before I start, two notes. I alredy sent this mail to the other
mailing list, but no answer has came back. also, I'm not subscribed to
this list, so please cc me the answers. now, to business.
I have a problem but I don't know exactly what. Or why, better. The
scheme is like this: I don't have a direct connection to the inet,
except for ssh to certain range of ip's at a non-standar port (2222).
This weird setup is due to the IT dept, so there is no other way for me
now. So I try to use ssh as a tunnel to my machine @ home, where I can
use any service I want, like smtp, imap, jabber and irc. The way I do it
is like this:
first, set empty passphrase key-pairs and put the public one on the
authorized_keys on the other side (my home machine) so I can ssh w/ no
passwd/passphrase questions. then I add a line like this:
8000 stream tcp nowait mdione.mdione /usr/bin/ssh ssh -T -C -p 2222 -i
/home/mdione/.ssh/id_rsa vialibre.dyndns.org socket jabber.vialibre.org.ar 5222
[****]
to the /etc/inetd.conf. basically makes it listen on port 8000 in
the work's machine, and when sdome connection comes, it fires a ssh in
my name to my home machine (vialibre.dyndns.og) w/ port 222 and
compression. there the sshd will launch a socket connection to the port
5222 of jabber.vialibre.org.ar. this way, I point my jabber client to
this machine's port 8000 and voila', I have jabber. what's
impressive is
that it *works*.
then I have similar lines for imap, irc and smtp. but, the imap and
the smtp ones don't work correctly. I don't know why, but seems like the
data gets stuck somewhere. more precisely:
in the work's machine I have set up a masqmail, which is a simple
smtp server. its conf says to use localhost:8002 as smarthost, and in
inted.conf I have:
8002 stream tcp nowait mdione.mdione /usr/bin/ssh ssh -T -e none -p 2222 -i
/home/mdione/.ssh/id_rsa vialibre.dyndns.org socket carmen smtp
carmen is another machine @ home that is the smtp server. if I
telnet to localhost:8002, I get carmen's answer. fine. also, note that I
tried disabling compression and disabling escape characters. then, if I
use muut to send mails, and send a little one [*], the mails gets queued
in the local masqmail, and then when masqmail flushes the queue, the
connections are made. using strace at several stages, I realize the
masqmail sends the data correctly, but carmen's smtp server does not get
all of it. seems silly, but I don't know *what* could be the problem.
I can see the data flowing thru inetd, thru local ssh client, thru
other side's socket, and the data reaching carmen's stmp server. and I
see that masqmails starts sendind the mail's data (if you know smtp,
well, it sends the 'DATA' command and then the actual data with the line
w/ only a period on it), the data seems[**] to go thru the local ssh
client, but doesn't seem to reach the socket on the other side. and as
data doesn't seem to reach the smtp @ carmen, it kicks me out saying
that it timeout'ed, but in smtp ('421 carmen.fsl.org.ar SMTP incoming
data timeout - closing connection.') and the carmen closes the socket.
even more strange, if I 'just' do:
ssh -C -L 8002:carmen:25 -p 2222 vialibre.dyndns.org
and then I flush the masqmail's queue, it works![***] the problem w/
this way, and yes, it's only a matter of confort, is that I have to
setup the tunnel manually, and that when my home machine's ip change (I
don't have a fixed ip, that's why I use dyndns), the connections go down
and I have to restablish them by hand. I also know that I could make
some scripts to circumvent that, but I feel the inetd solution clean
and, once set up, very transparent.
does anyone have any clue? local ssh is 'OpenSSH_3.6.1p2 Debian
1:3.6.1p2-2, SSH protocols 1.5/2.0, OpenSSL 0x0090702f' (debian/testing)
and remote's is 'OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0,
OpenSSL 0x0090603f' (debian/stable).
thanks in advance.
[*] the definition of 'little one' seems to be 'less than 2k'.
[**] I say seems 'cause I see the data reaching the ssh's stdin and some
encripted data going thru the outgoing socket, but as long as it's
encripted I can't see if it's the right data or not.
(these notes where not in the original post)
[***] further testing shows that some mails still have problems.I also
added the -q option, and I even can do https over this kind of tunnels.
[****] I realize that as the ssh is running as mdione, I don't need the -i
option.
PS: someone pointed to me that there's (or was) a bug w/ the KeepAlive
option that could be biting me, buy I think not, as I don't need
KeepAlive connections. I mention it just to add meme to the problem.
--
#! /bin/bash
echo mdione@{{grulic,vialibre}.org.ar,hal.famaf.unc.edu}.ar
--
well-designed technology should allow people the luxury of ignorance
-- Eric S. Raymond