Call for Help: SSH Port Forwarding
OK, world, this problem is officially beginning to tick me off. So I’m calling for help — maybe one of you fine readers out there knows how to solve it…
The ISP that hosts my mail server requires me to make my IMAP connections over SSH, to keep them from getting hacked. Now, in Windows I use Bitvise Tunnelier to make this easy as pie, but on my home Linux box, things aren’t so easy.
See, here’s the thing. I know how to use SSH to do a simple port forward from the terminal. But what I want to do is have the system create the port forward at startup, and have it run silently in the background — no terminal or user intervention required. This is so that I can log in and fire up my IMAP client (Mozilla Thunderbird) without having to go through the process of launching terminal, keying in SSH command, etc. I want the whole port-forwarding thing to just be taken care of behind the scenes — the way Tunnelier does on Win32.
I’ve spent weeks crawling the Net, reading FAQs and HOWTOs, browsing Usenet, and generally dorking out on this question, to no avail. I’ve solved pieces of it — I learned how to use ssh-agent, for example, to allow passwordless authentication — but I can’t find any instructions that bring it all together.
It’s extremely frustrating. I can’t be the only #()!(@ Linux user out there who wants to access IMAP via SSH, can I? Or do all the other ones just do it from the terminal every time, and figure that’s as good as it gets because they haven’t been spoiled by Tunnelier? I have no idea — all I know is that I can’t find answers one way or another.
So, in true LazyWeb fashion, I’m throwing out a challenge. Post either (a) instructions on how to do what I describe above (have Fedora Linux silently create a port forward at system startup), or (b) a link to those instructions elsewhere on the Web, in the comment thread of this post. I’ll give your solution a shot, and if it works, I will pay $10 via PayPal to the e-mail address of the person who submitted it. In the case of multiple submissions, first one received wins — and I’m gonna go by time posted to the comment thread, so put it there rather than sending it to me by e-mail (so that others having the same problem can benefit from having the solution publicly posted).
So, whaddaya say, world? If you’ve got a link that solves my problem it’s a quick way to earn some beer money for the weekend. Hit me.
UPDATE (7/8/2005): I should mention that before anybody got around to giving me a solution to my problem that met the criteria outlined above, Mozilla integrated SSH tunneling to the IMAP support in their excellent Thunderbird mail client. So now I just set a couple of preferences in Thunderbird and I’m good to go; no need to manually set up port forwarding. Thanks, Mozilla!
Comments
Oscar Merida
February 24, 2004
9:08 am
Are you using bash or zsh?
If you are using bash, you can set up port forwarding to startup when you login by adding it to your ~/.bash_profile file. Just append the appropriate ssh command line to it. That script runs when you login, IIRC, so the command will run then.
SSH command should look something like the following but your ports/hosts may vary.
ssh -L 2021:imap.somewhere.net:1041 imap.somewhere.com
For a reference on the bash startup files see:
http://beyond.linuxfromscratch.co.uk/view/cvs/postlfs/profile.html
Jason Lefkowitz
February 24, 2004
9:10 am
Bash.
Nancy McGough
February 25, 2004
3:04 pm
And for tunneling to an IMAP server the command will look something like this:
ssh jason@shell.host.com -L9143:imap.host.com:143
Note that shell.host.com is the name of the machine that you can ssh to and jason is your user name. imap.host.com is the name of the IMAP server that that can be tunneled to from shell.host.com. On some systems these servers will have the same name, but not always.
And then in your IMAP client, specify the IMAP server as:
localhost:9143
Note that you should use a number greater than 1024 for the local port, e.g., 9143 is what I’m using here.
To avoid password prompts, follow the instructions by perdedor on this page
http://www.macosxhints.com/article.php?story=20021018063459739
There’s a lot to learn about ssh and I even have an ORA book about it (which I need to read!).
Let us know if this helps,
Nancy
I don’t have paypal but you could just put a link to my site (if this works to solve your problem of course!).
Nancy McGough
February 25, 2004
3:11 pm
I also have a bunch of links about this on my Power Pine page in the section “Using SSH Port Forwarding”:
http://www.ii.com/internet/messaging/pine/pc/#ssh
Maybe some of these will help.
Good luck,
Nancy
Marie R
August 27, 2004
9:31 pm
What Nancy suggested certainly will work, but I think that what you want is something that will
just run in the background when you login.
Use the -N flag for no command and background the ssh:
ssh -N dest_machine -L:: &
Note that this will have to be killed manually, or you can let it die when you log out.
For text based logins, add to your .profile/.login as appropriate for your shell. For graphical logins using xdm (or gdm, etc.) you will need to determine a way to have it executed as your session starts. If you are using Gnome, your .xsession file is ignored, and I haven’t seen a graceful way to do this. You could probably modify the system Xsession (/etc/X11/xdm/Xsession in RH9) to look for a file to source in the user’s home directory. Better suggestions would be appreciated (especially on how to set environment variables for an entire session [e.g. how can I have GUI launched editor know about a user defined variable]).
Scot
July 9, 2005
12:18 am
What you want is to establish known port forwards to one or more servers… right. You need to use an aah-agent, as you probably are. If they are all the same ssh server then you’re golden. I have done this many times. “ssh -L port:rhost:port -L port:rhost:port ….. sshd-server”. Add that to a shell sckipt and button to you’re fav window mgr.
add it to .ssh/config