<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 2001/02/19 20:31:25 $
+<td width="30%" align=right>$Date: 2001/02/23 08:28:11 $
</table>
<HR>
<H1>Frequently Asked Questions About Fetchmail</H1>
<hr>
<h2><a name="K3">K3. How can I get fetchmail to work with ssh?</a></h2>
-We have five recipes for this.<P>
+We have three recipes for this.<P>
+
+<h3>Using plugin</h3>
+
+There's a very simple IMAP recipe using the <tt>plugin</tt> option.
+Use the following:
+
+<TT>
+ plugin "ssh %h /usr/sbin/imapd"
+</TT>
+
+You may have to use a different absolute pathname, whatever the
+location of imapd on your mailserver is. This option tells fetchmail
+that instead of opening a connection on the server's port 143 and
+doing standard IMAP authentication, fetchmail should ssh to the server
+and run imapd, using the more secure ssh authentication (as well as
+getting ssh's end-to-end encryption).<p>
<h3>Single-User POP3</h3>
Now just use localhost:1234 to access your POP server.<P>
-<h3>Multi-User IMAP</h3>
-
-This one comes comes to us from Joerg Dorchain.
-The basic idea is to set up a bidirectional encrypted socket connection:<p>
-
-<pre>
-fetchmail <--> ssh <---> sshd <--> imapd
- \---local side--/ \-remote side-/
-</pre>
-
-Use ssh-keygen(1) to set up a special ssh identity with no password
-and RSA-only authentication, which executes /usr/sbin/imapd when
-authenticated. For security reasons all other commands should be
-disabled. (There is some security exposure in using an identity
-without a passphrase; it means anyone who can get access to your
-account could use it to read your mail).<p>
-
-Running ssh-keygen will generate two files. Have it create the
-private key to ~/.ssh/identity-imap. Once you have generated the
-corresponding public key, prepend this to the line of key data in it:
-
-<pre>
-command="/usr/sbin/imapd",no-port-forwarding,no-agent-forwarding
-</pre>
-
-This identity data has to be appended to ~/.ssh/authorized_keys on the
-remote machine, as usual for RSA authentication. Whenever your ssh
-uses this identity, the remote side will run imapd. The imapd will
-see that it is not running as root and go into preauthenticated
-mode.<p>
-
-On the client side, use the <code>plugin</code> keyword to make
-fetchmail talk to the stdin of the remote ssh. Here's an examople:
-
-<pre>
-poll mail.dorchain.net
- with options proto imap, preauth ssh, plugin fetchmail-imap-wrapper
-</pre>
-
-The wrapper script should look like this:<p>
-
-<pre>
-#!/bin/sh
-exec ssh -i $HOME/.ssh/identity-imap $1 /usr/sbin/imapd
-</pre>
-
-<h3>Netcat-based POP or IMAP tunnelling</h3>
-
-Oren Tirosh <oren@mimique.com> sends us a method of using
-fetchmail over ssh without port forwarding, using the plugin keyword.<P>
-
-First, set up a poll entry resembling thius one:
-
-<TT>
-poll target.host plugin sshtunnel proto pop3 user foo password *
-</TT>
-
-The important part is the "plugin sshtunnel". Now set up sshtunnel
-as follows:<P>
-
-<TT>
-This is the sshtunnel script:
-#!/bin/sh
-ssh $1 "nc localhost $2"
-</TT>
-
-Thia method uses netcat to connect to the pop3 port locally on the
-target host and create a two-way channel over the ssh connection.<P>
-
-Oren says: "In my experience it is much more reliable than the methods
-described in your FAQ. ssh port forwarding often keeps the local port
-bound for along timeout and has timing issues requiring tricks like
-sleep, etc. I use this method for fetching all the mail for
-mimique.com"<P>
-
-<h3>Using plugin</h3>
-
-Since 5.4.5, there's been a very simple recipe. Use the following option:
-
-<TT>
- plugin "ssh %h /usr/sbin/rimapd"
-</TT>
-
-You may have to use a different absolute pathname. This option tells
-fetchmail that instead of opening a connection on the server's port
-143 and doing standard IMAP authentication, fetchmail should ssh to
-the server and run rimapd, using the more secure ssh authentication
-(as well as getting ssh's encryption).<p>
-
<hr>
<h2><a name="K4">K4. What do I have to do to use the IMAP-GSS protocol?</a></h2>
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 2001/02/19 20:31:25 $
+<td width="30%" align=right>$Date: 2001/02/23 08:28:11 $
</table>
<P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS>
projects / ~andy / fetchmail / commitdiff