[sf-lug] sending mail through SSH port forwarding

John Magolske b79net at gmail.com
Mon Oct 13 13:58:45 PDT 2008


In an attempt to send email through SSH for protection against
password sniffing while using public wifi, I set up port forwarding
with this command:

ssh -l remote_username -L 9999:mydomain.net:25 user1 at mydomain.net -N -f

At which point I'm prompted for & enter the password for user1.

Using msmtp with mutt to send the mail, I put the following in
~/.msmtp ("host" is usually something like mail.mydomain.net and
"port" is typically not specified in the file, defaulting to 25):

host localhost
port 9999

My understanding of how this works is that rather than pushing
passwords and sent messages out across the net in plaintext to
mail.mydomain.net, everything gets sent locally to port 9999,
and then forwarded encrypted through an SSH tunnel to port 25 on
mydomain.net, the remote host.

This seems to be working, but I had a few general questions:

a)  Is the above setup actually sending everything encrypted (safe
    to use over unsecured public wifi networks)?

b)  I notice that the SSH port forwarding remains persistent across
    disconnecting & reconnecting the DSL connection. Are there any
    potential disadvantages to leaving this up? Is there a way to stop
    the process other than killing it by PID? Would it make sense
    to issue the above ssh command when booting ( /etc/init.d/ )?

Here's what I see after issuing that ssh command (same output after
disconnecting from the net as well):

% netstat -plunt

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address   Foreign Address  State   PID/Program name
tcp        0      0 127.0.0.1:9999  0.0.0.0:*        LISTEN  27258/ssh
tcp        0      0 0.0.0.0:25      0.0.0.0:*        LISTEN  -
tcp6       0      0 ::1:9999        :::*             LISTEN  27258/ssh
tcp6       0      0 :::22           :::*             LISTEN  -
udp        0      0 0.0.0.0:68      0.0.0.0:*                -


Thanks for any clarification, knowledge expansion, etc.

John


-- 
John Magolske
http://B79.net/contact




More information about the sf-lug mailing list