[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh-agent (was: using a remote IMAP server and smarthost)

On Tue, Aug 28, 2007 at 20:09:03 +0100, Richard Lyons wrote:
> On Sun, Aug 26, 2007 at 12:27:32AM +0200, Florian Kulzer wrote:
> [...]
> > Method 2:
> > ---------
> > 
> > You can set up mutt's sendmail command to use a short script which
> > invokes ssh to run sendmail on myvm directly. This requires that
> > sendmail works on myvm, though. The advantage is that you don't have to
> > do anything else before you send mail (unlike with method 1). It seems
> > that you do not have sendmail fully operational on myvm at the moment,
> > so maybe you will want to stick with method 1 right now. In any case,
> > here is the necessary wrapper script for method 2:
> > 
> > ---------- STARTS BELOW (this line is not part of the script) ----------
> > #! /bin/sh
> > # sendmail-via-ssh.sh
> > # wrapper script for mutt to use sendmail via ssh
> > #
> > # activated by this option in ~/.muttrc:
> > # set sendmail="/path/to/sendmail-via-ssh.sh"
> > 
> > cat - | ssh myvm "/usr/sbin/sendmail -oem -oi $@"
> > ---------- ENDS ABOVE (this line is not part of the script) ----------
> 
> [...]
> 
> Returning to this, after the essential problem was solved (the presence
> of two dsn settings in my .muttrc), It is time to try method 2.  I
> assume this script is intended to address a real sendmail or exim4,
> rather than the msmtp installed for the trial of method 1.  As I read
> the manual, the -oem -oi options are not relevant to msmtp.

Yes, it should just be

cat - | ssh myvm "/usr/bin/msmtp $@"

in the last line. However, I never actually tried this with msmtp, so I
am myself curious if it really works. (I always used this approach with
a postfix-provided sendmail command running on the remote machine.)

> But, again if I understand Florian's earlier post, Method 2 requires the
> use of sssh-agent.  And I cannot see fromt he man page how to use it or
> configure it.
> 
> IF I simply let mutt run the script as above, I get
> 
>   ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory^M
>   ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory^M
>   ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory^M
>   Permission denied (publickey,keyboard-interactive).
>   
> So I think I really need the ssh-agent.  Help anybody?

Ssh-agent is part of the openssh-client package. It should be started
with every X session by the /etc/X11/Xsession.d/90x11-common_ssh-agent
script. (See "ps -e | grep ssh-agent".)

However, ssh-agent needs a frontend to handle the interaction with the
user when a passphrase for a private key has to be entered. This seems
to be what you are missing. Install one of the packages that provide
"ssh-askpass":

$ aptitude -F '%p' search '~Pssh-askpass'
gtk-led-askpass
ssh-askpass-fullscreen
ssh-askpass-gnome

Then you will get a dialog to enter the passphrase. I am happy with
gtk-led-askpass and I run /usr/bin/gtk-led-askpass right when I start my
X session (via a simple symlink in ~/.kde/Autostart). This means that I
have to type my passphrase once and then every invocation of ssh or sftp
from within the X session works without me having to type the passphrase
again. (You can of course limit the lifetime of the passphrase if your
security philosophy requires this.)

If you don't use X then you have to start ssh-agent yourself, e.g. in
.bashrc or .bash_profile. You don't really need ssh-agent in any case,
but it will probably drive you crazy very quickly if you have to type
your passphrase anew with every single email that you send.

-- 
Regards,            | http://users.icfo.es/Florian.Kulzer
          Florian   |
Reply to: