#!/bin/sh
-unset SSH_AUTH_SOCK
+REMOTE_HOST="$1"
+IMAP_COMMAND="${2:-MAIL=\$HOME/.maildir /usr/lib/dovecot/imap 2>/dev/null}"
-exec ssh -F ~/.offlineimap/ssh_config -i ~/.offlineimap/${1}.ssh-seckey ${1}
+SSH_KEY="$HOME/.offlineimap/${REMOTE_HOST}.ssh-seckey"
+SSH_OPTIONS="command=\"$IMAP_COMMAND\",no-agent-forwarding,no-X11-forwarding,no-port-forwarding,no-pty"
-# this relies on the IMAP command being specified on the server side, i.e. in
+if [ ! -f "$SSH_KEY" ]; then
+ ssh-keygen -f "$SSH_KEY" -C "OfflineIMAP from $(hostname --fqdn)" -N '' -t ed25519
+ COMMAND="echo '$SSH_OPTIONS $(cat "$SSH_KEY.pub")' >> .ssh/authorized_keys"
+ ssh -F ~/.offlineimap/ssh_config -o ControlPath=none -o IdentityAgent=SSH_AUTH_SOCK \
+ ${REMOTE_HOST} "$COMMAND"
+fi
+
+exec ssh -F ~/.offlineimap/ssh_config -i "$SSH_KEY" ${1} \
+ echo "You need to configure a password-less SSH keypair and have the public key in the remote\'s" \
+ "\~/.ssh/authorized_keys file, prefixed by \'$SSH_OPTIONS\'. You can try to invoke \'$0 $REMOTE_HOST\'"\
+ "from an interactive shell and it will attempt to set this up for you."
+
+# This relies on the IMAP command being specified on the server side, i.e. in
# ~/.ssh/authorized_keys, put a line like the following
#
# command="MAIL=$HOME/.maildir /usr/lib/dovecot/imap 2>/dev/null",no-agent-forwarding,no-X11-forwarding,no-port-forwarding,no-pty ssh-ed25519 AAA…
#
-# Then, when you invoke this script directly, you should see the IMAP server
-# greet you:
+# When a command is specified like this, it overrides the instructions being
+# passed in the command above. So, when you invoke this script directly, you
+# should see the IMAP server greet you:
#
# % ~/.offlineimap/preauthtunnel.sh madduck-net.imap.madduck.net
# * PREAUTH [CAPABILITY IMAP4rev1 […]] Logged in as madduck
+# vim:tw=0
projects / etc / offlineimap.git / blobdiff