Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Secure POP and SMTP Email via SSH (final update)' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Secure POP and SMTP Email via SSH (final update)
Authored by: sben on Jul 23, '03 01:32:33PM

You're pretty close.

Here's the exact communication chain:

[email client] [ssh client] [ssh server] [email server]

Connection (1) is unencrypted. As far as the email client is concerned, it's talking directly to the email server -- it speaks SMTP to the destination, and receives SMTP responses back.

Connection (2) is encrypted. The ssh client takes the communication from the email client -- it doesn't care about the details of the communication -- encrypts them, and passes it over to the ssh server.

Connection (3) in unencrypted. The ssh server takes the encrypted communication from the ssh client, unencrypts it (again, not caring about the details of what it's unencrypting -- it could be SMTP, or POP3, or HTTP, or gibberish, as far as it's concerned), and passes it over to the email server. Similar to connection (1), the email server thinks it's talking directly to the email client -- it receives SMTP messages, and sends back SMTP messages in response.

In an ideal world, the email client and ssh client are on the same machine, since that connection is unencrypted. If they are on the same machine, the only way to snoop on that side of the connection is if there's some sort of trojan horse snooping software running on that machine. This setup will certainly work if the clients are on different machines, but will be significantly less secure, since you can't necessarily trust the intervening network (esp. if you're using wireless!).

For the same reaons, the ssh server and email server should be on the same machine. If they aren't, but you absolutely trust the intermediate network (a plausible, though not great, assumption on a corporate network), you may still be secure.



[ Reply to This | # ]
Secure POP and SMTP Email via SSH (final update)
Authored by: sben on Jul 23, '03 01:34:34PM

Argh, it previewed okay, but turned out wrong after I posted....

Here's that communication chain again:

[email client] --(1)-- [ssh client] --(2)-- [ssh server] --(3)-- [email server]



[ Reply to This | # ]