SSH Tunneling and Encryption

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jupjazz71

Thread Starter
Joined
Jun 25, 2003
Messages
53
OK, here is the combo:
Eudora version 6.2 (popular email client)
Anonymizer Total Net Shield version 2.04 (popular too; "hides" IP address and creates SSH tunnel to their servers)
PGP Desktop Home version 9.0 (most popular encryption using "Pretty Good Privacy")

PGP says their encryption 100% ok to work inside of SSH tunnelling, if configured right. Basically you set up PGP to go with manual configuration settings, and choose "redirect port x" for incoming (POP) and outgoing (SMTP), I guess 2 different ports and I guess ports which aren't being used for other things? The server both incoming and outgoing is 127.0.0.1.

Does this look familiar to someone?

Then in addition to those settings in PGP, you have to mimic them in your email client. Server being 127.0.0.1 and then the same ports for EACH email address that you are going to encrypt. Then you are done. PGP and email client have same manual settings and work together smoothly for each email address.

First question is what ports are available for me to use and how can I find and use them? I am clueless about these ports, never ever had to do anything with them. All I can see over and over are the defaults are 110 (incoming POP) and 25 (outgoing SMTP) but they do not appear to be the right answer. If I have 14 email addresses do I need 28 ports?!?

Second question is where do I put in the ports I choose in Eudora version 6.2?
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
Moved to networking where you wil get better help
 
Joined
Sep 14, 2003
Messages
1,240
so let me get this right, you want to ssh to a server somewhere and use it as the smtp agent for your email? If so you need to setup ssh to forward ports via ssh -L (localport):(name):(remoteport). In the email client, say you use localhost as the name, then you need to setup the smtp to connect to localhost.

PGP encryption of emails should be handled by eudora automatically with the right plugin, such as this one http://eudoragpg.sourceforge.net/ver2.0/en/

if I missed something or you need more let us know.


oh and no you don't need 24 ports. All can use port 25 for smtp, and 110 for pop, I'd suggest that you go with pop with ssl, so that the passwords arn't sent over in plaintext but that's just me, it does use a different port in that case though.
 

jupjazz71

Thread Starter
Joined
Jun 25, 2003
Messages
53
Dear Tsunam, are we talking the same thing? I found your advice a little hard to follow because I am so brand-new at this aspect. So here is what PGP Support said... Pls comment again!
Jupjazz71

*************************

Dear John,
Thank you for contacting PGP Corporation's Technical Support Department.
These steps are the same, regardless of email application. We do not select the ports, you do. There aren't specific ports that you must use, suffice it to say you must have ports added in the correct locations is all.:
To configure Manual mode:
Open PGP Desktop for Windows, pull down the Tools menu, and select PGP Options. The PGP Options General screen appears.
Click Messaging, then click the More Options button on the Messaging screen. The PGP Messaging Options Email screen appears.
Click the radio button next to Manual Proxy using IP: 127.0.0.1, then click OK. The PGP Messaging Options Email screen closes.
Close the PGP Options screen.
In the PGP Messaging Control box, select the service for which you want to use Manual mode. The Account Properties and Security Policies for that service appear.
Click Server in the Account Properties section. The Server Settings screen for the specified service appears.
In the Incoming Mail Server section, enter a value in the Redirect local port X to this server field. PGP Desktop will monitor this port for email messages going from your mail server to your mail client.
In the Outgoing Mail Server (SMTP) section, enter a value in the Redirect local port X to this server field. PGP Desktop will monitor this port for email messages going from your mail client to your mail server.
Click OK. The Server Settings screen closes.
Open your email client and navigate to the settings for your email account (if you have multiple accounts, you will need to configure each account separately)
For both the Incoming mail server (POP3 or IMAP) and Outgoing mail server (SMTP) settings in Outlook, enter 127.0.0.1.
Click More Settings.
On the Internet Email Settings dialog, click Advanced. The Advanced tab of the Internet Email Settings dialog appears.
In the Incoming server (POP3 or IMAP) box, enter the same value you established for the incoming mail server in the Redirect local port X to this server field; Step 7 of this procedure.
In the Outgoing server (SMTP) box, enter the same value you established for the outgoing mail server in the Redirect local port X to this server field; Step 8 of this procedure.
Click OK, then finish configuring the account settings. Manual mode is configured for the selected service.
When you are done configuring Manual mode for the services on your system, restart your system.
Please let us know if you require further assistance.
Regards,
Dustin H
PGP Technical Support

