8.16. Securing POP/IMAP with SSH and Pine
Problem
You want to read mail on a POP or IMAP mail server securely using Pine, with automatic authentication. The mail server machine runs an SSH daemon.
Solution
Use Pine’s built-in SSH subprocess feature, together with SSH public-key authentica tion and ssh-agent.
Set up SSH public-key authentication with the mail server machine. [Recipe 6.4]
Set up the SSH agent. [Recipe 6.9]
Set up the SSH authentication in your ~/.pinerc file:
inbox-path={mailserver/imap/user=username}inbox ssh-path=/usr/bin/sshSimply run pine, and it should automatically open your remote mailbox without prompting for a password or any other authentication credentials.
Discussion
Suppose your mail server is mail.server.net, and your account there is joe. First, arrange for public-key authentication to your login account on the server [Recipe 6.4] using ssh-agent. [Recipe 6.9] Verify that this works smoothly, e.g., you have all the necessary user and host keys in place, so that you can execute a command like this:
$ ssh -l joe mail.server.net echo FOO FOO
If you see any password or passphrase prompts, doublecheck your public key and ssh-agent setup. If you are prompted to accept the mail server’s SSH host key, get this out of the way as well. The preceding ssh command must succeed uninterrupted for Pine/SSH integration to work.
Next, log into the mail server machine and locate the mail server program.[2] Pine assumes its location is /etc/rimapd. If it’s not there, other likely ...
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
