IMAP Access Over SSH Tunnel?

[greenleaf108]

Hi folks:

This is sort of a unique situation, but maybe one of you has an idea how to do it. I'm trying to connect SugarCRM to an IMAP server that is only available via an SSH tunnel. My question is - how can I securely establish a tunnel for the web server to use to synchronize emails?

Right now my apache webserver user is set up with no login shell, which I would rather not change. I don't mind typing in my private SSH key passcode to establish the tunnel manually, but how can I do this as the apache user?

thanks

Greenleaf

[greenleaf108]

Ok I figured this out. If anyone's interested, here's how to do it:

1. The ssh tunnel does not need to be running as apache. I was thankfully mistaken on this point. Set up your SSH tunnel as a normal, unprivileged user from your SugarCRM server to your IMAP server.
2. Open whatever port you used for the forwarding on your firewall if needbe. I recommend only allowing localhost to connect to the port, for added security. The rest of the world doesn't need to be probing your SSH-tunneled IMAP server.
3. Enter your IMAP user settings inside SugarCRM, using localhost and the port you specified above.
4. Voila - SSH-tunneled access to your IMAP server from within SugarCRM.

The only thing you will have to remember is that the secure tunnel will need to be re-established every time you reboot the server or lose connectivity.

[tdp]

2. Open whatever port you used for the forwarding on your firewall if needbe. I recommend only allowing localhost to connect to the port, for added security. The rest of the world doesn't need to be probing your SSH-tunneled IMAP server.

Could you elaborate a bit more on this? My understanding of an ssh tunnel is that the only port you need open is the SSH port (usually 22) on the server end. You shouldn't need to touch the firewall for the forwarded port.