[linux-elitists] right MTA for crypto support

Don Marti dmarti@zgp.org
Tue Aug 27 10:27:08 PDT 2002


begin Eugen Leitl quotation of Tue, Aug 27, 2002 at 03:02:24PM +0200:

> Consider me living in Nigeria, as far as connectivity is concerned. No 
> SDSL/cable with static IP in my immediate future.

Actually I met a guy from Nigeria who is hella connected.
(No antenna ordinances in his area.)  Their connectivity is good
enough to support a really ugly web site!  http://www.niser.org.ng/

No budget, no problem!  Monopoly Phone Company and Authoritatian
Zoning Board...problem.

If you have an account on a server with a static IP address, ssh
port forwarding is your friend.

It would be good to have a tunnel in /etc/inittab so that by the
time you log in, port 25 on localhost is already transparently
forwarded to the other box.   And init will bring the tunnel back
if it goes down.  Something like this:

st:23:ssh -i /etc/ssh/tunnel-only -NL 25:localhost:25 you@shellbox.example.org

You need a separate ssh key to do it, since your regular one has
a passphrase on it.  (right?)

What I'm not clear on -- man sshd has the command="command" option
for authorized_keys -- can you just say command="/bin/false" for the
(no-passphrase) key you use for tunnelling, and be safe?

-- 
Don Marti                                          
http://zgp.org/~dmarti                       Help spread accurate information 
dmarti@zgp.org                      about Xenu and the Church of Scientology.
KG6INA           <a href="http://xenu.net/">Scientology</a> on your web site.



More information about the linux-elitists mailing list