Secure shell wrapped fetchmail tunnel 
=====================================

Presentation by P Hunter (hunter@owlriver.com)
to the Cental Ohio Linux User Group


Needed tools:

local host:
	fetchmail
	ssh
	sendmail

remote host:	(in this example, mail.colug.net)
	pop or imap server
	ssh
	mail and shell account


Install outline - local side

1.	Set up a local ~/.netrc

sample ~/.netrc

---------snip-------------

machine mail.colug.net        
	login hunter
	password TopS3cret 

default        
	login anonymous        
	password null@owlriver.com      

---------end snip-------------


2.	Make it safe

	chmod 700 ~/.netrc 
	chown hunter.hunter ~/.netrc 


3.	Set up a local ~/.fetchmailrc file

---------snip-------------
#
#
server mail.colug.net  port 31335 
	via localhost with proto pop3:
	user hunter        
	fetchall        
	limit   5000000        
	preconnect "/usr/bin/ssh -f -L 31335:mail.colug.net:110 \
		mail.colug.net sleep 20 </dev/null  >/dev/null" ;
#
---------end snip-------------

(the backspace continuation WILL NOT WORK -- that must be all one line)


4.	Make it safe

	chmod 700 ~/.fetchmailrc
	chown hunter.hunter ~/.fetchmailrc


5.	Confirm that you have a local public SSH key

	ls -al ~/.ssh

and look for a file":  identity.pub


6.	Make the local ~/.ssh safe

	chmod 700 ~/.ssh
	chown hunter.hunter ~/.ssh
	chmod 700 ~/.ssh/*
	chown hunter.hunter ~/.ssh/*


7.	Make a local 'earmarked copy' of the public key

	cp ~/.ssh/identity.pub  ~/.ssh/hunter.new.identity.pub


8.	Make sure there is a safe place to put the key at the remote end

	ssh mail.colug.net  mkdir ~/.ssh
	ssh mail.colug.net  chmod 700 ~/.ssh 
	ssh mail.colug.net  chown hunter.hunter ~/.ssh
	ssh mail.colug.net  chmod 700 ~/.ssh/*
	ssh mail.colug.net  chown hunter.hunter ~/.ssh/* 
	ssh mail.colug.net  chown hunter.hunter ~/.ssh/.* 


9.	Transfer the local earmarked public key to the remote host

	scp ~/.ssh/hunter.new.identity.pub mail.colug.net:~/.ssh


10.	Make it effective at the remote host

	ssh mail.colug.net cat ~/.ssh/hunter.new.identity.pub \
		>> ~/.ssh/authorized_keys


11.	Make the remote potentially new authorized_keys safe

	ssh mail.colug.net  chmod 700 ~/.ssh/* 
	ssh mail.colug.net  chown hunter.hunter ~/.ssh/* 


12.	Test ssh generally

	ssh mail.colug.net

	(no password should be required to connect)


13.	Test fetchmail

	fetchmail -a -v -v




( http://www.colug.net/notes/0009mtg/colug-fetchmail-tunnel.txt 
	- ver 0.03 - rev 000927)
Copyright (c) 2000 Owl River Company -- info@owlriver.com