can't tunnel my imap with ssh

[Shaq fu]

I’m running OS X 10.0.4 and I’m trying (unsuccessfully) to have my imap traffic tunnelled through ssh. I’ve been able to do this successfully for some time under OS 8.6 and also under 10.0.x using the classic app MacSSH. But when I tried to do the ssh tunneling with OpenSSH from the command line,

me% ssh -L 143:mail.server.dom:143 mail.server.dom

I got the following message:

Privileged ports can only be forwarded by root.

So then I tried to do the same ssh connection using sudo:

me%sudo -L 143:mail.server.dom:143 mail.server.dom

And it now allows the ssh connection. However, on launching my email app, it complains that it can’t connect to the mail server.
I’m only guessing here, but is the problem with my last attempt the fact that each user on a multiuser system (like OS X) has their own set of tcp ports, and therefore I opened an ssh tunnel for the root user’s port 143, and not for my own account’s port?

Anyway does anyone know a work around for this problem? I would prefer to use OpenSSH over MacSSH because I don’t want to have to launch classic every time I want to check my email.

[blb]

Ports are definitely system-wide, so it's not that. First thing I'd try is to see if you can (in Terminal) do a

Code:

telnet localhost 143

to verify the tunnel is actually in place. I just tried

Code:

sudo ssh -L 143:mailhost:143 mailhost

myself, and I saw, through telnet, the connection work just fine. Note, when you do the sudo ssh, it is asking for root's password on the remote end, unless you use

Code:

sudo ssh -L 143:mailhost:143 myuser@mailhost

.

[cLouD[x]]

Try forwarding a port larger than 1024. 1430 for example. then set the mail.app to connect through 1430 to the localhost. The -L option sets your local port map.

[Shaq fu]

To blb:

That was a good suggestion to test the tunnel with a telnet connection. I tried that and it connected through to my mail server just fine.
I was aware that I needed to submit my remote user name in the ssh command line,
( I used -l remote_username), I just neglected to include that in my previous post.

cLouD[x],
I tried your suggestion also. I was successful at creating a tunnel at port 1430 without using sudo. However, my mail app still couldn't connect to the server. Yes, I did remember to tell the email program to look at local port 1430 instead of 143.

Could the problem be that my email app is a classic app (specifically Eudora 5.0)?

[blb]

Quote:

Originally posted by Shaq fu
...
Could the problem be that my email app is a classic app (specifically Eudora 5.0)?

That would be it exactly; apparently, Classic (and its apps) don't see the OS X ports. Just tried using Nifty Telnet to telnet back to localhost, which was refused, yet it works just fine in Terminal. Guess for Classic apps, your best bet is to use the Classic MacSSH.

[cLouD[x]]

Why don't you try using Mail.app to try to connect to your server first. If that works, then surely Eudora X would work with it in X. If it doesn't, post it and me and the rest will help you figure it out.

P.S classic apps may not be able to see the ssh tunnel because of the ssh binaries Classic and OS X type.

Good Luck. There's a lot of trial and error work to be done.

[Shaq fu]

I knew of the OS X version of Eudora, but I've hesitated downloading it since its still very much a beta. At least that's the impression I get from reading the reviews at versiontracker. When they update it, I'll give it a try.

One of the first things I tried in OS X was Mail.app. Unfortunately I ran into a problem many other imap users had: There is no way to tell Mail.app the location of my mail directory on the mail server and it just assumes that my home directory on the server is my mail directory. Mail.app then assumes that every file and directory in my home directory is mail related. Not pretty, and definitely not usable in that state . I don't know if they fixed this problem in the X 10.1 version of Mail.app.
I just now ran Mail.app, though, and was able to confirm that it was able to connect through an SSH tunnel, so that seems to confirm that there is some disconnect between ports in OS X and Classic.
At some point I would like to avoid having to load Classic to check my email, but for now Classic Eudora and MacSSH is a suitable work around. This thread helped me answer my main problem of setting up a usable ssh tunnel without resorting to Classic, so that when I get a suitable native X email client I'll be set. Thanks folks.

[blb]

Note, if your biggest problem with Mail.app is the inability to specify a path for mail, the version with 10.1.1 (at least, didn't check just 10.1 at this point) has an option, "Account path prefix" which does what you're looking for.