Since we are going off-topic all over the place, I will try to be the pillar of stability here. (I know, I know, but nobody else will do it.) I am starting a new thread, because this goes off-topic in a good way.
I believe it was Michael who wrote this memorable line, which immediately got my attention:
POP through an always present SSH tunnel.
Now, I have used ssh tunnels for lots of programs that are more (what's the word?) "passive"; that is, listening to online radio, xmpp clients, wget, youtube-dl and apt-get and other things like that, where I am mostly downloading data. But when I tried to run Kmail over any proxy connections, it would crash. It seemed to me that an ssh tunnel would be the way, but how to do it?
Bill
jabber/xmpp dr_mojo_contendo@hot-chilli.net
Anno domini 2020 Wed, 7 Oct 16:32:12 -0700 William Morder via tde-users scripsit:
Since we are going off-topic all over the place, I will try to be the pillar of stability here. (I know, I know, but nobody else will do it.) I am starting a new thread, because this goes off-topic in a good way.
You earned yourself a cookie :)
I believe it was Michael who wrote this memorable line, which immediately got my attention:
POP through an always present SSH tunnel.
Now, I have used ssh tunnels for lots of programs that are more (what's the word?) "passive"; that is, listening to online radio, xmpp clients, wget, youtube-dl and apt-get and other things like that, where I am mostly downloading data. But when I tried to run Kmail over any proxy connections, it would crash. It seemed to me that an ssh tunnel would be the way, but how to do it?
POP is running on somewhereelse. You connet to somewhereelse through ssh: ssh you@somewhereelse -L8110:localhost:110 Now somwherelse:110 (aka POP) is on your localhost:110 - ready for kmail to connext. Please note, that the "localhost" is leative to somewhereelse, not your local computer.
POP is running on a thepopserver, reachable from somewhereelse. You connet to sumewhereelse through ssh and build a tunel that ends on thepopserver. note, thepopserver only needs to be reachable from somewhereelse, not your local site: ssh you@somewhereelse -L8110:thepopserver:110 Now thepopserver:110 (aka POP) is on your localhost:110 - ready for kmail to connext.
Or use sshuttle to tunnel all your traffic through somewhereelse.
Note: the local end (on your local computer) of the tunnel is established immediately, the remote part (somewherelse) is established when something connects to the local end.
Nik
Bill
jabber/xmpp dr_mojo_contendo@hot-chilli.net ____________________________________________________ tde-users mailing list -- users@trinitydesktop.org To unsubscribe send an email to users-leave@trinitydesktop.org Web mail archive available at https://mail.trinitydesktop.org/mailman3/hyperkitty/list/users@trinitydeskto...
On Wednesday 07 October 2020 23:07:55 Dr. Nikolaus Klepp wrote:
Anno domini 2020 Wed, 7 Oct 16:32:12 -0700
William Morder via tde-users scripsit:
Since we are going off-topic all over the place, I will try to be the pillar of stability here. (I know, I know, but nobody else will do it.) I am starting a new thread, because this goes off-topic in a good way.
You earned yourself a cookie :)
Yet no ice cream or milk to go with it. Also, I believe there was some mention of apfelstrudel,* but my plate is still empty.
* apologies for missing umlaut P.S. We call it apple strudel in these here parts.
I believe it was Michael who wrote this memorable line, which immediately got
my attention:
POP through an always present SSH tunnel.
Now, I have used ssh tunnels for lots of programs that are more (what's the word?) "passive"; that is, listening to online radio, xmpp clients, wget, youtube-dl and apt-get and other things like that, where I am mostly downloading data. But when I tried to run Kmail over any proxy connections, it would crash. It seemed to me that an ssh tunnel would be the way, but how to do it?
POP is running on somewhereelse. You connet to somewhereelse through ssh: ssh you@somewhereelse -L8110:localhost:110 Now somwherelse:110 (aka POP) is on your localhost:110 - ready for kmail to connext. Please note, that the "localhost" is leative to somewhereelse, not your local computer.
POP is running on a thepopserver, reachable from somewhereelse. You connet to sumewhereelse through ssh and build a tunel that ends on thepopserver. note, thepopserver only needs to be reachable from somewhereelse, not your local site: ssh you@somewhereelse -L8110:thepopserver:110 Now thepopserver:110 (aka POP) is on your localhost:110 - ready for kmail to connext.
Just guessing, but I assume that the port number can be changed to, say, 995 -- right?
Also, does it work about the same with smtp?
Or use sshuttle to tunnel all your traffic through somewhereelse.
Note: the local end (on your local computer) of the tunnel is established immediately, the remote part (somewherelse) is established when something connects to the local end.
Nik
Thanks, Nik!
This is why I like the TDE mailing list. Somebody else has probably already tried out whatever I am just now imagining.
