]> git.madduck.net Git - etc/offlineimap.git/blobdiff - .offlineimap/preauthtunnel.sh

madduck's git repository

Every one of the projects in this repository is available at the canonical URL git://git.madduck.net/madduck/pub/<projectpath> — see each project's metadata for the exact URL.

All patches and comments are welcome. Please squash your changes to logical commits before using git-format-patch and git-send-email to patches@git.madduck.net. If you'd read over the Git project's submission guidelines and adhered to them, I'd be especially grateful.

SSH access, as well as push access can be individually arranged.

If you use my repositories frequently, consider adding the following snippet to ~/.gitconfig and using the third clone URL listed for each project:

[url "git://git.madduck.net/madduck/"]
  insteadOf = madduck:

Automate SSH keypair setup
[etc/offlineimap.git] / .offlineimap / preauthtunnel.sh
index b0acb504ee19833d8437251fc56a4b53123a013b..f70433b03fbcfbbe6aaaa53edd32dea95dfdbedc 100755 (executable)
@@ -1,17 +1,33 @@
 #!/bin/sh
 
-unset SSH_AUTH_SOCK
+REMOTE_HOST="$1"
+IMAP_COMMAND="${2:-MAIL=\$HOME/.maildir /usr/lib/dovecot/imap 2>/dev/null}"
 
-exec ssh -F ~/.offlineimap/ssh_config -i ~/.offlineimap/${1}.ssh-seckey ${1}
+SSH_KEY="$HOME/.offlineimap/${REMOTE_HOST}.ssh-seckey"
+SSH_OPTIONS="command=\"$IMAP_COMMAND\",no-agent-forwarding,no-X11-forwarding,no-port-forwarding,no-pty"
 
-# this relies on the IMAP command being specified on the server side, i.e. in
+if [ ! -f "$SSH_KEY" ]; then
+  ssh-keygen -f "$SSH_KEY" -C "OfflineIMAP from $(hostname --fqdn)" -N '' -t ed25519
+  COMMAND="echo '$SSH_OPTIONS $(cat "$SSH_KEY.pub")' >> .ssh/authorized_keys"
+  ssh -F ~/.offlineimap/ssh_config -o ControlPath=none -o IdentityAgent=SSH_AUTH_SOCK \
+    ${REMOTE_HOST} "$COMMAND"
+fi
+
+exec ssh -F ~/.offlineimap/ssh_config -i "$SSH_KEY" ${1} \
+  echo "You need to configure a password-less SSH keypair and have the public key in the remote\'s" \
+    "\~/.ssh/authorized_keys file, prefixed by \'$SSH_OPTIONS\'. You can try to invoke \'$0 $REMOTE_HOST\'"\
+    "from an interactive shell and it will attempt to set this up for you."
+
+# This relies on the IMAP command being specified on the server side, i.e. in
 # ~/.ssh/authorized_keys, put a line like the following
 #
 #   command="MAIL=$HOME/.maildir /usr/lib/dovecot/imap 2>/dev/null",no-agent-forwarding,no-X11-forwarding,no-port-forwarding,no-pty ssh-ed25519 AAA…
 #
-# Then, when you invoke this script directly, you should see the IMAP server
-# greet you:
+# When a command is specified like this, it overrides the instructions being
+# passed in the command above. So, when you invoke this script directly, you
+# should see the IMAP server greet you:
 #
 # % ~/.offlineimap/preauthtunnel.sh madduck-net.imap.madduck.net
 # * PREAUTH [CAPABILITY IMAP4rev1 […]] Logged in as madduck
 
+# vim:tw=0