On Wed, May 17, 2000 at 02:41:50PM -0700, Tamara Thompson wrote:
> I've read and re-read the documentation online, and have Anne's excellent
> Unix Secure Shell book, but I still haven't understood the reason for port
> forwarding.
Funny thing, me too :) Sometimes you can stare at something long enough,
that it never makes any sense.
Tunnels are a tricky thing: Here's a building block way to think of them
To log into an SSH server, you use the following syntax:
$ ssh machineyourelogginginto
To tunnel, say POP3 (port 110) and SMTP (port 25), from the SSH server (which
is inside the firewall, and I'm outside) to the mailserver, I would do this:
$ ssh -L localport:popserver.example.com:receivingport machineyourelogginginto
So, for something like POP3, where the commands look like this:
USER username
PASS password
You don't really want that going in the clear to a production server, do
you?
> Anyone have an intro level explanation of how and why port forwarding is
> used? Does it add any extra security to a communication?
One of the best explanations I've seen for this Steve Acheson's article
in SunWorld "Enter the Secure Shell":
http://www.sunworld.com/sunworldonline/swol-02-1998/swol-02-security.html
-Anne
------------------------------------------------------------------------
Anne Carasik, Principal Consultant | Any two consenting adults can rub
SSH Communications Security, Inc. | two primes together to create
Email: [EMAIL PROTECTED] | a public keypair" - R. Thayer
------------------------------------------------------------------------
Unless stated otherwise above, the opinions expressed herein are my own,
not of my employer.