Bill
Anno domini 2020 Wed, 7 Oct 23:34:34 -0700 William Morder via tde-users scripsit:
On Wednesday 07 October 2020 23:07:55 Dr. Nikolaus Klepp wrote:
Anno domini 2020 Wed, 7 Oct 16:32:12 -0700
William Morder via tde-users scripsit:
Since we are going off-topic all over the place, I will try to be the pillar of stability here. (I know, I know, but nobody else will do it.) I am starting a new thread, because this goes off-topic in a good way.
You earned yourself a cookie :)
Yet no ice cream or milk to go with it. Also, I believe there was some mention of apfelstrudel,* but my plate is still empty.
- apologies for missing umlaut
P.S. We call it apple strudel in these here parts.
sweet tooth :) Sorry, but I just ate the last chinnmon rolls ...
I believe it was Michael who wrote this memorable line, which immediately got
my attention:
POP through an always present SSH tunnel.
Now, I have used ssh tunnels for lots of programs that are more (what's the word?) "passive"; that is, listening to online radio, xmpp clients, wget, youtube-dl and apt-get and other things like that, where I am mostly downloading data. But when I tried to run Kmail over any proxy connections, it would crash. It seemed to me that an ssh tunnel would be the way, but how to do it?
POP is running on somewhereelse. You connet to somewhereelse through ssh: ssh you@somewhereelse -L8110:localhost:110 Now somwherelse:110 (aka POP) is on your localhost:110 - ready for kmail to connext. Please note, that the "localhost" is leative to somewhereelse, not your local computer.
POP is running on a thepopserver, reachable from somewhereelse. You connet to sumewhereelse through ssh and build a tunel that ends on thepopserver. note, thepopserver only needs to be reachable from somewhereelse, not your local site: ssh you@somewhereelse -L8110:thepopserver:110 Now thepopserver:110 (aka POP) is on your localhost:110 - ready for kmail to connext.
Just guessing, but I assume that the port number can be changed to, say, 995 -- right?
Yes, sure. And you can change the local portnumber from 8110 to anything else - it just has to be > 1024 if you are not root. On a note: it's not advised to tunnel an encrypted protocol through an encrypted tunnel, 'cause it might reduce security - but that will most likely not impact this usecase.
Nik
Also, does it work about the same with smtp?
Sure :) ssh you@somewhereelse -L2525:somewherelse:25
Or use sshuttle to tunnel all your traffic through somewhereelse.
Note: the local end (on your local computer) of the tunnel is established immediately, the remote part (somewherelse) is established when something connects to the local end.
Nik
Thanks, Nik!
This is why I like the TDE mailing list. Somebody else has probably already tried out whatever I am just now imagining.
Bill ____________________________________________________ tde-users mailing list -- users@trinitydesktop.org To unsubscribe send an email to users-leave@trinitydesktop.org Web mail archive available at https://mail.trinitydesktop.org/mailman3/hyperkitty/list/users@trinitydeskto...
On Thursday 08 October 2020 01:55:36 am Dr. Nikolaus Klepp wrote:
Anno domini 2020 Wed, 7 Oct 23:34:34 -0700
William Morder via tde-users scripsit:
On Wednesday 07 October 2020 23:07:55 Dr. Nikolaus Klepp wrote:
Anno domini 2020 Wed, 7 Oct 16:32:12 -0700
William Morder via tde-users scripsit:
I believe it was Michael who wrote this memorable line, which immediately got
my attention:
POP through an always present SSH tunnel.
that an ssh tunnel would be the way, but how to do it?
No offense Nik, your somewhereelse anthology left me a bit confused, attached is a filtered bash script I use to maintain the SSH tunnel. In my use case, I’m always connected to the server anyway, so adding the tunnel just made sense.
My KMail setup is (change whatever you need to for your specific mail setup):
Menu >> Settings >> Configure, Accounts
Receiving, Add, Account Type: POP3
Tab: General
Login: Mail account name Password: Mail account password Host: 127.0.0.1 Port: 58110
Yes: Store POP password {the rest whatever you normally do}
Tab: Extras
Encryption: None Authentication Method: Clear text {You can check what the server does, in my case it’s going through the tunnel on a box I own, so I leave it simple} {pipelining: I’ve never enabled it, the warning is enough for me...}
Sending, Add, Transport: SMTP
Tab: General
Host: 127.0.0.1 Port: 58025
Yes: Server requires authentication Login: Mail account name Password: Mail account password Yes: Store SMTP password
Tab: Security Encryption: TLS Authentication Method: LOGIN
# # #
Hopefully that helps!
