The Haiku/BeOS Tip Server
Tips and tricks for Haiku/BeOS users

Secure email download with SSH

This tip is valid for: Both BeOS and Haiku

A question asked frequently around here is how to get ssh working on the BeOS. Here’s the answer, plus a handy tip on how you can download email through a secure channel.

I know your email comes in through the Net unencrypted, but at least this avoids exposing your password in plaintext. Also if a sniffer is between you and your server, rather than between your server and the greater internet, it will afford some protection.

It also serves the higher purpose of just making lots of traffic on the Net encrypted, which screws up hackers and government spooks.

First, download ssh from:

http://www.be.com/software/beware/network/ssh.html

or

http://abstrakt.ch/be/ssh-1.2.26-3_src.tgz

Note that the actual download server is in Switzerland, not in the US, so it’s available to anyone who can legally use encryption.

Read the instructions for building it, but after running configure, change the line in config.h from [missing] to [missing].

To use ssh, you need to have a mail server that supports ssh login. Most ISP’s don’t allow login access at all. Maybe your University provides ssh, or maybe you can convince your company admin to install it if you get mail from a corporate mail server – the Unix source for both the client and server are available free at:

http://www.ssh.org

Advertisement: You can use the web hosting service that I have three domains on, and recommend to all my friends, http://www.seagull.net – besides ssh and telnet access, you can run CGI’s you write yourself, they have a complete set of development tools online, a great connection to the net, and excellent customer service.

Now you need to make sure your /boot/beos/etc/hosts file is properly configuring your localhost networking environment. You can do this by adding:

127.0.0.1			localhost.your.isp		localhost
your.gateway.ip		localhost.your.isp		localhost

Now to see if ssh works, do this in a Terminal window:

ssh -l username hostname.com

It will say this host is unknown. Answer “yes” to accept it, then enter your password.

Now I suggest changing your password at your account, and never again entering your password except through a secure connection.

Now set up port forwarding:

ssh -L 1000:hostname.com:110 -l username hostname.com

Log in again, and leave the Terminal window open. Go into your email client preferences, and change the POP server address to 127.0.0.1 (your loopback address). Change the port to 1000 and try checking your mail. (Update your password too if you changed it).

If you have mail configured to check several accounts, like I do with Mail-It, then you need to run several port forwards simultaneously. All of the forwards will come from the same localhost IP address, so you need to use different local port numbers – use 1000 for one host, 1001 for the next, and so on.

Note that ssh also supports secure XWindows by setting up a proxy display on your Unix host.

It’s best if you use ssh to always use it whenever at all possible. If you have to not use it (perhaps while logging in from a friend’s PC), then change your password afterwards.

US and Canadian residents can get a GUI SSH called SecureCRT from

http://www.vandyke.com

It’s $99 with a 30-day free evaluation download.

I believe there is a commercial windows SSH available outside the US with a link to be found at http:// www.ssh.org

Does anyone know where to get SSH for the Macintosh? I know NCSA telnet has a normally-disabled “encrypted” checkbox; perhaps there is an SSH version of NCSA available?

Posted in Networking


(comments are closed).