...making Linux just a little more fun! |
By Nikolay Zhuravlev |
When not at work, I have to use a dial-up modem for all my network needs. However, I still want to have all the power and flexibility that Linux provides. More importantly, I want to be able to use the same tools at home that I am used to at work. Namely, slrn for USENET news and fetchmail for downloading emails. In this article, I am going to discuss the use of ssh tunnels and compression for efficient and secure delivery of news and mail over a dial-up connection.
As it was previously discussed , a combination of slrnpull and 'slrn --spool' can be used to fetch USENET news and read them offline. This is especially useful when there is only one user, and she is stuck with pay-per-hour dial-up connection. Let's look more closely into this issue.
First, one should avoid working under root as much as possible,
and use sudo instead. Use visudo
to edit /etc/sudoers and add the following lines
at the bottom:
# we want to be specific here jane localhost=/usr/bin/slrnpull -h news.server.comwhere jane is the username authorized to run the command
slrnpull -h news.server.com
from localhost.
Whenever Jane needs to fetch the news, she runs sudo:
jane@localhost ~$ sudo slrnpull -h news.server.com Password: jane@localhost ~$ slrn --spool
Fetching a large number of articles from a wide variety of USENET groups can take quite some time. Let us consider a scenario where Jane has ssh access to a machine with fast Internet. This could be a machine at work, at school, or even abroad. Assuming that the other machine can access news.server.com, and provided that there are no other obstacles (for ex. strict firewalling), an ssh tunnel with compression can be used to significantly speed up the news fetching, when done over a dial-up connection. A tunnel is established like this:
jane@localhost ~$ ssh -C -N -f -L 8081:news.server.com:119 janedoe@work.some.com jane@localhost ~$Here -C is for compression, -N and -f avoid executing the remote command and send ssh to background, and -L is for local port forwarding. Now, the lines in /etc/sudoers need to be adjusted to make use of the tunnel:
# we want to be specific here #jane localhost=/usr/bin/slrnpull -h news.server.com # notice the use of backslash jane localhost=/usr/bin/slrnpull -h localhost\:8081
Jane can now run slrnpull. Instead of trying to connect to news.server.com directly, slrnpull will connect to local port 8081 and the traffic will travels through an ssh tunnel between localhost and work.some.com.
jane@localhost ~$ sudo slrnpull -h localhost:8081 Password: jane@localhost ~$ slrn --spool
The two machines, i.e. the news server news.server.com and the work.some.com, are on the fast network. The connection between them is in clear-text and is not compressed. However, the localhost is connected to work.some.com via dial-up. The traffic between the later two is encrypted and compressed. The compression is the same as the one used by gzip. Compression of the ASCII traffic greatly decreases the download times, which is especially useful if one likes to subscribe to a lot of USENET groups. The proposed scheme also provides some privacy for Jane, since the traffic between her machine and work.some.com is encrypted.
Finally, to avoid typing long ssh commands to establish a tunnel, Jane could have something like this in her .ssh/config file:
Host work HostName work.some.com LocalForward 8081 news.server.com:119 IdentityFile /home/janedoe/.ssh/id_dsa Protocol 2 User janedoe CompressionLevel 6Notice that there is only one colon sign in the LocalForward line above. Now the tunnel can be established with just:
jane@localhost ~$ ssh -C -N -f work
Just don't forget to kill the old ssh tunnel before establishing a new one.
If in doubt, use netstat -tupan | grep LIS
to see what is
going on. The exact syntax of the commands may depend on the particular
flavor of SSH that you have. The above works for me (RH 9, openssh-3.5p1-1).
Also check out the article on
ssh-agent ,
which makes dealing with ssh even less painless.
In a similar fashion, ssh tunnels can be used in combination with fetchmail to retrieve email from the server. Just add a new LocalForward entry to the .ssh/config file:
Host work HostName work.some.com LocalForward 8081 news.server.com:119 LocalForward 8082 pop3.some.com:110 IdentityFile /home/janedoe/.ssh/id_dsa Protocol 2 User janedoe CompressionLevel 6and edit .fetchmailrc accordingly:
poll localhost with proto POP3 port 8082 user 'Doe0001' there with password "blah" is 'jane' here options fetchallSo, now the command
ssh -C -N -f work
will establish
two tunnels, one for the news and one for the pop3 mail.
Fire the fetchmail to see how it works:
fetchmail -e 50 -m "/usr/sbin/sendmail -oem -f %F %T"To learn more about fetchmail and setting up the email system check the recent issue of LG. My experience was that, on average, mail and news get downloaded at least twice as fast comparing to the conventional methods. Over a modem line, that is. To summarize, the use of ssh tunnels with compression provides both efficiency and security for your everyday communication. Use it, love it, and pass the knowledge along ;)
Born in Moscow, Russia, in 1976. I have been coding and/or messing
with computers in one way or another since I was 12.
I have entered the realm of *nix in 1995, and I never regretted it.
Currently, I am a Ph.D. student in the Department of Chemistry at
the University of Minnesota, MN.