Fading into White - SSH Tunneling

          Today's internet has gone a long way from it's friendly academic and research roots. Where in the past one might not worry about sending a password over an internet connection, today this is not acceptable. It is a trivial exercise to sniff passwords. To see how this can be done run:

# tcpdump -i <your network int> -s 1500 -c 1000 -w - | strings

and use POP3 to recieve your email on a remote server. Your username and password will immediatly appear as tcpdump output. That is why telnet is deprecated for logging into remote servers. In recieving mail via POP, the use of the APOP command offers protection for your password, but your username and all your email is easily readable "on the wire".

To prevent anyone from sniffing your POP traffic run the following commands on your BSD/Linux/Unix system using OpenSSH.

ssh -N -f -L 8000:localhost:110 username@mailhost
or
ssh -l username -N -f -L 8000:localhost:110 mailhost

In order to run these commands there has to be a running sshd on the target machine and you need to have a valid system account. You do not need to have a shell on the machine. /bin/nologin and /usr/bin/false on OpenBSD are enough. After authenticating with the remote machine the command will fork into the background and you will need to kill it when it is no longer needed. If you don't want it to fork, don't use '-f'. The '-L' option creates the tunnel. BE SURE THAT YOU HAVE PERMISSION from YOUR PROVIDER BEFORE you do this. The -N means that no shell is run on the target machine saving resources and allowing you to create the tunnel without having a shell account.

To test your setup run the ssh tunneling command and
telnet localhost 110
if all is working, you will get the pop server banner.

To tunnel your SMTP traffic replace 110 with the SMTP target point and choose another local port other than 8000. After running these commands configure your email clients to use the new ports on localhost.

....and everything fades to white noise....

If you tire of typing your passwords to ssh into a box or want to run non-interactive processes via ssh on a remote box, never fear, cryptography has a solution, RSA authentication ! What you do to enable ssh authentication is to append ~/.ssh/id_rsa.pub on your local machine to ~/.ssh/authorized_keys2 on the remote machine. If the ssh options are right, you can connect without a password. ...Be carefull to safeguard your keys as they will give anyone passwordless access to the remote computers !

If you have not created your ssh keys, you can do so with the following command:

ssh-keygen -q -t rsa

                                     Marina