Whenever you need to send your password across the Internet, there is a chance
that it can be sniffed. For this reason, many services have secure authentication
methods or secure alternatives. (For example, APOP authentication for e-mail and
SCP instead of FTP for file transfers.) However, some services do not have secure
alternatives, or some clients do not support the standard alternatives. (For example
Microsoft Outlook does not support APOP.) In the majority of cases, it is possible
to set up an SSH tunnel for such a service. If you have the SSH package on your
system (see: openssh.org) then you can follow
the instructions that came with it to set up a tunnel, but if you are already using
the TTSSH extension to the Tera Term terminal program, you already have everything
you need to easily set up SSH tunnels. This document will explain how to do so.
There is also a description of how to set up an SSH tunnel using the popular
First, a brief explanation of an SSH tunnel may be in order. Basically, what this
does is to pass any data you send to a port on your local machine across a secure,
encrypted connection to our server, where it is then redirected to the appropriate
port. What this means is that your password and data is only sent in cleartext
from your machine TO your machine, and from our server TO our server. When it is
actually sent from your machine to our server (and back), it is encrypted. This
pathway is known as a "tunnel", and anything going through that tunnel (including
passwords) is encrypted; safe from sniffers.
Using PuTTY to set up an SSH tunnel:
(Many thanks to Andy Levy for the above
- Download and install PuTTY from
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html (Be sure to get the Windows-style installer).
- Create a batch file named tunnel.bat (you can put it anywhere you
want) containing the following:
(Or if you prefer, you can download a copy by doing a right click and "save target as" on this link: tunnel.bat)
"C:\Program Files\PuTTY\plink.exe" NAME@twistedbits.net -pw PASS -L
Now, make the following changes to the tunnel.bat file:
- If you have installed PuTTY in a different location, be sure to change the
C:\Program Files\PuTTY\plink.exe path to point to wherever the installation put plink.exe
NAME with the usercode you use to log into the mail server, and
with your password
- In your mail program, set your POP3 server to "
localhost" and port
(should already be set) and use the same username and password as before
- Anytime you want to be able to check your email, tunnel.bat will have
to be running. You can place a shortcut to it in your Startup menu,
just make sure in the properties to set "Run" to "Minimized" so you
don't have to do it yourself.
- tunnel.bat will leave a command prompt window running in your taskbar
all the time. The connection might drop, but the batch file will restart it
if that ever happens.
- To kill the connection, simply close the tunnel.bat command prompt window.
Note that if you would like to set up additonal SSH tunnels to other services such as Web, etc. all you need to do is to duplicate the plink.exe line and change the port numbers. (If you need any help with this, please feel free to contact us at the e-mail address at the bottom of the screen.)
Using the TTSSH extension to Tera Term to set up an SSH tunnel:
In this example, we will show you how to use the TTSSH extension to Tera Term
to set up an SSH tunnel to download your e-mail and use the web based account
manager via a tunnel. However, the procedures listed here can be used for most
First, you will need to open up TTSSH, and connect to our server. (Well, any server
really, you just need to get the program open so that you can go to the setup menu.)
Once the program is running, go to
File, Setup, SSH Forwarding, as shown
That will bring up the window to the right. As you can see, a tunnel has already been set up
which directs anything locally on port 80 to port 80 at www.twistedbits.net. (Port 80 is the
default WWW port.)
Ok, lets set up a tunnel for downloading e-mail via POP3.
Click on the
Add button to set up a new tunnel.
This will bring up the dialog box shown to the right. You want to forward the local port
"pop3" to the remote machine "
mydomain.com", port "pop3". (When you are actually
setting this up for yourself, don't use "
mydomain.com", replace it with your own domain
name or "mail.twistedbits.net". Click the
You are now back at the previous window, where you can see local port 110 (POP3) has
been forwarded to "
mydomain.com", port 110.
OK button to exit this window.
Now you must save your configuration, or else when you exit Tera Term, these settings
will be lost. Go to
File, Save setup, as shown at right.
Save the settings to the default
Now, go to your e-mail client and change the settings. For this example, we would have our
POP3 server set to "
mydomain.com", or "
mail.twistedbits.net". Change this to "localhost"
instead. Essentially, you are telling your e-mail client to download your mail from
your own machine, port 110. (Of course, since the tunnel is set up, it will really be
downloading via the secure tunnel because the port is forwarded.)
To use the accunt manager in a secure window, you can open up your web browser and
http://localhost, as shown at right. Remember, we directed the local
port 80 to port 80 on www.twistedbits.net. Now, when you enter your password on the web
page, it isn't going across the Internet in clear text.
Here are the somewhat annoying things about setting up the tunnels. Firstly, you must open up
a connection to our server with Tera Term via SSH and log in successfully before the SSH
tunnels will be set up. Secondly, if you open up a second Tera Term window, you will get
the error message shown to the right. Its nothing to worry about, just annoying. What it
is telling you is that it couldn't set up some of the tunnels because the ports are already
in use. That's because the first Tera Term window you opened has ALREADY set up the tunnels,
so of course the ports are in use.
What you should be asking yourself whenever you use a program that connects to our server
and which requires a password is, "is this password being transmitted via plain text, or
is it encrypted?" If the program itself doesn't have provisions for encrypting the password,
then you may want to think about setting up an SSH tunnel as described above. For example,
if you are in the habit of viewing your WWW log analysis, you know that you go to
http://www.whateveryourdomainis.com/wwwlogs/reports, at which point you are asked to input your
password. This password is being submitted via plain text, and because it is the same
as your account password, you really should think about using an SSH tunnel instead.
To do this, you'd just set up Tera Term as described above to go from a local port to
port 80 at
www.whateveryourdomainis.com. Now, if you have already set up local port 80
www.twistedbits.net, you will need to choose a different local port, 8080 for example.
Another alternative is to simply use the tunnel which has already been set up by
Yet another alternative for viewing your log reports is to you can access our web site via SSL. To do so, type the following URL into your browser:
(Obviously, change "usercode" to your own actual usercode. The squiggly looking thing in front of usercode is a tilde, and it is usually located to the left of the "
1" key on your keyboard.)
If you have any problems, questions, etc. please feel free to contact us at