Re: SSH Blocking (and then IMAP passwords)

To: debian-user@lists.debian.org
Subject: Re: SSH Blocking (and then IMAP passwords)
From: Jacob S <stormspotter@6Texans.net>
Date: Sat, 30 Apr 2005 20:51:32 -0500
Message-id: <[🔎] 20050430205132.4b295286@jacob.6texans.net>
In-reply-to: <[🔎] 20050430232949.GA2635@hank.org>
References: <3Xd4r-8nX-3@gated-at.bofh.it> <[🔎] 1vnq61tob5uknagun4gggddhu47cbfjgjq@4ax.com> <[🔎] 20050430232949.GA2635@hank.org>

On Sat, 30 Apr 2005 16:29:50 -0700
Bill Moseley <moseley@hank.org> wrote:

> On Mon, Apr 25, 2005 at 02:26:04PM -0700, Beretta wrote:
> > The windows ssh client PuTTY.exe will easily fit on a floppy disk
> > (368KB) and the private key half of a private/public key pair should
> > consume around 2KB (for a total of 370KB) Of course, I personally
> > prefer to keep my stuff on a USB thumbdrive as they seem to be much
> > more reliable than floppies.
> 
> Scares the crap out of me using someone's Windows machine to connect
> with putty.  I fear spyware key loggers.  I assume they exist.  I
> used to carry a small bootable linux distribution, but I can't always
> convince people to let me boot off it.
> 
> I guess you cannot trust any machine you use that isn't your own.

Yep. I've thought about the same thing and the only real solution I can
come up with is to always carry a laptop/pda around with me if I want to
be able to ssh/read passwords from my usb key or anything else.

> Single use passwords are a good idea, but seems like a pain to use.
> When working from a remote machine I often connect multiple times
> during the same session (yes, I also use screen).
> 
> One hole I worry about is web mail.  I setup webmail (over SSL) for my
> wife to use, and disabled her account so no ssh logins.  Again, it's
> that fear of someone snooping.  But, I get lazy and use the webmail
> access once in a while, and although it's over an SSL connection I'm
> typing my password in on an untrusted machine.
> 
> I use exim4 to deliver to procmail which then delivers to Maildir
> directories.  I use IMAP to access the mail with the "authpam"
> authentication module.
> 
> I need to setup Courier IMAP to use a different set of passwords --
> but still have read/write access to each user's $HOME/Maildir.
> 
> Anyone have a suggestion on how best to do that?

I used the following tutorial to setup virtual domains with Postfix and
courier for pop3/imap. This way e-mail passwords are totally unrelated
to shell accounts. The only problem I can see then is if you wanted to
be able to run Mutt or another client _on the server_ to access your
mail folders, as the uid/gid of the mailboxes is set for the various
daemons to be able to access it. But I consider it to be more secure, as
you can chroot the daemons, more easily avoid daemons running as root,
etc.

This tutorial uses Postfix, but I'm sure Exim4 can do similar stuff.

http://www.workaround.org/articles/ispmail-sarge/

HTH,
Jacob

Reply to:

Follow-Ups:
- Re: SSH Blocking (and then IMAP passwords)
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>

References:
- Re: SSH Blocking
  - From: Beretta <invalid@invalid.org>
- Re: SSH Blocking (and then IMAP passwords)
  - From: Bill Moseley <moseley@hank.org>

Prev by Date: Re: localhost vanished
Next by Date: Re: SSH Blocking (and then IMAP passwords)
Previous by thread: Re: SSH Blocking (and then IMAP passwords)
Next by thread: Re: SSH Blocking (and then IMAP passwords)
Index(es):
- Date
- Thread