-----Original Message-----
From: [email protected] ([email protected])
Sent: Jan 1, 2006 9:55:03 AM
Subject: Request for Agent Assistance

Submitted from PGP Online Help Site
Name: John Nakao
Grant Number: QY21PJ7VI0TN
Email: [email protected]
Case ID: 76984
Product: Windows
Problem: Eudora settings needed for SSH Tunneling (by Anonymizer software). PGP Desktop compatible with SSH tunneling. PGP help section example is for Microsoft Outlook only, not Eudora. Need step by step esp. specific ports to use and what Eudora settings for an email accoun to work with this combination. To summarize: PGP (encryption) - Eudora (email client) - Anonymizer (SSH tunneling). Thanks!
Email Software: Eudora Version 6.2
Browser Type: Firefox Version 1.0.7
ISP: Verizon DSL
Modem: Westell WireSpeed
Background programs:
Anonimizer Total Net Shield Version 2.04 (latest version)
Company:
Country: United States
Troubleshooting: Followed PGP instructions as far as possible; understand what is needed
 

jupjazz71

Thread Starter
Joined
Jun 25, 2003
Messages
53
My questions are really that I need step by step alterations from the below from PGP's standard help text for Microsoft Outlook...as applied to my Eudora 6.2.

Tsunam, I got your answer for ports...110 and 25 for smtp and pop respectively, outgoing and incoming...

**********************

Email Options
The Email options tab gives you access to advanced settings associated with sending email messages:

PGP Proxy Configuration. PGP Desktop automatically proxies your email traffic for you, sitting between your email client and your mail server. This allows PGP Desktop to transparently protect your messages based on the applicable policy. In a few rare occasions, you need to specify a manual proxy:

Automatic: The default, recommended setting. Your email is protected automatically and transparently.

Manual Proxy: Needed if you are tunneling through SSH to your mail server or if the computer you are running PGP Desktop on is also a mail server. This option is described in detail below.

****************************

Configuring Manual Mode
PGP Desktop for Windows starts its email proxy, by default, in Automatic mode. In Automatic mode, PGP Desktop transparently proxies incoming and outgoing email for your email accounts and encrypts, signs, decrypts, and verifies messages per the appropriate policy for each of your email accounts.

For the technically curious, in Automatic mode, PGP Desktop uses a layered service provider (LSP) to redirect email traffic through PGP Desktop so that the appropriate actions can be taken for each message.

While appropriate for most environments, Automatic mode is not appropriate for all environments. If you are tunneling SSH to your mail server or if your system is also configured as a mail server, for example, then Automatic mode is not right for your environment.

If Automatic mode is not appropriate for your environment for any of these reasons, you need to use Manual mode. With Manual mode, instead of redirecting messages, you tell PGP Desktop and your email client to use specific ports on your system to send and receive email messages.

There are three main steps for configuring Manual mode: First, switching from Automatic to Manual Mode in the PGP Desktop for Windows Options; second, assigning the port numbers for incoming and outgoing mail servers for a specific email account in its PGP Desktop service; and third, configuring your email client to use the port numbers you specified.

Outlook is used for example purposes in the following procedure. If you are using a different email client, make the necessary adjustments.

To configure Manual mode:

Open PGP Desktop for Windows, pull down the Tools menu, and select PGP Options. The PGP Options General screen appears.

Click Messaging, then click the More Options button on the Messaging screen. The PGP Messaging Options Email screen appears.

Click the radio button next to Manual Proxy using IP: 127.0.0.1, then click OK. The PGP Messaging Options Email screen closes.

Close the PGP Options screen.

In the PGP Messaging Control box, select the service for which you want to use Manual mode. The Account Properties and Security Policies for that service appear.

Click Server in the Account Properties section. The Server Settings screen for the specified service appears.

