"Dmitry Fink (aka FINiK)" wrote:
>
> Till now I wasn't worried about security at all, but recently
> some things happened that changed my mind, and I decided to secure my
> system. I installed ssh/ssh2, and almost succeded configuring it (couldn't
> they just do the 2 versions more compatible?). But the real challenge is -
> "How the hell do I prevent from my fetchmail (for example) to send
> my plain user/password over the network every 5 minutes?" Are there
> any other ways of secure mail-downloading? Is there SSLed POP or smth?
> The solution should be supported by the server (which I have no control
> of, and right now it is Technion's T2 server). But any tips for future use
> (when I move out from T2) are welcome as well.
First of all, kill of the confusion and install OpenSSH
(http://www.openssh.com)
which is a port of OpenBSD's SSH daemon, completely free and patent-free
and should be more secure and saner than those ssh packages with ssh2.
I know some people might say it's not time proven yet, but I use it and
it works
for me.
About fetchmail and friends, you can tunnel it with ssh but I suggest
you to
use stunnel - an SSL tunnel. For that, you'll have to have OpenSSL
libraries
on the server and have shell access there so you could run the tunnel
under
your account (it shouldn't require root if you run it on unprivileged
ports).
You can find stunnel on freshemat.
stunnel -d 995 -r 110 -p /home/myuser/certs/mail.pem
(note that port 995 is the standard SSL-ed POP3 port, and you'll need to
use
some port higher than 1024 if you run it not as root).
PEM file - read stunnel's man page for more info on creating one.
This would also work with Netscape, by checking Use Secure Connection.
For fetchmail and other non SSL supporting programs, you'll have to use
stunnel on your side too.
P.S. Works for my IMAP server.
--
Best regards,
Ilya Konstantinov a.k.a Toastie
[http://toast.demon.co.il]
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
