Re: [Evolution] Re: imaps over a firewall

From: Mike Godfrey <migod uwaterloo ca>
To: David Woodhouse <dwmw2 infradead org>
Cc: Lonnie Borntreger <email borntreger com>, evolution ximian com
Subject: Re: [Evolution] Re: imaps over a firewall
Date: Mon, 03 Nov 2003 10:37:28 -0800

Hi,

I have changed the names of the machines to protect the innocent, as
they say.  localMahcineInsidefirewall is a redhat 9 intel box, and
remoteMachineOutsideFirewall is a Solaris machine.


On Sat, 2003-11-01 at 07:46, David Woodhouse wrote:

On Wed, 2003-10-29 at 17:13 -0800, Mike Godfrey wrote:

If I run this:
    ssh -L 5143:external.server.net:993 external.server.net
then I get a normal telnet-like ssh connection.  Is this what I want? 
Is this connection secretly doing port redirection while I read news,
use vi, etc?


It _should_ be, certainly. In another terminal, what happens if you run
'telnet localhost 5143'?


It says

        insideFirewallMachine% telnet localhost 5143
        Trying 127.0.0.1...
        Connected to localhost.localdomain (127.0.0.1).
        Escape character is '^]'.


and then it just hangs.

If that doesn't succeed, show the output of the same ssh command with
'-v' added. It's possible that port forwarding has been disabled,
although I'd have expected a warning message from your ssh client in
that case.


I enclose such a log below

If I tell evolution to connect to localhost:5143, evolution says that
the local host is refusing connections to port 5143 (I am a newbie at
this port/networking stuff).


Odd. As long as you are currently logged in to 'external.server.net'
from the machine on which Evolution is running, with the above command
line, this should have worked. 

I generally can't be bothered to start the SSH connections manually.
It's not something that session management can handle for me, and I tend
to reuse the terminals which are lying around and log out, taking the
tunnels with them.... that's why I prefer to let Evolution run SSH for
itself.


How do you set up Evolution to run SSH for itself ??

Many thanks for the advice.

Here is the log:

Script started on Mon 03 Nov 2003 10:07:52 AM PST
insideFireWall(1): ssh -L 5143:remoteMachineOutsideFirewall:993
remoteMachineOutsideFirewall

OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /home/migod/.ssh/config
debug1: Applying options for *uwaterloo.ca
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Executing proxy command: exec  sconnect -H
wcmpka.eng.sun.com:8080 remoteMachineOutsideFirewall 22
debug1: identity file /home/migod/.ssh/identity type -1
debug1: identity file /home/migod/.ssh/id_rsa type -1
debug1: identity file /home/migod/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 122/256
debug1: bits set: 1611/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'remoteMachineOutsideFirewall' is known and matches the
RSA host key.
debug1: Found key in /home/migod/.ssh/known_hosts:2
debug1: bits set: 1579/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: next auth method to try is publickey
debug1: try privkey: /home/migod/.ssh/identity
debug1: try privkey: /home/migod/.ssh/id_rsa
debug1: try pubkey: /home/migod/.ssh/id_dsa
debug1: input_userauth_pk_ok: pkalg ssh-dss blen 435 lastkey 0x808ba90
hint 2
debug1: read PEM private key done: type DSA
debug1: ssh-userauth2 successful: method publickey
debug1: Connections to local port 5143 forwarded to remote address
remoteMachineOutsideFirewall:993
socket: Address family not supported by protocol
debug1: Local forwarding listening on 127.0.0.1 port 5143.
debug1: fd 3 setting O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: channel 1: new [client-session]
debug1: send channel open 1
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 1
debug1: channel request 1: pty-req
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: channel request 1: x11-req
debug1: channel request 1: shell
debug1: channel 1: open confirm rwindow 0 rmax 32768
Last login: Mon Nov  3 13:04:31 2003 from nwkea-http-2.su
Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001

Tue Oct 21 07:48
Terminal type is xterm
remoteMachineOutsideFirewall(1): 

debug1: Connection to port 5143 forwarding to
remoteMachineOutsideFirewall port 993 requested.
debug1: fd 9 setting TCP_NODELAY
debug1: fd 9 setting O_NONBLOCK
debug1: channel 2: new [direct-tcpip]
debug1: channel 2: open confirm rwindow 131072 rmax 32768
exit
debug1: channel 1: rcvd eof
debug1: channel 1: output open -> drain
debug1: client_input_channel_req: channel 1 rtype exit-status reply 0
debug1: channel 1: rcvd close
debug1: channel 1: close_read
debug1: channel 1: input open -> closed
logout
debug1: channel 1: obuf empty
debug1: channel 1: close_write
debug1: channel 1: output drain -> closed
debug1: channel 1: almost dead
debug1: channel 1: gc: notify user
debug1: channel 1: gc: user detached
debug1: channel 1: send close
debug1: channel 1: is dead
debug1: channel 1: garbage collecting
debug1: channel_free: channel 1: client-session, nchannels 3

debug1: channel 2: rcvd eof
debug1: channel 2: output open -> drain
debug1: channel 2: obuf empty
debug1: channel 2: close_write
debug1: channel 2: output drain -> closed
debug1: channel 2: read<=0 rfd 9 len 0
debug1: channel 2: read failed
debug1: channel 2: close_read
debug1: channel 2: input open -> drain
debug1: channel 2: ibuf empty
debug1: channel 2: send eof
debug1: channel 2: input drain -> closed
debug1: channel 2: send close
debug1: channel 2: rcvd close
debug1: channel 2: is dead
debug1: channel 2: garbage collecting
debug1: channel_free: channel 2: direct-tcpip: listening port 5143 for
remoteMachineOutsideFirewall port 993, connect from 127.0.0.1 port
48096, nchannels 2
debug1: channel_free: channel 0: port listener, nchannels 1
Connection to remoteMachineOutsideFirewall closed.
debug1: Transferred: stdin 0, stdout 0, stderr 40 bytes in 25.6
seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1.6
debug1: Exit status 0
insideFireWall(2): 
insideFireWall(2): exit

Script done on Mon 03 Nov 2003 10:08:34 AM PST

-- 

Michael W. Godfrey              Univ of Waterloo, School of Comp Sci
email:  migod uwaterloo ca      URL:  http://www.uwaterloo.ca/~migod

Follow-Ups:
- Re: [Evolution] Re: imaps over a firewall
  - From: David Woodhouse

References:
- Re: [Evolution] Re: imaps over a firewall
  - From: David Woodhouse

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]