providing IMAP password to a mutt running on a remote host

Bastian Tweddell bastian-muttuser at t6l.de
Fri May 29 07:48:25 UTC 2020


On 29May20 07:33+0200, Matthias Apitz wrote:
> I often use mutt on some remote Linux host of my ISP about which I do
> not have control as root, just a SSH login is provided. Due to this I do
> not want to store the IMAP password in ~/.muttrc or where ever there in
> plain text.
> 
> The SSH connection is initiated from my local FreeBSD laptop using RSA
> and a ssh-agent, i.e. I can do there on the remote host also:
> 
> $ ssh-add -l
> 1024 SHA256:kZHWaISpML7rzqVppZNTOR+r+6plvFsc967WqOJ5iKo /home/guru/.ssh/id_rsa (RSA)

Please note: You do not trust your ISP with your mail password, but you 
give them access to your ssh-agent which publishes your private ssh-keys 
in plain-text.
This would not harm, if that key's sole reason is to access this VPS, 
but then it would also be useless there. If that key is used to access 
other systems from that VPS, your ISP has access to them, too.

> Has someone an idea how could I provide to the remote mutt session the
> IMAP credentials stored on my local laptop? 

The idea behind your question is not quite clear to me. I understand you 
do not want to store your credentials in plain-text on the VPS host 
(that's very sane). I think you not want someone to grant access to your 
systems, who has access to your VPS-storage incl any backups.
What is your understanding / trust level with your ISP in terms of 
transient credentials - meaning, via agent forwarding, or 
entering a password, or password in environment, etc. root has access 
to all of those, too, in the running system. 

If transient credentials do not raise security concerns, than there are 
some techniques with which you could forward them to the VPS. Just out 
of the top of myhead: ssh could pass over an environment variable, a 
forwarded gpg.agent could decrypt a file on the VPS, a forwarded socket 
could answer with the password ... or just type the password when 
starting mutt.

hth

-- 
Bastian Tweddell
+49 163 886 8890


More information about the Mutt-users mailing list