l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
September 2: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2001 Dec 30 17:11

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Secure Email Access (fetchmail and ssh)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Secure Email Access (fetchmail and ssh)



Hmm, I'd say if you need to receive volatile information via email, just 
have people encrypt their messages via GnuPG or PGP.

I know it's not an ideal solution, but it seems like the simplest.

At 03:03 AM 10/12/2001 -0700, you wrote:
>On Fri, 12 Oct 2001, ME wrote:
>
> > On Thu, 11 Oct 2001, Matt Roper wrote:
> > > I am trying to find a secure way to have the box that I use as a mail
> > > server go download all my @ucdavis email from the UCD mail server.  My
> > > plan is to use fetchmail with an ssh preconnect string to accomplish
> > > this.  I believe that my .fetchmailrc file should have an entry that
> > > looks something like the following:
> > >
> > > poll yellow.ucdavis.edu via localhost port 1234 with proto pop3:
> > >     user 'mattrope' there with password 'XXXXXXX' is mattrope here
> > >     preconnect "ssh -f -q -L 1234:yellow.ucdavis.edu:110
> > >     yellow.ucdavis.edu sleep 20 < /dev/null > /dev/null"
> >
> > Hmmm...
> >
> > > The problem with this is that ssh would have to ask for my password
> > > every time it tries to connect to the UCD mailserver, which is
> > > unacceptable if fetchmail is running in daemon mode.  I believe that the
> > > way most people overcome this is by generating an ssh keypair with no
> > > passphrase and sticking the public key in their ~/.ssh/authorized_keys
> > > file on the server.  However UCD does not allow students to login to the
> > > mail servers directly, so there is no way I can put my public key on the
> > > server.  This seems to rule out the use of public key authentication for
> > > establishing a secure connection.
> >
> > I am not so sure that you can have an ssh client arbitrate a "secure
> > session" with a pop3 server (port 110) like that unless you are certain
> > the mail server also runs ssh and can allow for redirections with the
> > connecting ssh client. If there is really an ssh server on the mail
> > server, you may be able to grab your private keys on the server with scp
> > and make some guesses on the locations of the keys.
>
>If you don't have shell access, you probably don't have a home
>directory.  Without a home directory, where would your key be kept?
>
>[...]
>
> > There are many people on this list more skilled than me who might have
> > other ideas.
>
>With respect to unsecured public keys, Bill Broadley has discussed using
>ssh-agent to allow passphrase entry at bootup.  But that won't help if you
>can't keep a public key on the server.
>
>I would ask your sysadmin for a solution (preferably), or use expect as ME
>suggested.
>
>---------------------------------------------------------------------------
>Jeff Newmiller                        The     .....       .....  Go Live...
>DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
>                                       Live:   OO#.. Dead: OO#..  Playing
>Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
>/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
>---------------------------------------------------------------------------

Sam Peterson
Hart Interdisciplinary Programs
2201 Hart Hall
University of California, Davis
One Shields Avenue
Davis, California 95616
(530) 752-9332



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!