- RE: Speaking of ssh->pop Dom De Vitto (Dec 17)
- Re: Speaking of ssh->pop dreamwvr (Dec 15)
- Re: Speaking of ssh->pop Aaron D. Turner (Dec 15)
- RE: Speaking of ssh->pop Dom De Vitto (Dec 17)
- <Possible follow-ups>
- RE: Speaking of ssh->pop Victor Granic (Dec 15)