Re: [Evolution] Re: imaps over a firewall

[Mike Godfrey <migod uwaterloo ca>]

Hi,

I have changed the names of the machines to protect the innocent, as
they say.  localMahcineInsidefirewall is a redhat 9 intel box, and
remoteMachineOutsideFirewall is a Solaris machine.


On Sat, 2003-11-01 at 07:46, David Woodhouse wrote:
> On Wed, 2003-10-29 at 17:13 -0800, Mike Godfrey wrote:
> > If I run this:
> > 	ssh -L 5143:external.server.net:993 external.server.net
> > then I get a normal telnet-like ssh connection.  Is this what I want? 
> > Is this connection secretly doing port redirection while I read news,
> > use vi, etc?
> 
> It _should_ be, certainly. In another terminal, what happens if you run
> 'telnet localhost 5143'?

It says

>         insideFirewallMachine% telnet localhost 5143
>         Trying 127.0.0.1...
>         Connected to localhost.localdomain (127.0.0.1).
>         Escape character is '^]'.

and then it just hangs.

> If that doesn't succeed, show the output of the same ssh command with
> '-v' added. It's possible that port forwarding has been disabled,
> although I'd have expected a warning message from your ssh client in
> that case.

I enclose such a log below

> > If I tell evolution to connect to localhost:5143, evolution says that
> > the local host is refusing connections to port 5143 (I am a newbie at
> > this port/networking stuff).
> 
> Odd. As long as you are currently logged in to 'external.server.net'
> from the machine on which Evolution is running, with the above command
> line, this should have worked. 
> 
> I generally can't be bothered to start the SSH connections manually.
> It's not something that session management can handle for me, and I tend
> to reuse the terminals which are lying around and log out, taking the
> tunnels with them.... that's why I prefer to let Evolution run SSH for
> itself.

How do you set up Evolution to run SSH for itself ??

Many thanks for the advice.

Here is the log:


> Script started on Mon 03 Nov 2003 10:07:52 AM PST
> insideFireWall(1): ssh -L 5143:remoteMachineOutsideFirewall:993
> remoteMachineOutsideFirewall
> 
> OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
> debug1: Reading configuration data /home/migod/.ssh/config
> debug1: Applying options for *uwaterloo.ca
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Executing proxy command: exec  sconnect -H
> wcmpka.eng.sun.com:8080 remoteMachineOutsideFirewall 22
> debug1: identity file /home/migod/.ssh/identity type -1
> debug1: identity file /home/migod/.ssh/id_rsa type -1
> debug1: identity file /home/migod/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.6.1p2
> debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.5p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 122/256
> debug1: bits set: 1611/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'remoteMachineOutsideFirewall' is known and matches the
> RSA host key.
> debug1: Found key in /home/migod/.ssh/known_hosts:2
> debug1: bits set: 1579/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive,hostbased
> debug1: next auth method to try is publickey
> debug1: try privkey: /home/migod/.ssh/identity
> debug1: try privkey: /home/migod/.ssh/id_rsa
> debug1: try pubkey: /home/migod/.ssh/id_dsa
> debug1: input_userauth_pk_ok: pkalg ssh-dss blen 435 lastkey 0x808ba90
> hint 2
> debug1: read PEM private key done: type DSA
> debug1: ssh-userauth2 successful: method publickey
> debug1: Connections to local port 5143 forwarded to remote address
> remoteMachineOutsideFirewall:993
> socket: Address family not supported by protocol
> debug1: Local forwarding listening on 127.0.0.1 port 5143.
> debug1: fd 3 setting O_NONBLOCK
> debug1: channel 0: new [port listener]
> debug1: channel 1: new [client-session]
> debug1: send channel open 1
> debug1: Entering interactive session.
> debug1: ssh_session2_setup: id 1
> debug1: channel request 1: pty-req
> debug1: Requesting X11 forwarding with authentication spoofing.
> debug1: channel request 1: x11-req
> debug1: channel request 1: shell
> debug1: channel 1: open confirm rwindow 0 rmax 32768
> Last login: Mon Nov  3 13:04:31 2003 from nwkea-http-2.su
> Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
> 
> Tue Oct 21 07:48
> Terminal type is xterm
> remoteMachineOutsideFirewall(1): 
> 
> debug1: Connection to port 5143 forwarding to
> remoteMachineOutsideFirewall port 993 requested.
> debug1: fd 9 setting TCP_NODELAY
> debug1: fd 9 setting O_NONBLOCK
> debug1: channel 2: new [direct-tcpip]
> debug1: channel 2: open confirm rwindow 131072 rmax 32768
> exit
> debug1: channel 1: rcvd eof
> debug1: channel 1: output open -> drain
> debug1: client_input_channel_req: channel 1 rtype exit-status reply 0
> debug1: channel 1: rcvd close
> debug1: channel 1: close_read
> debug1: channel 1: input open -> closed
> logout
> debug1: channel 1: obuf empty
> debug1: channel 1: close_write
> debug1: channel 1: output drain -> closed
> debug1: channel 1: almost dead
> debug1: channel 1: gc: notify user
> debug1: channel 1: gc: user detached
> debug1: channel 1: send close
> debug1: channel 1: is dead
> debug1: channel 1: garbage collecting
> debug1: channel_free: channel 1: client-session, nchannels 3
> 
> debug1: channel 2: rcvd eof
> debug1: channel 2: output open -> drain
> debug1: channel 2: obuf empty
> debug1: channel 2: close_write
> debug1: channel 2: output drain -> closed
> debug1: channel 2: read<=0 rfd 9 len 0
> debug1: channel 2: read failed
> debug1: channel 2: close_read
> debug1: channel 2: input open -> drain
> debug1: channel 2: ibuf empty
> debug1: channel 2: send eof
> debug1: channel 2: input drain -> closed
> debug1: channel 2: send close
> debug1: channel 2: rcvd close
> debug1: channel 2: is dead
> debug1: channel 2: garbage collecting
> debug1: channel_free: channel 2: direct-tcpip: listening port 5143 for
> remoteMachineOutsideFirewall port 993, connect from 127.0.0.1 port
> 48096, nchannels 2
> debug1: channel_free: channel 0: port listener, nchannels 1
> Connection to remoteMachineOutsideFirewall closed.
> debug1: Transferred: stdin 0, stdout 0, stderr 40 bytes in 25.6
> seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1.6
> debug1: Exit status 0
> insideFireWall(2): 
> insideFireWall(2): exit
> 
> Script done on Mon 03 Nov 2003 10:08:34 AM PST
-- 

Michael W. Godfrey              Univ of Waterloo, School of Comp Sci
email:  migod uwaterloo ca      URL:  http://www.uwaterloo.ca/~migod