On Friday 16 November 2001 10:16 am, Peter Wiersig wrote:
On 15. November 2001 16:06 wrote Michael Bartosh:
I have used an ssh tunnel as an end user before (my last employer used it along with secureID as a sort of faux vpn) but have never set this up. Does anyone know where I should start, or do you have a url?
"man ssh"
ssh -L <localport>:popserver:pop3 tunnelend.example.com "sleep 3600"
Here is a little script that I use to keep a POP3 and SMTP tunnel running more- or-less continuously: ********************** begin ********************** #!/bin/sh # Make an SSH connection to 4th.com so that mail can be directly sent echo "Forwarding localhost:9000 to 4th.com SMTP, localhost:9001 to <remote>.com POP3" echo "Type exit then Control-C (rapidly) when done." while `true`; do ssh -i ~/.ssh/identity -L 9000:localhost:25 -L 9001:localhost:110 <remote>.com echo "Connection will retry in 5 seconds. Hit Control-C to abort." sleep 5 done *************************** end ********************** If the connection is broken, it will wait 5 seconds then re-establish. You need to have used ssh-keygen to create a key pair, and place the public key into the authorized_keys file on the remote host. Take Peter's suggestion and read the ssh and sshd "man" pages for details on the key setup procedure. It's pretty straightforward. Peter's use of the POP3 port on the local end is convenient and correct but requires the script to run as root. I chose two nonprivileged ports (9000 for SMTP and 9001 for POP3) on my local host so that I can run the script as an ordinary user. Rather than sending a "sleep 3600" command, I leave that parameter out so that I get a login shell on the remote. This is personal preference, because my web sites live on this server also and so I often use that shell anyway. You can put the "sleep 3600" command into my version as well, if you wish. Once you have this running, you set up your mail client to receive POP3 from "localhost" on port 9001 and to send mail via SMTP to "localhost" port 9000. Works great with KMail and most other mail clients. Sometimes the connection will break without the local ssh command detecting it for a brief time. In that situation, you'll get a one-time error in your mail client. Just wait a few seconds and try again, because the network traffic that caused that error message also jogged the local ssh command into terminating so that the script loop can restart it. Scott -- -----------------------+------------------------------------------------------ Scott Courtney | "I don't mind Microsoft making money. I mind them courtney@4th.com | having a bad operating system." -- Linus Torvalds http://www.4th.com/ | ("The Rebel Code," NY Times, 21 February 1999)