hi all
i saw the following posting from the mailing list archives which is
something which i'm trying to doexcept that i'm using it over a socks
proxy.
setenv SOCKS5_SERVER my.socks.server.com
runsocks ssh -v -L 20110:mail.domain.com:110 mail.domain.com
I successfully login but i got an error message saying
.....
scotch2: Connections to local port 20110 forwarded to remote address
mail.domain.com:110
Local: listen: Bad file number
will ssh tunneling works over socks?
Thanks!
kokyong
---------------------------------------------
>From [EMAIL PROTECTED] Wed May 26 09:39:59 1999
Received: from santra.hut.fi (santra.hut.fi [130.233.224.1]) by
hutcs.cs.hut.fi (8.8.8/8.8.8) with ESMTP id JAA04907; Wed, 26 May 1999
09:39:57 +0300 (EET DST)
Received: from lohi.clinet.fi ([EMAIL PROTECTED] [194.100.0.7])
by santra.hut.fi (8.9.3/8.9.3) with ESMTP id BAA06504;
Wed, 26 May 1999 01:04:58 +0300 (EET DST)
Received: (from majordom@localhost)
by lohi.clinet.fi (8.9.1/8.9.0) id AAA24744
for ssh-outgoing; Wed, 26 May 1999 00:50:40 +0300 (EEST)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to
[EMAIL PROTECTED] using -f
Received: from mail-relay1.dti.net (mail-relay1.dti.net [206.252.128.11])
by lohi.clinet.fi (8.9.1/8.9.0) with ESMTP id AAA24733
for <[EMAIL PROTECTED]>; Wed, 26 May 1999 00:50:38 +0300 (EEST)
Received: from mail.dti.net (mail.dti.net [206.252.128.10])
by mail-relay1.dti.net (8.9.3/8.9.1/1.4/rdf) with ESMTP id
RAA05500;
Tue, 25 May 1999 17:48:48 -0400 (EDT)
Received: from crow.noc.dti.net (crow.noc.dti.net [206.252.134.41])
by mail.dti.net (8.9.3/8.9.1/1.4/rdf) with ESMTP id RAA08866;
Tue, 25 May 1999 17:48:47 -0400 (EDT)
Received: by crow.noc.dti.net (8.9.3) id RAA01182; Tue, 25 May 1999
17:48:46 -0400 (EDT)
Date: Tue, 25 May 1999 17:48:46 -0400
From: Josh Rivel <[EMAIL PROTECTED]>
To: Thomas DeBellis <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], Fred Read <[EMAIL PROTECTED]>
Subject: Re: Secure Proxies [port forwarding]
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.5i
In-Reply-To: <[EMAIL PROTECTED]>; from Thomas
DeBellis on Tue, May 25, 1999 at 04:59:50PM -0400
Sender: [EMAIL PROTECTED]
Precedence: bulk
Thomas DeBellis wrote...
> Yes, yes, I understand to read the man pages and that the accounts
> need to be set up, etc., etc. I'm not asking for recommendations;
> I'm asking for concrete examples that somebody has done already as
> I am confused about the man pages.
OK. Here's an example. We run sshd out of inetd.conf on all our
systems here. To do so, this is what inetd.conf looks like:
localhost:~> grep sshd /etc/inetd.conf
sshd stream tcp nowait root /usr/local/sbin/sshd
/usr/local/sbin/sshd -i
The -i tells sshd that it's being run out of inetd.conf - do not
run it on the command line with the -i option.
*NOTE* You must have an entry in /etc/services for sshd or else this will
not work, you'll get errors.
localhost:~> grep sshd /etc/services
sshd 22/tcp
And of course, do a kill -HUP on the PID of inetd once you make that
change
to /etc/inetd.conf
> The man page for ssh doesn't say *anything* at all about inetd. So,
> what is it? -L? -R? Which one? What's the line in inetd.conf
> look like?
For port forwarding you don't do anything with sshd, it's with ssh.
For example, we have a POP server here for getting email. Well, I'd
rather not send my POP password over the wire in plain text everytime
I check my email, so what I did was setup port forwarding between
my machine and the mail server, so I connect to localhost port 20110
instead of to the mail server on port 110. Me giving my password to
the mail server is now done over a secure encyprted channel via SSH.
To initiate this port forwarding, I issue this command from my
workstation:
localhost:~> ssh -L 20110:mail.domain.com:110 mail.domain.com
What that does is is ssh me into mail.domain.com, redirecting localhost
port 20110 to port 110 on mail.domain.com.
Adjust the port numbers to your liking, but hopefully this should clear
it up. Of course, there has to be an sshd process running on
mail.domain.com,
either out of inetd.conf using the -i option or in standalone mode, with
no
options, and you have to have a valid account on mail.domain.com.
Hope this helped some.
Josh
