[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [VM] imap-ssh and passwords
|
From: |
Matthew Vernon |
|
Subject: |
Re: [VM] imap-ssh and passwords |
|
Date: |
Wed, 12 Oct 2011 15:15:51 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux) |
Uday Reddy <address@hidden>
writes:
> Matthew Vernon writes:
>
>> I'm not sure I agree that password-based authentication is inherently
>> less secure than public-key-based authentication, but that's getting
>> rather off-topic, isn't it? I don't think password-based ssh logins are
>> so dreadful an idea that VM should not support them as a policy issue or
>> anything like that.
>
> No, we don't have any policy that VM should not support it. That is the way
> Kyle Jones designed it. I don't know how easy or hard it might be to add
> password-based SSH authentication. If anybody is able to work on it and
> contribute a patch, I will be happy to incorporate it.
Further investigation suggests I was (somewhat) mistaken, but that the
ssh invocation is a bit buggy, I think.
Suppose my username on my machine running vm is alice, and my username
on my mailserver is bob. If I have:
("imap-ssh:login.mailserver.example.com:143:inbox:login:bob:*" "foo")
as my mailbox specification. If I then visit foo:inbox, then VM calls
ssh -L xxxx:login.mailserver.example.com:143 login.mailserver.example.com
...and this will try to log in as address@hidden,
which will fail.
In fact, if I am running emacs under X, then openssh can pop up a window
to ask for a password, and so password entry isn't an issue under
X11. It cannot do this in a terminal window, however[0].
I can work around this username problem by doing something like:
(setq vm-ssh-program-switches
'("-l" "bob")
)
...but that only works if my username is bob on /every/ mailhost I want
to imap/ssh to. I wonder if it would be better to add a username
argument to vm-setup-ssh-tunnel, and pass the username bit of the
maildrop specification to that?
>> The host concerned does not support imap/ssl, and has no plans to do so.
>
> That is ok. But I have mentioned the solution of ssh tunneling. Can you
> try that and see if that does the job for you?
Yes, it does.
Regards,
Matthew
[0] I'm not good enough an elisp hacker to fix this, I don't think.
--
`O'-----0 `O'---. `O'---. `O'---.
\___| | \___|0-/ \___|/ \___|
| | /\ | | \ | |\ | |
The Dangers of modern veterinary life
- [VM] imap-ssh and passwords, Matthew Vernon, 2011/10/11
- Re: [VM] imap-ssh and passwords, Uday Reddy, 2011/10/11
- Re: [VM] imap-ssh and passwords, Matthew Vernon, 2011/10/11
- Re: [VM] imap-ssh and passwords, Uday Reddy, 2011/10/11
- Re: [VM] imap-ssh and passwords, Tim Cross, 2011/10/11
- Re: [VM] imap-ssh and passwords, Matthew Vernon, 2011/10/12
- Re: [VM] imap-ssh and passwords, Uday Reddy, 2011/10/12
- Re: [VM] imap-ssh and passwords,
Matthew Vernon <=
- Re: [VM] imap-ssh and passwords, Tim Cross, 2011/10/12
- Re: [VM] imap-ssh and passwords, Matthew Vernon, 2011/10/13
- Re: [VM] imap-ssh and passwords, Tim Cross, 2011/10/13