providing IMAP password to a mutt running on a remote host
Bastian Tweddell
bastian-muttuser at t6l.de
Fri May 29 07:48:25 UTC 2020
On 29May20 07:33+0200, Matthias Apitz wrote:
> I often use mutt on some remote Linux host of my ISP about which I do
> not have control as root, just a SSH login is provided. Due to this I do
> not want to store the IMAP password in ~/.muttrc or where ever there in
> plain text.
>
> The SSH connection is initiated from my local FreeBSD laptop using RSA
> and a ssh-agent, i.e. I can do there on the remote host also:
>
> $ ssh-add -l
> 1024 SHA256:kZHWaISpML7rzqVppZNTOR+r+6plvFsc967WqOJ5iKo /home/guru/.ssh/id_rsa (RSA)
Please note: You do not trust your ISP with your mail password, but you
give them access to your ssh-agent which publishes your private ssh-keys
in plain-text.
This would not harm, if that key's sole reason is to access this VPS,
but then it would also be useless there. If that key is used to access
other systems from that VPS, your ISP has access to them, too.
> Has someone an idea how could I provide to the remote mutt session the
> IMAP credentials stored on my local laptop?
The idea behind your question is not quite clear to me. I understand you
do not want to store your credentials in plain-text on the VPS host
(that's very sane). I think you not want someone to grant access to your
systems, who has access to your VPS-storage incl any backups.
What is your understanding / trust level with your ISP in terms of
transient credentials - meaning, via agent forwarding, or
entering a password, or password in environment, etc. root has access
to all of those, too, in the running system.
If transient credentials do not raise security concerns, than there are
some techniques with which you could forward them to the VPS. Just out
of the top of myhead: ssh could pass over an environment variable, a
forwarded gpg.agent could decrypt a file on the VPS, a forwarded socket
could answer with the password ... or just type the password when
starting mutt.
hth
--
Bastian Tweddell
+49 163 886 8890
More information about the Mutt-users
mailing list