Hmm, I'd say if you need to receive volatile information via email, just have people encrypt their messages via GnuPG or PGP.
I know it's not an ideal solution, but it seems like the simplest. At 03:03 AM 10/12/2001 -0700, you wrote: >On Fri, 12 Oct 2001, ME wrote: > > > On Thu, 11 Oct 2001, Matt Roper wrote: > > > I am trying to find a secure way to have the box that I use as a mail > > > server go download all my @ucdavis email from the UCD mail server. My > > > plan is to use fetchmail with an ssh preconnect string to accomplish > > > this. I believe that my .fetchmailrc file should have an entry that > > > looks something like the following: > > > > > > poll yellow.ucdavis.edu via localhost port 1234 with proto pop3: > > > user 'mattrope' there with password 'XXXXXXX' is mattrope here > > > preconnect "ssh -f -q -L 1234:yellow.ucdavis.edu:110 > > > yellow.ucdavis.edu sleep 20 < /dev/null > /dev/null" > > > > Hmmm... > > > > > The problem with this is that ssh would have to ask for my password > > > every time it tries to connect to the UCD mailserver, which is > > > unacceptable if fetchmail is running in daemon mode. I believe that the > > > way most people overcome this is by generating an ssh keypair with no > > > passphrase and sticking the public key in their ~/.ssh/authorized_keys > > > file on the server. However UCD does not allow students to login to the > > > mail servers directly, so there is no way I can put my public key on the > > > server. This seems to rule out the use of public key authentication for > > > establishing a secure connection. > > > > I am not so sure that you can have an ssh client arbitrate a "secure > > session" with a pop3 server (port 110) like that unless you are certain > > the mail server also runs ssh and can allow for redirections with the > > connecting ssh client. If there is really an ssh server on the mail > > server, you may be able to grab your private keys on the server with scp > > and make some guesses on the locations of the keys. > >If you don't have shell access, you probably don't have a home >directory. Without a home directory, where would your key be kept? > >[...] > > > There are many people on this list more skilled than me who might have > > other ideas. > >With respect to unsecured public keys, Bill Broadley has discussed using >ssh-agent to allow passphrase entry at bootup. But that won't help if you >can't keep a public key on the server. > >I would ask your sysadmin for a solution (preferably), or use expect as ME >suggested. > >--------------------------------------------------------------------------- >Jeff Newmiller The ..... ..... Go Live... >DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... > Live: OO#.. Dead: OO#.. Playing >Research Engineer (Solar/Batteries O.O#. #.O#. with >/Software/Embedded Controllers) .OO#. .OO#. rocks...2k >--------------------------------------------------------------------------- Sam Peterson Hart Interdisciplinary Programs 2201 Hart Hall University of California, Davis One Shields Avenue Davis, California 95616 (530) 752-9332
