From: martin f. krafft Date: Tue, 22 Mar 2022 09:01:52 +0000 (+0100) Subject: Automate SSH keypair setup X-Git-Url: https://git.madduck.net/etc/offlineimap.git/commitdiff_plain/32974a770e571940e88cd642ce64bbb3c05dd45b Automate SSH keypair setup --- diff --git a/.offlineimap/preauthtunnel.sh b/.offlineimap/preauthtunnel.sh index b341fc3..f70433b 100755 --- a/.offlineimap/preauthtunnel.sh +++ b/.offlineimap/preauthtunnel.sh @@ -1,10 +1,22 @@ #!/bin/sh -# Ensure we don't use an existing SSH agent -unset SSH_AUTH_SOCK +REMOTE_HOST="$1" +IMAP_COMMAND="${2:-MAIL=\$HOME/.maildir /usr/lib/dovecot/imap 2>/dev/null}" -exec ssh -F ~/.offlineimap/ssh_config -i ~/.offlineimap/${1}.ssh-seckey ${1} \ - echo -e "Please configure \~/.ssh/authorized_keys on the server and prepend the line with the public key corresponding to the password-less SSH key in ~/.offlineimap/${1}.ssh-seckey :\\\n\\\n 'command=\"MAIL=\$HOME/.maildir /usr/lib/dovecot/imap 2>/dev/null\",no-agent-forwarding,no-X11-forwarding,no-port-forwarding,no-pty'" +SSH_KEY="$HOME/.offlineimap/${REMOTE_HOST}.ssh-seckey" +SSH_OPTIONS="command=\"$IMAP_COMMAND\",no-agent-forwarding,no-X11-forwarding,no-port-forwarding,no-pty" + +if [ ! -f "$SSH_KEY" ]; then + ssh-keygen -f "$SSH_KEY" -C "OfflineIMAP from $(hostname --fqdn)" -N '' -t ed25519 + COMMAND="echo '$SSH_OPTIONS $(cat "$SSH_KEY.pub")' >> .ssh/authorized_keys" + ssh -F ~/.offlineimap/ssh_config -o ControlPath=none -o IdentityAgent=SSH_AUTH_SOCK \ + ${REMOTE_HOST} "$COMMAND" +fi + +exec ssh -F ~/.offlineimap/ssh_config -i "$SSH_KEY" ${1} \ + echo "You need to configure a password-less SSH keypair and have the public key in the remote\'s" \ + "\~/.ssh/authorized_keys file, prefixed by \'$SSH_OPTIONS\'. You can try to invoke \'$0 $REMOTE_HOST\'"\ + "from an interactive shell and it will attempt to set this up for you." # This relies on the IMAP command being specified on the server side, i.e. in # ~/.ssh/authorized_keys, put a line like the following @@ -18,3 +30,4 @@ exec ssh -F ~/.offlineimap/ssh_config -i ~/.offlineimap/${1}.ssh-seckey ${1} \ # % ~/.offlineimap/preauthtunnel.sh madduck-net.imap.madduck.net # * PREAUTH [CAPABILITY IMAP4rev1 […]] Logged in as madduck +# vim:tw=0