In the Incoming Mail Server section, enter a value in the Redirect local port X to this server field. PGP Desktop will monitor this port for email messages going from your mail server to your mail client.

In the Outgoing Mail Server (SMTP) section, enter a value in the Redirect local port X to this server field. PGP Desktop will monitor this port for email messages going from your mail client to your mail server.

Click OK. The Server Settings screen closes.

Open your email client and navigate to the settings for your email account (if you have multiple accounts, you will need to configure each account separately)

For both the Incoming mail server (POP3 or IMAP) and Outgoing mail server (SMTP) settings in Outlook, enter 127.0.0.1.

Click More Settings.

On the Internet Email Settings dialog, click Advanced. The Advanced tab of the Internet Email Settings dialog appears.

In the Incoming server (POP3 or IMAP) box, enter the same value you established for the incoming mail server in the Redirect local port X to this server field; Step 7 of this procedure.

In the Outgoing server (SMTP) box, enter the same value you established for the outgoing mail server in the Redirect local port X to this server field; Step 8 of this procedure.

Click OK, then finish configuring the account settings. Manual mode is configured for the selected service.

When you are done configuring Manual mode for the services on your system, restart your system.
 
Joined
Sep 14, 2003
Messages
1,240
alrighty then, helps to know that the program is in fact a app that uses gpg to encrypt anything and everything.

You should be able to setup the pop and smtp like you normally would (pop to get from the pop servers of the respective emails) and smtp via your isp or such.

Then we can add the pgp companies layer of overly complex solution to the fold. I'm trying to figure out why ssh is even coming into play at all.

Basically 90% of the config is with the pgp corp's program, automatic should just work for you, since there is no need for ssh (its a network suite for connectivity using encryption to avoid sending everything in plain text.)

As far as eudora, I've never used it so can't really help with that, however setting it up for localhost should be enough.

Basically what's happening is that pgp's program will watch for emails on the two ports and act as a intermediary between the email client and the accounts.
 

jupjazz71

Thread Starter
Joined
Jun 25, 2003
Messages
53
alrighty then, helps to know that the program is in fact a app that uses gpg to encrypt anything and everything.

*the newest pgp home version lets you pick which email account to encrypt and with what "policies" or "rules" for each

You should be able to setup the pop and smtp like you normally would (pop to get from the pop servers of the respective emails) and smtp via your isp or such.

*ok meaning leave my pop and smtp settings as they are set up now? fyi, the eudora and anonymizer (ssh) are working fine together; the pgp is the add-on program.

Then we can add the pgp companies layer of overly complex solution to the fold. I'm trying to figure out why ssh is even coming into play at all.

*my pgp app will not encrypt "everything and anything" because most of the email will go to people who do not use pgp. hence ssh is used as a fallback to "tunnel" at least to the server...my naive understanding of ssh is that it is only good from my pc up to my server but "open" after that...e.g. [email protected] to *.yahoo.com only. yes i am using 2 solutions instead of 1 because pgp will not be used on all emails by a long shot...really only for the very sensitive stuff where i need my privacy. the ssh will be used all the time...but i understand that it is far from real privacy from sender to receiver. oh, well...

Basically 90% of the config is with the pgp corp's program, automatic should just work for you, since there is no need for ssh (its a network suite for connectivity using encryption to avoid sending everything in plain text.)

*yes i also believe the encryption is 90% done by pgp as i configure it up. but when you say "automatic should work just fine for you" are you assuming i will drop ssh? please assume i will keep ssh...so i do want manual. again, let's say 2% of my emails might be encrypted by pgp in real daily use.

As far as eudora, I've never used it so can't really help with that, however setting it up for localhost should be enough.

*ok i will see how this fits with pgp's guidance...note anonymizer app gives the customer a free email address of *@mail.anonymizer.com which is automatically configured to localhost also...for both smtp outgoing and pop incoming.

Basically what's happening is that pgp's program will watch for emails on the two ports and act as a intermediary between the email client and the accounts.

*yes this is how i see it. but in keeping ssh from anonymizer app then i need manual settings according to pgp.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top