Re: ssh-agent (was: using a remote IMAP server and smarthost)

From: Florian Kulzer <florian.kulzer+debian@xxxxxxx>
Date: Thu, 30 Aug 2007 01:00:44 +0200

On Tue, Aug 28, 2007 at 20:09:03 +0100, Richard Lyons wrote:

On Sun, Aug 26, 2007 at 12:27:32AM +0200, Florian Kulzer wrote:
[...]

Method 2:
---------

You can set up mutt's sendmail command to use a short script which
invokes ssh to run sendmail on myvm directly. This requires that
sendmail works on myvm, though. The advantage is that you don't have to
do anything else before you send mail (unlike with method 1). It seems
that you do not have sendmail fully operational on myvm at the moment,
so maybe you will want to stick with method 1 right now. In any case,
here is the necessary wrapper script for method 2:

---------- STARTS BELOW (this line is not part of the script) ----------
#! /bin/sh
# sendmail-via-ssh.sh
# wrapper script for mutt to use sendmail via ssh
#
# activated by this option in ~/.muttrc:
# set sendmail="/path/to/sendmail-via-ssh.sh"

cat - | ssh myvm "/usr/sbin/sendmail -oem -oi $@"
---------- ENDS ABOVE (this line is not part of the script) ----------

[...]

Returning to this, after the essential problem was solved (the presence
of two dsn settings in my .muttrc), It is time to try method 2. I
assume this script is intended to address a real sendmail or exim4,
rather than the msmtp installed for the trial of method 1. As I read
the manual, the -oem -oi options are not relevant to msmtp.

Yes, it should just be

cat - | ssh myvm "/usr/bin/msmtp $@"

in the last line. However, I never actually tried this with msmtp, so I
am myself curious if it really works. (I always used this approach with
a postfix-provided sendmail command running on the remote machine.)

But, again if I understand Florian's earlier post, Method 2 requires the
use of sssh-agent. And I cannot see fromt he man page how to use it or
configure it.

IF I simply let mutt run the script as above, I get

ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory^M
ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory^M
ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory^M
Permission denied (publickey,keyboard-interactive).

So I think I really need the ssh-agent. Help anybody?

Ssh-agent is part of the openssh-client package. It should be started
with every X session by the /etc/X11/Xsession.d/90x11-common_ssh-agent
script. (See "ps -e | grep ssh-agent".)

However, ssh-agent needs a frontend to handle the interaction with the
user when a passphrase for a private key has to be entered. This seems
to be what you are missing. Install one of the packages that provide
"ssh-askpass":

$ aptitude -F '%p' search '~Pssh-askpass'
gtk-led-askpass
ssh-askpass-fullscreen
ssh-askpass-gnome

Then you will get a dialog to enter the passphrase. I am happy with
gtk-led-askpass and I run /usr/bin/gtk-led-askpass right when I start my
X session (via a simple symlink in ~/.kde/Autostart). This means that I
have to type my passphrase once and then every invocation of ssh or sftp
from within the X session works without me having to type the passphrase
again. (You can of course limit the lifetime of the passphrase if your
security philosophy requires this.)

If you don't use X then you have to start ssh-agent yourself, e.g. in
.bashrc or .bash_profile. You don't really need ssh-agent in any case,
but it will probably drive you crazy very quickly if you have to type
your passphrase anew with every single email that you send.

--
Regards, | http://users.icfo.es/Florian.Kulzer
Florian |

--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: ssh-agent (was: using a remote IMAP server and smarthost)
  - From: Ken Irving
- Re: ssh-agent (was: using a remote IMAP server and smarthost)
  - From: Richard Lyons

References:
- using a remote IMAP server and smarthost
  - From: Richard Lyons
- Re: using a remote IMAP server and smarthost
  - From: Florian Kulzer
- Re: using a remote IMAP server and smarthost
  - From: Richard Lyons
- Re: using a remote IMAP server and smarthost
  - From: Florian Kulzer
- ssh-agent (was: using a remote IMAP server and smarthost)
  - From: Richard Lyons

Prev by Date: Re: Strange 224.0.0.251 address being accessed on bootup
Next by Date: how to provide extra library paths?
Previous by thread: ssh-agent (was: using a remote IMAP server and smarthost)
Next by thread: Re: ssh-agent (was: using a remote IMAP server and smarthost)
Index(es):
- Date
- Thread

Relevant Pages

Re: Sendmail mail from script (Closed)
... your first option works i've just add another switch -v to ... There are multiple ways to send mail from perl script. ... print SENDMAIL $_; ... Check the last portion of files. ...
(perl.beginners)
Re: sendmail
... have applied your script but changed the ntpd service to sendmail. ... When the network manager dispatcher runs the script, ... It's been quite some time since I used dialup, ...
(Fedora)
RE: Sendmail mail from script
... There are multiple ways to send mail from perl script. ... print SENDMAIL $_; ...
(perl.beginners)
Re: checking user via script during SMTP conversation
... When you are talking Perl that must be compiled this is a bit of load when you could potentially be talking about multiple times per minute or even second. ... open door to anything you can script. ... relay control by performing a snmp check on the host and checking ... They allow you to have Sendmail do SO much. ...
(comp.mail.sendmail)
Redirecting an e-mail to a script
... Sendmail is now up and working great. ... redirect to a script. ... redirected to a script /opt/bb/bin/bb-mailack.sh. ... sendmail won't execute scripts. ...
(Fedora)