RE: Speaking of ssh->pop

["Dom De Vitto" <dom () devitto com>]

Or use the sshd config file to limit clients (IPs and usernames) that
can connect.

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto
Secure Technologies Ltd.                           Mob. 07971 589 201
mailto:dom () devitto com                             Tel. 01202 738 767
http://www.devitto.com                             Fax. 08700 548 750
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


-----Original Message-----
From: owner-firewall-wizards () lists nfr net
[mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Brian Hatch
Sent: Wednesday, December 15, 1999 10:43 AM
To: Lance Spitzner
Cc: firewall-wizards () nfr net
Subject: Re: Speaking of ssh->pop




> I be ssh challenged.  How do I setup the server
> side to accept ssh tunnels and forward them to
> the pop server? 
>
> On the client, all we have to do is follow
> Crispin's nice little script:
>
> #!/bin/sh
> ssh -C -l crispin -f \
>         -L 6666:your.mail.server:110 \
>         your.mail.server xbiff -geom +17+690
>
> Now, what do I have listening at port 110 on
> the remote end, POP or ssh?

Your (recently upgraded ;-) popper, running
out of inetd as normal.

If people should only be able to connect to it
via the ssh forward, tcpd wrap it to accept connections
only from localhost and 'your.mail.server' above.



--
Brian Hatch                "Zathras warned,
   Systems and              but no one listen
   Security Engineer        to Zathras, no."
http://www.ifokr.org/bri   
                           
Every message PGP signed

Attachment: Domenico De Vitto.vcf
Description: