[svlug] SSH password question
Seth David Schoen
schoen at uclink4.berkeley.edu
Sat Nov 7 01:29:41 PST 1998
James W. Abendschan writes:
> On Fri, 6 Nov 1998, Hans Cathcart wrote:
> > I'm using SSH to log into my servers, but I'm also using POP to check my
> > mail. Since both SSH and POP look at the /etc/passwd file, I see a security
> > problem. If someone traps my POP session password, which is not encrypted,
> > they can then log in through SSH. Is there an easy, straight-forward way of
> > having different passwords?
>
> You can always use ssh's port forwarding option to create a secure channel
> through which you can tunnel things like POP. ie:
>
> ssh secure.net. -L 2110:pop.secure.net:110
>
> ..will make port 2110 on the local host redirect to port 110 on pop.secure.net
> over an encrypted channel. Then point fetchmail (or whatever) at
> localhost:2110 to fetch your mail via POP3.
>
> An alternative is to implement APOP (cucipop and qpopper both support this.)
> The sniffers will still be able to read your mail, but they won't
> be able to sniff your password.
My friend Manish has just recently gotten a mini-HOWTO published on this
very topic:
http://sunsite.unc.edu/LDP/HOWTO/mini/Secure-POP+SSH.html
It credits me at the end. :-)
--
Seth David Schoen L&S '01 (undeclared) / schoen at uclink4.berkeley.edu
He said, "This is what the king who will reign over you will do." And they
said, "Nay, but we will have a king over us, that we also may be like all the
nations." (1 Sam 8) http://ishmael.geecs.org/~sigma/ http://www.loyalty.org/
--
echo "unsubscribe svlug" | mail majordomo at svlug.org
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ to unsubscribe
More information about the svlug
mailing list