#!/bin/sh
-# Ensure we don't use an existing SSH agent
-unset SSH_AUTH_SOCK
+REMOTE_HOST="$1"
+IMAP_COMMAND="${2:-MAIL=\$HOME/.maildir /usr/lib/dovecot/imap 2>/dev/null}"
-exec ssh -F ~/.offlineimap/ssh_config -i ~/.offlineimap/${1}.ssh-seckey ${1} \
- echo -e "Please configure \~/.ssh/authorized_keys on the server and prepend the line with the public key corresponding to the password-less SSH key in ~/.offlineimap/${1}.ssh-seckey :\\\n\\\n 'command=\"MAIL=\$HOME/.maildir /usr/lib/dovecot/imap 2>/dev/null\",no-agent-forwarding,no-X11-forwarding,no-port-forwarding,no-pty'"
+SSH_KEY="$HOME/.offlineimap/${REMOTE_HOST}.ssh-seckey"
+SSH_OPTIONS="command=\"$IMAP_COMMAND\",no-agent-forwarding,no-X11-forwarding,no-port-forwarding,no-pty"
+
+if [ ! -f "$SSH_KEY" ]; then
+ ssh-keygen -f "$SSH_KEY" -C "OfflineIMAP from $(hostname)" -N '' -t ed25519
+ COMMAND="echo '$SSH_OPTIONS $(cat "$SSH_KEY.pub")' >> .ssh/authorized_keys"
+ ssh -F ~/.offlineimap/ssh_config -o ControlPath=none -o IdentityAgent=SSH_AUTH_SOCK \
+ ${REMOTE_HOST} "$COMMAND"
+fi
+
+exec ssh -F ~/.offlineimap/ssh_config -i "$SSH_KEY" ${1} \
+ echo "You need to configure a password-less SSH keypair and have the public key in the remote\'s" \
+ "\~/.ssh/authorized_keys file, prefixed by \'$SSH_OPTIONS\'. You can try to invoke \'$0 $REMOTE_HOST\'"\
+ "from an interactive shell and it will attempt to set this up for you."
# This relies on the IMAP command being specified on the server side, i.e. in
# ~/.ssh/authorized_keys, put a line like the following
# % ~/.offlineimap/preauthtunnel.sh madduck-net.imap.madduck.net
# * PREAUTH [CAPABILITY IMAP4rev1 […]] Logged in as madduck
+# vim:tw=0