It is used to keep network traffic secure. Insecure traffic examples include pop3, SMTP, HTTP protocols. If you are using a DSL or wireless network, then hackers (read as crackers) can read your sensitive information such as email username/password, and FTP login information. Recently a friend of mine told me that his SMTP login information is used to send spam email to thousands of users. The solution is simple to use ssh to forward arbitrary TCP ports to the other end of your connection so that you can protect the emails, the web(HTTP), and FTP traffic.
NOTE: If your ISP offers SSL for POP/SMPT, use SSL when using your POP and SMTP services.
Consider the following scenario
Normally you directly pull or send an email via ISP server. However, with the help of remote ssh server, you can secure the traffic. These days most of ISP do not provide the ssh access to pop3/smtp server. Then the solution is to use your universities shell account or free service providers such as metawire.org or server provided by your workplace. If you do not have remote ssh server, then stop reading this post.
Your ISP pop3 server name: pop3.myisp.com
Your remote ssh server name: metawire.org or ssh.myuni.ac.in
Your remote ssh server login name: vivek
Considering above information your ssh command will be as follows. First, login as root user type the command (when prompted for password, type vivek’s password on metawire.org) :
# ssh -f -N -L110:pop3.myisp.com:110 email@example.com
- -f: Requests ssh to go to background just before command execution.
- -N: Indicates we are forwarding port i.e do not open shell prompt.
- -L 110:pop3.myisp.com:110 : This is use to define a tunnel of port 110 on local system to port 110 on pop3.myisp.com. It uses following syntax:
- port:host:hostport which means given port on the local (client) host is to be forwarded to the given host and port on the remote side.
- firstname.lastname@example.org: Remote ssh user (vivek) and server name (metawire.org)
Here is another example where I’m using yahoo’s pop3 and smpt server to send and receive email via metawire.org’s shell account:
# ssh -f -N -L110:pop.bizmail.yahoo.com:110 email@example.com
# ssh -f -N -L 25:smtp.bizmail.yahoo.com:25 firstname.lastname@example.org
Please note that it is quite useful when you are on the wireless network (laptop) or when you do not truest your local network. If your mail server also provides the ssh access then command would be:
# ssh -f -N -L 25:pop3.myisp.com:25 email@example.com
Naturally next step is to reconfigure your mail clients such as Thunderbird or any other mail client, make sure you use pop3 server as localhost and rest of the configuration remain as it is, here sample configuration:
POP3 Server: localhost
Please note that secure SSH tunnel only works while you maintain a connection to a remote UNIX/Linux SSH server. If you disconnect from remote ssh server or quit the SSH session, your tunnel also goes down.