51 lines
2.4 KiB
HTML
51 lines
2.4 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
|
|
<TITLE>Secure POP via SSH mini-HOWTO: Introduction</TITLE>
|
|
<LINK HREF="Secure-POP+SSH-2.html" REL=next>
|
|
|
|
<LINK HREF="Secure-POP+SSH.html#toc1" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="Secure-POP+SSH-2.html">Next</A>
|
|
Previous
|
|
<A HREF="Secure-POP+SSH.html#toc1">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s1">1. Introduction</A></H2>
|
|
|
|
<P>
|
|
<P>Normal POP mail sessions, by their very nature, are insecure. The password goes
|
|
across the network in cleartext for everyone to see. Now, this may be perfectly
|
|
acceptable in a trusted or firewalled environment. But on a public network,
|
|
such as a university or your run-of-the-mill ISP, anyone armed with a simple
|
|
network sniffer can grab your password right off the wire. This is compounded
|
|
by the fact that many people set their computers to check for mail at regular
|
|
intervals, so the password is sent out quite frequently, which makes it easy to
|
|
sniff.
|
|
<P>With this password, an attacker can now access your email account, which may
|
|
have sensitive or private information. It is also quite common that this
|
|
password is the same as the user's shell account, so there is the possibility
|
|
for more damage.
|
|
<P>By doing all POP traffic using an encrypted channel, <B>nothing</B> goes in
|
|
cleartext over the network. We can use ssh's diverse methods of authentication,
|
|
instead of a simple plaintext password. That is the real point of using this
|
|
method: not because we get encrypted content (which is futile at this point,
|
|
since it's probably gone unencrypted over several networks already before
|
|
reaching your mailbox; securing those communications is the job of GNU Privacy
|
|
Guard or PGP, not ssh), but the secure authentication.
|
|
<P>There are other methods of achieving secure authentication already, such as
|
|
APOP, KPOP, and IMAP. However, using ssh has the advantage that it works with
|
|
normal POP configurations, without requiring special client (not all mail
|
|
clients support advanced protocols) or server support (except for sshd running
|
|
on the server). You mail provider may be unable or unwilling to use a more
|
|
secure protocol. Besides, by using ssh you can compress the traffic too, which
|
|
is a nice little extra for people with slow connections.
|
|
<P>
|
|
<HR>
|
|
<A HREF="Secure-POP+SSH-2.html">Next</A>
|
|
Previous
|
|
<A HREF="Secure-POP+SSH.html#toc1">Contents</A>
|
|
</BODY>
|
|
</HTML>
|