On Wed, 25 Sep 2002, at 2:52pm, [EMAIL PROTECTED] wrote: > which is slightly different than: > > pop.paul.com listens on port 110 > I want the box I'm sshing -to- to listen on 110 and > connect me with pop.paul.com > so I do: > ssh [EMAIL PROTECTED] -R 110:pop.paul.com:110
With your above example, I start out on 'A'. When I connect to the SSH server, the '-R' you give will cause the SSH server to try and listen on TCP port 110. Any connection attempts made to that listener will be forwarded to 'pop.paul.com' on TCP port 110. There are three potential problems with that. One, you would need to instruct fetchmail to connect to system 'B' instead of 'localhost', which means the forwarded connection would go over the wire in cleartext. Granted, in this case, that does not matter, since Paul is going to end up transmitting over the public Internet in any event. But in a different scenario (e.g., you are gatewaying *in* to a trusted network), that would be bad. Second, by default, the OpenSSH server binds forwarded ports to the loopback address, preventing remote hosts from connecting to them. So fetchmail would be rejected. You can change this by putting 'GatewayPorts yes' in your 'sshd_config' file, but maybe Paul cannot do that, or does not want to. Third, you need root privileges to use ports below 1024. Again, Paul might not want or be able to do that. > The difference is -L listens on the box you're running ssh on and -R > listens on the box you're sshing to.. at least, that's my understanding.. Yup. I am telling SSH to listen on system 'A', and forward the connection via SSH from system 'B' to system 'C'. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
