Encrypted Tunnels using SSH and MindTerm HOWTOPrevNext

Home :: International :: Manuals :: Howto :: FAQ :: Man Pages :: Email Login
 
 

 
5. Creating the tunnels

MindTerm can be started a few ways. If you have the JRE installed then you can double-click on themindtermfull.jar application file. Another way is to open up a dos-shell and type the command:

jview -cp c:\mindterm\mindtermfull.jar mindbright.application.MindTerm

or

javaw -cp c:\mindterm\mindtermfull.jar mindbright.application.MindTerm

or

java -cp c:\mindterm\mindtermfull.jar mindbright.application.MindTerm

(jview is used if you are using Windows and you don't download the JRE. Javaw comes with theWindows JRE download and is used because a dos-shell box won't be needed in order to runMindTerm so there is one less window open)

MindTerm 2.0 is now available. The argument to start it has changed slightly. Instead of the commandabove:

java -cp c:\mindterm\mindtermfull.jar mindbright.application.MindTerm

this will start MindTerm from the commandline:

java -cp c:\mindterm\mindtermfull.jar com.mindbright.application.MindTerm

Only the "com." was added to the applet parameter.

This will start the MindTerm program and you can then type the server name when prompted and itwill prompt you to "Save as Alias". You can type a short server name so when you start the appletagain you can simply type the Alias you created. You will then be prompted for your login name. Afteryou type it, hit enter and a dialog box will appear informing you that the host doesn't exist and promptyou to create it. Click Yes. Another dialog will appear prompting you if you want to add that host toyour known_host file. Click Yes. Then you are prompted for your password. Type your password andhit enter. If you supplied the proper username and password then you should be at a command line onthe server you specified.

We'll create a tunnel to the POP and SMTP server, first. After you have successfully logged in (andoptionally enabled vlock) click onTunnels on the menu and then click Basic. A dialog box willappear. Add the following settings to each box, respectively:

  • Local port: 2010

  • Remote Hosts: Your remote host (this should be the server running the sshd server).

  • Remote port: 110

Now click Add.A dialog box should appear stating "Thetunnel is now open and operational". (Note: If youselect a port that is already open an error message will appear stating "Could not open tunnel. Error creating tunnel. Error setting up local forward on port XXXX, Address in use.)Click OK and the tunnel configuration should appear in the box now. Click Close Dialog. Open up your email client's options or preferences menu. We'll use Netscape Messenger for this example.

  • Open up Netscape

  • Click on Edit -> Preferences.

  • On the left column click on Mail " Newsgroups, if the contents aren't already displayed.

  • Click on Identity and type your information in each box.

  • Click on Mail Servers in the left column. The default install of Netscape has "mail" in the box underneath Incoming mail servers.

  • Click on mail.

  • Click Edit to the right of that box and a dialog box should appear.

  • If POP is not already selected in that drop down box, select it now.

  • In the Server Name box type localhost:2010 (remember we chose that local port in the MindTerm tunnel creation menu to forward to the remote servers POP (110) port) and then your username. Set any other options as you see fit.

  • Click OK.

  • In the box Outgoing mail (SMTP) server type your smtp server name and underneath that type your Outgoing mail server user name.

  • Click OK. (Don't do anything to the Use Secure Socket Layer (SSL) or TLS for outgoing messages option).

  • Now click on Communicator on the menu.

  • Click Messenger.

  • You should then be prompted for your password. Type your password and hit enter. If you have mail you should now be able to read it.

    • As long as you have a MindTerm ssh session open, this should work with most email clients.Remember that the remote server name or POP server name will be "localhost:". If you are asked forthe POP server and port seperately then add it accordingly. Any connections to the local port 2010, inthis example, will be forwarded to the remote hosts' port 110. If you configure an ftp client to connectto the localhost port 2010, right now it wouldn't work. Why? The POP protocol doesn't understand ftpprotocol. Only POP clients can be forwarded to the localhost port 2010 for the tunnel to be effective.A POP server isn't any good if you don't have an smtp server. If you have a mail program like Postfix (www.postfix.net), Qmail (www.qmail.org), or Sendmail (www.sendmail.org) then a secure tunnel can be created to it, as well.

    With the MindTerm client still running click on Tunnels again then Basic and add these settings.

    • Local Port: 2025(just type over the settings set from what we did previously)

    • Remote Host: Your remote smtp server.

    • Remote Port: 25

    Click Add.Then click OK on the confirmation menu. Now smtp should be added to the list underneath thesettings for POP. In the Netscape Messenger mail server settings add: localhost:2025 as yourOutgoing mail (SMTP) server.All email you send to the remote host will be encrypted. However, if you send mail to someone outsideof the remote host's mail server, your email will be encrypted only from your local machine to yourremote smtp server. From the remote smtp server to any other host, will not be encrypted, unlessyou've configured a tunnel to the other hosts.

