Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
The ONE Campaign to make poverty history

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 266 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here



Current HOWTO: Secure POP via SSH mini-HOWTO

Secure POP via SSH mini-HOWTO: The Basic Technique Next Previous Contents

2. The Basic Technique

This technique relies on a fundamental feature of ssh: port forwarding

There are many variations on this theme, which depend on your desired mail setup. They all require ssh, which is available from http://www.ssh.fi/ and mirrors. RPMs are available at ftp://ftp.replay.com/pub/crypto/ and Debian packages are available at ftp://non-us.debian.org/debian-non-US/ (and their respective mirrors).

2.1 Setting up Port Forwarding

To start port forwarding, run the following command:

ssh -C -f popserver -L 11110:popserver:110 sleep 5

Let's take a closer look at that command:


The ssh binary itself, the magic program that does it all.


This enables compression of the datastream. It's optional, but usually useful, especially for dialup users.


Once ssh has done authentication and established port forwarding, fork to background so other programs can be run. Since we're just using the port forwarding features of ssh, we don't need a tty attached to it.


The POP server we're connecting to.

-L 11110:popserver:110

Forward local port 11110 to port 110 on the remote server popserver. We use a high local port (11110) so any user can create forwardings.

sleep 5

After ssh has forked itself into the background, it runs a command. We use sleep so that the connection is maintained for enough time for our mail client to setup a connection to the server. 5 seconds is usually sufficient time for this to happen.

You can use most other options to ssh when appropriate. A common setting may be a username, since it might be different on the POP server.

This requires sshd running on the remote server popserver. However, you do not need to have an active shell account there. The time it takes to print a message ``You cannot telnet here'' is enough to setup a connection.

2.2 Testing it out

Once you've figured out the details command to run to establish port forwarding, you can try it. For example:

$ ssh -C -f msingh@popserver -L 11110:popserver:110 sleep 1000

popserver is the ol' POP server. My username on my local machine is manish so I need to explicitly specify the username msingh. (If your local and remote usernames are the same the msingh@ part is unnecessary.

Then it prints:

msingh@popserver's password:

And I type in my POP password (you may have different shell and POP passwords though, so use your shell one). Now we're done! So we can try:

$ telnet localhost 11110

which should print something like:

QUALCOMM POP v3.33 ready.

Woohoo! It works! The data is sent out over the network encrypted, so the only cleartext is over the loopback interfaces of my local box and the POP server.

Next Previous Contents

The Linux Tutorial completely respects the rights of authors and artists to decide for themselves if and how their works can be used, independent of any existing licenses. This means if you are the author of any document presented on this site and do no wish it to be displayed as it is on this site or do not wish it to be displayed at all, please contact us and we will do our very best to accommodate you. If we are unable to accommodate you, we will, at your request, remove your document as quickly as possible.

If you are the author of any document presented on this site and would like a share of the advertising revenue, please contact us using the standard Feedback Form.




Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
The Linux Tutorial welcomes your suggestions and ideas.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.21 Seconds