#!/bin/sh

# Ensure we don't use an existing SSH agent
unset SSH_AUTH_SOCK

exec ssh -F ~/.offlineimap/ssh_config -i ~/.offlineimap/${1}.ssh-seckey ${1} \
  echo -e "Please configure \~/.ssh/authorized_keys on the server and prepend the line with the public key corresponding to the password-less SSH key in ~/.offlineimap/${1}.ssh-seckey :\\\n\\\n  'command=\"MAIL=\$HOME/.maildir /usr/lib/dovecot/imap 2>/dev/null\",no-agent-forwarding,no-X11-forwarding,no-port-forwarding,no-pty'"

# This relies on the IMAP command being specified on the server side, i.e. in
# ~/.ssh/authorized_keys, put a line like the following
#
#   command="MAIL=$HOME/.maildir /usr/lib/dovecot/imap 2>/dev/null",no-agent-forwarding,no-X11-forwarding,no-port-forwarding,no-pty ssh-ed25519 AAA…
#
# When a command is specified like this, it overrides the instructions being
# passed in the command above. So, when you invoke this script directly, you
# should see the IMAP server greet you:
#
# % ~/.offlineimap/preauthtunnel.sh madduck-net.imap.madduck.net
# * PREAUTH [CAPABILITY IMAP4rev1 […]] Logged in as madduck