…or sending email without worrying about packet sniffers
Updated on 3. October, 2003 — Chaz pointed me to SSH Tunnel Manager which provides a spiffy graphical interface to the whole thing. Much easier than using these commands if you’re running on Mac OS X. If you’re running on some other BSD, this will probably still be useful.
Updated on 19. July, 2003 — you can create multiple tunnels with a single command, and I’ve changed the command listed below to reflect that.
- Study: Wi-Fi users still don’t encrypt. Makes me relatively proud that I actually set up tunnels to check my email while at WWDC.
- Doc was having some problems using email from one of those closets they have in hotels where you can theoretically get high-speed internet access. My solution during MacHack and WWDC was that if I could connect to my server via ssh, I had “access” otherwise, the net was too flaky (or intentionally broken) to use for anything more than looking at web-pages. Why is ssh my benchmark for a reliable connection? Well, if I can maintain an ssh session, I can also maintain an ssh tunnel, which will let me send and read email securely.
Here’s the invocation (note that this may wrap in your browser, but you want just one line you’ll type into a shell):
ssh -i ~/.ssh/id_rsa -C -f -N -L 2500:betternerds.com:25 betternerds.com -L 1100:betternerds.com:110 betternerds.com
And then I configure my email client to talk to localhost:2500 for sending (SMTP) and localhost:1100 for receiving (POP3) and I’m golden. If you’re talking to a server other than mine (betternerds.com), you’ll want to change the server name in the commands. Also, you might have different POP3 and SMTP servers.
Of course this assumes you’re not afraid of a command-line and have already got an ssh key that’ll work. Also, when you’re done, you want to:
killall -HUP ssh
to shut down all ssh connections (you might want to use ps and kill to shut them down if you’re doing other things with ssh). Three things to worry about on the command-line, but suddenly you’re working with secure email and you don’t have to worry about someone reading confidential email or sniffing your password while you’re working on an insecure network.
I’ve tried this on both OpenBSD and Mac OS X machines. I suspect it will work on all BSDs, and might well work on Linux, but I don’t have a Linux machine around to test it on.