[FQuest Announce] QuestMail SSL (Secure Login) Now Available

**Arthur** · 07-15-2005, 05:35 AM

As part of the rollout of features being requested, webmail management, which includes sending/receiving and logging in to QuestMail, can now be done via a secured login link. This new functionality provides you a way to login securely to QuestMail as well as the ability to send and receive email via QuestMail over an SSL encrypted path.

The existing access link to QuestMail (http://QuestMail.FutureQuest.net) will continue to work as it always has. Those that wish to login via the secured server may do so by either visiting the existing link and then clicking on the "Secure Login" link or by going directly to the Secure Login page by pointing your browser to https://QuestMail.FutureQuest.net (note: just add an s to the http part of the original address)

We are certain those of you who utilize the webmail services provided via QuestMail will find this new access beneficial.

FutureQuest, Inc.
http://www.FutureQuest.net

*hobbes* · 07-15-2005, 07:45 AM

Nice addition, thanks. Now as soon as we have SSL for CNC then you'll get one of these:

*c n m 5* · 07-15-2005, 08:29 AM

Excellent work

*manish* · 07-15-2005, 09:00 AM

Thank you!!!!

Manish

*jenili* · 07-15-2005, 02:02 PM

Hobbes, you can tunnel your CNC connection over ssh. I've been doing it for a long time and worked out a system that doesn't get in my way at all. I do it with my pop and smtp mail too.

Step 1: Set up port forwarding in your ssh client... in this case, you want to forward tcp 80 (http) to myhost.tld (<-- replace with your domain name). Tell it not to accept or forward remote connections. This is the part that establishes the tunnel. Most ssh clients will allow you to save this as a profile.

Step 2: Create an entry in your etc/hosts file (yes, Windows has one too -- it's in %WINDIR%\system32\drivers, if memory serves) that points www.myhost.tld to 127.0.0.1. This is the part that lets your browser send the correct host header to FQ while actually communicating through the ssh tunnel.

Step 3: Log in using ssh with the port forwarding settings above. If you're on a Mac or *Nix-based system, you may have to give your computer a root password in order to establish the tunnel.

Step 4: OK, actually there is no Step 4. Just fire up your browser and hit your CNC.
Steps 1 and 2 are one-time things. Step 3 is an every-time thing.

Here is an important thing to remember. If you follow these instructions exactly, www.myhost.tld is tunneled, but myhost.tld is not. This has a couple of implications:

1. www.myhost.tld will *only* work when you're logged in via ssh. Other times, it'll give you "connection refused."

2. A tunneled connection takes up more system resources and is slower than a straight one, because both server and browser have to encrypt and decrypt all the communications and content. So it would be best FQ-izenship to *only* use the tunneled connection for the CNC, not for regular development and browsing of your site.

3. Because you are establishing a single tunnel from your system, you can only do this to one of your sites at a time. I've tried setting it up with different port numbers on the client end, but it didn't work because a rewrite or something on the server end would bounce me back to www.myhost.tld.

After a while, you get into the habit of using www.myhost.tld for the CNC, and just myhost.tld for everything else.

HTH.

*jenili* · 07-15-2005, 02:02 PM

PS: Thank You FQ!!!!

**Terra** · 07-15-2005, 03:11 PM

Quote:

Now as soon as we have SSL for CNC then you'll get one of these

Egad, what is that I smell, it must be a skunk!

--
Terra
--Pay no attention to that man behind the curtain.--
FutureQuest

*hobbes* · 07-15-2005, 03:13 PM

jeni - That's how I've been connecting to CNC since coming to FQ (though w/o the hosts file mod so only the traffic I want is over SSL). However, I often find myself away from my primary system, and having seamless access to CNC via SSL would be most convenient.