    To enable encrypted ftp sessions add these settings to a new tunnel.

    • Local Port: 2021 (just type over the settings set from what we did previously)

    • Remote Host: Your remote ftp server.

    • Remote Port: 21

    Click Add.Then click OK on the confirmation menu. Now ftp (see theleech ftp exampleand wsftp--picture 1 andpicture 2)should be added to the list underneath the settings for SMTP.

    Imap settings:

    • Local Port: 2043 (just type over the settings set from what we did previously)

    • Remote Host: Your remote imap server.

    • Remote Port: 143

    Click Add.Then click OK on the confirmation menu. Now ftp should be added to the list underneath the settingsfor POP.

    All these settings can be automated in a batch file. Simply add the following to a startup script toautomatically create a tunnel to your pop server after authentication:

    jview (or java or javaw) -cp c:\mindterm\mindtermfull.jar mindbright.application.MindTerm -server -local0 2010:localhost:110

    Here is an example based on what we've done above. Add the following to a file in an editor:

    jview (or java or javaw) -cp c:\mindterm\mindtermfull.jar mindbright.application.MindTerm -server -local0 2010:localhost:110 -local1 2025:localhost:25 -local2 /ftp/2021:localhost:21-local3 2043:localhost:143

    now save it with a .bat extension. Double-click on it. You should be prompted for your login namewhen MindTerm starts up then type your password. After you are authenticated click on the Tunnelsmenu and click Basic. You should see the tunnels in the box that opens up. This is an easy way toallow remote users to start up the tunnels without many configurations on their part. They only needto click the .bat file and type their username and password and optionally run vlock. Their clientsoftware can be pre-configured for remote profiles that connect to the tunnels automatically.

    When you are finished using the MindTerm, be sure to close all applications that are using a tunnel. Ifyou forget to close the programs using the tunnels, MindTerm will display a message when you attemptto exit from the console or quit the program.

    What about VNC and NTOP? These services work the same way. Here the VNC server was runningon a RedHat 7.0 workstation. When you start the VNC server, it first listens on port 5901 and eachserver after that increments up 1 port so the second instance of VNC will listen on port 5902, and thethird 5903, etc.. On Linux, you can run multiple VNC servers and people can connect to each VNCserver as well. In MindTerm you can simply add a VNC tunnel with the following settings:

    • Local Port: 2001

    • Remote Host: Your remote VNC server host name.

    • Remote Port: 5901 (If this is the first server instance running)

    Click Add.Then click OK on the confirmation menu.

    Run the vncviewer application on your local machine and type: localhost:2001, and then thepassword, when prompted, for the VNC desktop and you have an encrypted VNC session.

    Ntop works the same way. If you want to run ntop in web mode as a network monitor, you can tunnelconnections to your local machine and view the stats in your local browser, without having to install awebserver or opening port 3000 on your remote server. By default, ntop in web mode listens on port3000 and waits for an http connection to display network stats. Simply create a tunnel to the serverrunning the ssh server and ntop. First run ntop in web mode: ntop -d -w 3000 Then add the settingsto the MindTerm tunnel:

    • Local Port: 2080

    • Host: Server running ntop.

    • Remote Port: 3000

    Click Add.Then click OK on the confirmation menu.

    Open up your web browser and in the location bar type: http://localhost:2080 You should now seethe network stats page for ntop (see the ntop man pages to add password protected access to the ntopdisplay). Similarly, if you want to install a web server so you can use web-based applications to controlyour server or firewall, then just create a tunnel to port 80. You don't have to open up a port on thepublic interface. Simply bind the webserver to the local interface and create a tunnel to the remotehosts' port 80. For Apache, edit the httpd.conf file and change the BindAddress * option toBindAddress 127.0.0.1. Then add localhost to the ServerName directive: ServerName localhost. Finally, change the Listen directive to: Listen 127.0.0.1:80As you can see by now MindTerm can secure almost any TCP service. It can be used on a remoteserver to runWebmin,which is an excellent web-application toadminister your servers. It comes with its own perl-based webserver and listens on port 10000 bydefault. Simply create a tunnel to it using MindTerm and it should work without any changes to theWebmin application or your local web browser. The MindTerm download zip file contains manyuseful examples, such as using it from the command line and an explanation of all the menu options.MindTerm has more features than outlined in this tutorial but the tunnel option is well worthspending time focusing on.

    PrevHomeNextServer and Client Configurations MindTerm over the web
     
     
     
     
    Google
      Web Linuxinfor   
     

    Home :: Copyright :: Privacy :: Credits :: Get a free Linuxinfor Email Account

    Document on this page is part of "Encrypted Tunnels using SSH and MindTerm HOWTO". See Index Page for more info about Authorship and Copyright.

    1999-2008 Linuxinfor.com. No rights reserved.