[sf-lug] sending mail through SSH port forwarding
b79net at gmail.com
Mon Oct 13 13:58:45 PDT 2008
In an attempt to send email through SSH for protection against
password sniffing while using public wifi, I set up port forwarding
with this command:
ssh -l remote_username -L 9999:mydomain.net:25 user1 at mydomain.net -N -f
At which point I'm prompted for & enter the password for user1.
Using msmtp with mutt to send the mail, I put the following in
~/.msmtp ("host" is usually something like mail.mydomain.net and
"port" is typically not specified in the file, defaulting to 25):
My understanding of how this works is that rather than pushing
passwords and sent messages out across the net in plaintext to
mail.mydomain.net, everything gets sent locally to port 9999,
and then forwarded encrypted through an SSH tunnel to port 25 on
mydomain.net, the remote host.
This seems to be working, but I had a few general questions:
a) Is the above setup actually sending everything encrypted (safe
to use over unsecured public wifi networks)?
b) I notice that the SSH port forwarding remains persistent across
disconnecting & reconnecting the DSL connection. Are there any
potential disadvantages to leaving this up? Is there a way to stop
the process other than killing it by PID? Would it make sense
to issue the above ssh command when booting ( /etc/init.d/ )?
Here's what I see after issuing that ssh command (same output after
disconnecting from the net as well):
% netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:9999 0.0.0.0:* LISTEN 27258/ssh
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
tcp6 0 0 ::1:9999 :::* LISTEN 27258/ssh
tcp6 0 0 :::22 :::* LISTEN -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
Thanks for any clarification, knowledge expansion, etc.
More information about the sf-lug