|
|
|
|
|
SSH port forwarding is a method of allowing secure, encrypted connections to traditionally non-encrypted services, such as POP3 for email, NNTP for news, etc. With this method of connecting to the servers, you would open a connection to "forward" a local port to a remote port over SSH, then set your client software to connect to your local port. This way, any passwords being requested are sent over an encrypted connection rather than out in the "open".
Port Forwarding on Unix® Machines
Using a text-based SSH client setup as a sample (often used on Linux and other such Unix-based computers), the command to open a forwarded connection is:
ssh -L LPORT:RHOST:RPORT SSHHOST Where... LPORT = Local Port, a port on your machine RHOST = Remote Host, server to connect to RPORT = Remote Port, port on the remote host SSHHOST = SSH Host; "eskimo.com" for our customers. Any number of forwards can be setup on a single connection. For instance, to only open a secure POP3 port:
ssh -L 5110:pop3.eskimo.com:110 eskimo.com To open both POP3 and NNTP in the same manner:
ssh -L 5110:pop3.eskimo.com:110 \ -L 5119:eskinews.eskimo.com:119 eskimo.com Unix-based servers require "root" permissions to forward locally-priviledged ports (1-1024, I believe), so setting up ports outside this range under a regular user's connection is better for security.
You can verify that the ports have been opened for forwarding by adding '-v' (for 'verbose') to the ssh arguments:
ssh -L 5110:pop3.eskimo.com:110 -L 5119:eskinews.eskimo.com:119 -v eskimo.com
...
eskimo.com: Connections to local port 5110 forwarded to remote address pop3.eskimo.com:110
eskimo.com: Connections to local port 5119 forwarded to remote address eskinews.eskimo.com:119
...
Port Forwarding on Windows® Machines
TeraTerm Pro with SSH Extension:
"ttssh" uses a command line system similar to the Unix method shown above, with a slightly different argument set:
ttssh eskimo.com:22 /ssh-L5110:pop3.eskimo.com:110
Notice that '-L' has become '/ssh-L' and there is no space between it and the port information. Also be sure you specify port 22 (ssh) on eskimo.com. The order of the arguments may be needed as shown above (I'll check on that...order may not be required).
Alternatively, you can use the configuration window listed under Setup / SSH Forwarding.
Using Forwarded Ports
Using these forwards would entail setting your client's preferences to the appropriate local ports. For example, using Netscape Communicator's mail and news settings:
Instead of... Incoming Mail: pop3.eskimo.com Use... Incoming Mail: localhost:5110 Instead of... Newsgroups: eskinews.eskimo.com Use... Newsgroups: localhost:5119
Services that would be forwarded for this reason would be anything that requires username/password authentication, including:
Authenticated Servers, and Ports NNTP eskinews.eskimo.com 119 POP3 pop3.eskimo.com 110
[Home]