Best, Michael
On Thursday 08 October 2020 07:21:59 Michael via tde-users wrote:
On Thursday 08 October 2020 01:55:36 am Dr. Nikolaus Klepp wrote:
Anno domini 2020 Wed, 7 Oct 23:34:34 -0700
William Morder via tde-users scripsit:
On Wednesday 07 October 2020 23:07:55 Dr. Nikolaus Klepp wrote:
Anno domini 2020 Wed, 7 Oct 16:32:12 -0700
William Morder via tde-users scripsit:
I believe it was Michael who wrote this memorable line, which immediately got
my attention:
POP through an always present SSH tunnel.
that an ssh tunnel would be the way, but how to do it?
No offense Nik, your somewhereelse anthology left me a bit confused, attached is a filtered bash script I use to maintain the SSH tunnel. In my use case, I’m always connected to the server anyway, so adding the tunnel just made sense.
My KMail setup is (change whatever you need to for your specific mail setup):
Menu >> Settings >> Configure, Accounts
Receiving, Add, Account Type: POP3
Tab: General
Login: Mail account name Password: Mail account password Host: 127.0.0.1 Port: 58110
Yes: Store POP password {the rest whatever you normally do}
Tab: Extras
Encryption: None Authentication Method: Clear text {You can check what the server does, in my case it’s going through the tunnel on a box I own, so I leave it simple} {pipelining: I’ve never enabled it, the warning is enough for me...}
Sending, Add, Transport: SMTP
Tab: General
Host: 127.0.0.1 Port: 58025
Yes: Server requires authentication Login: Mail account name Password: Mail account password Yes: Store SMTP password
Tab: Security Encryption: TLS Authentication Method: LOGIN
# # #
Hopefully that helps!
Best, Michael
Thanks, Michael!
It's all grist for the mill. From these hints, together with a little reading and study of the matter, together with what I've already done, I can probably figure out the rest.
I did notice that Nik mentioned using an ssh tunnel for *all* system traffic, and I like that idea, too. It sounds kinda like Tails, or its Devuan version, Heads; I tried out both, but wanted to stick with my own Devuan system, so that may show the way for me there.
Besides, certain sites won't function adequately for me over a proxy, no matter what, when I need to pay bills or buy something, etc., so it's good to be able to switch from a proxy to a direct connection now and then.
Bill
On Thursday 08 October 2020 12:03:02 pm William Morder via tde-users wrote:
It's all grist for the mill. From these hints, together with a little reading and study of the matter, together with what I've already done, I can probably figure out the rest.
I did notice that Nik mentioned using an ssh tunnel for *all* system traffic, and I like that idea, too. It sounds kinda like Tails, or its Devuan version, Heads; I tried out both, but wanted to stick with my own Devuan system, so that may show the way for me there.
An ssh tunnel for *all* system traffic is just a VPN. Buy a cheap VPS (<$25US/yr) which becomes your 'VPN provider.' Then follow published guides to setup you local proxy and/or network interface to route through the SSH tunnel to your VPS.
It’s pretty easy.
To make it a bit easier (and harder at the same time?) setup a LEAF* box on a Pi (or that other $35 dollar computer on a board) to provide DHCP and then you computer doesn’t even know it’s being re-routed. This is the easiest way to do ‘whole house’ VPN type stuff.
Best, Michael
* http://leaf.sourceforge.net/ ^ Not the only software that’ll do this...
Anno domini 2020 Thu, 8 Oct 14:15:02 -0500 Michael via tde-users scripsit:
On Thursday 08 October 2020 12:03:02 pm William Morder via tde-users wrote:
It's all grist for the mill. From these hints, together with a little reading and study of the matter, together with what I've already done, I can probably figure out the rest.
I did notice that Nik mentioned using an ssh tunnel for *all* system traffic, and I like that idea, too. It sounds kinda like Tails, or its Devuan version, Heads; I tried out both, but wanted to stick with my own Devuan system, so that may show the way for me there.
An ssh tunnel for *all* system traffic is just a VPN. Buy a cheap VPS (<$25US/yr) which becomes your 'VPN provider.' Then follow published guides to setup you local proxy and/or network interface to route through the SSH tunnel to your VPS.
You can use "sshuttle" for this.
Nik
It’s pretty easy.
To make it a bit easier (and harder at the same time?) setup a LEAF* box on a Pi (or that other $35 dollar computer on a board) to provide DHCP and then you computer doesn’t even know it’s being re-routed. This is the easiest way to do ‘whole house’ VPN type stuff.
Best, Michael
http://leaf.sourceforge.net/ ^ Not the only software that’ll do this... ____________________________________________________ tde-users mailing list -- users@trinitydesktop.org To unsubscribe send an email to users-leave@trinitydesktop.org Web mail archive available at https://mail.trinitydesktop.org/mailman3/hyperkitty/list/users@trinitydeskto...
-
Dr. Nikolaus Klepp -
Michael -
William Morder