On Tue, 15 Aug 2000, Robert W. Fowler wrote:
> since i have SSL/SSH installed and working properly , how would i use it to
> secure my Email transactions ?
Well, general Internet email is inherently insecure, so this is almost a
lost cause. But you can at least protect access to the accounts on the mail
servers themselves. You can use SSH port forwarding to tunnel
POP3/IMAP/SMTP/whatever from your remote location to your corporate LAN.
More on this below.
> ive been tinkering around using SecureFX for {FTP} and it works Great but
> i still have a vunerable ftp server hangin out there on the net
SecureFX apparently simply tunnels FTP over SSH to the server you are
contacting, so you need the FTP daemon running. Use ipchains to prevent
incoming FTP connections from any of your network interfaces other then
loopback. This effectively makes the FTP daemon available only to local
processes, i.e., the SSH server. I would then back that up with TCP-Wrappers,
allowing FTP access only to the loopback address (127.0.0.1).
> ... since SecureFX basically secures your login to FTP, but
> the file transfer's are still open.
Incorrect. It tunnels the entire FTP session -- both the control and data
channels -- over SSH. The only exception is if you are trying to tunnel FTP
over SSH protocol V1. That is not secure, but you would know if you were
doing it.
There is a good picture in the FAQ:
http://www.vandyke.com/support/securefx/faq.html#Q4
> 2) Securing Email ? when i setup my Email client to use secure email it
> wants to use port 995 ? anyone have some insite on this ?
According to /etc/services, TCP port 995 is POP3 over SSL, which requires a
POP3 server supporting that. That likely means money. It would be easier,
and possibly more secure, to simply tunnel POP3 over SSH.
To do so, configure your SSH client to forward local TCP port 110 (which is
POP3) to remote server TCP port 110. Do the same for TCP port 25 (SMTP).
Then point your mail client to "localhost" for its mail servers. SSH will
forward the connections over the secure tunnel to your mail servers, and your
mail client will be none the wiser.
> ive looked through a bunch of how to's but havent seen this yet.
Well, I would start with the "Secure-POP+SSH mini-HOWTO", since that is what
you are looking to do. I would also recommend these HOWTOs, not so much for
immediate answers, but as starting points:
- The VPN HOWTO
- The VPN-Masquerade HOWTO
- The Security HOWTO
- The Securing-Domain HOWTO
The documentation that comes with SecureFX and OpenSSH is also quite good.
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
