[pkg-fetchmail-maint] Bug#327250: patch: preconnect ssh tunnel documentation

Onno Benschop onno at itmaze.com.au
Thu Sep 8 17:51:07 UTC 2005 

Package: fetchmail
Version: 6.2.5-12
Severity: normal
Tags: patch


The documentation on getting an ssh tunnel to work in a debian environment is
not complete. If you have an environment where you're trying to get a tunnel
working without a prompt for password, the examples on the web don't work for
debian because fetchmail's home directory is /var/run/fetchmail which gets
cleaned out on reboot. Changing it won't work because it breaks the script in
/etc/init.d/fetchmail

The solution is to setup your ssh stuff in a separate directory and point the
preconnect at it like this:

	mkdir /var/lib/fetchmail /var/lib/fetchmail/.ssh
	chown -R fetchmail:nogroup /var/lib/fetchmail
	

Then create the file: /var/lib/fetchmail/.ssh/ssh_config with:

	UserKnownHostsFile = /var/lib/fetchmail/.ssh/known_hosts
	IdentityFile = /var/lib/fetchmail/.ssh/id_dsa
	IdentityFile = /var/lib/fetchmail/.ssh/identity


Then copy your .ssh keys into /var/lib/fetchmail/.ssh (You might want to change 
the permissions and ownership of the keys)


Then in your /etc/fetchmailrc, add the following (substituting your own local 
details):

	poll localhost with proto POP3 and port 11110:
		user 'username' there with password 'xxxx' is 'localUserName' here options fetchall
		preconnect "ssh -F /var/lib/fetchmail/.ssh/ssh_config -C -f username at example.com -L 11110:mail.example.com:110 sleep 5"


And as if by magic, your fetchmail will now use an ssh tunnel and won't break
when you upgrade fetchmail - until fetchmail configuration options change :)




-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)

Versions of packages fetchmail depends on:
ii  adduser                     3.63         Add and remove users and groups
ii  base-files                  3.1.2        Debian base system miscellaneous f
ii  debconf                     1.4.30.13    Debian configuration management sy
ii  debianutils                 2.8.4        Miscellaneous utilities specific t
ii  libc6                       2.3.2.ds1-21 GNU C Library: Shared libraries an
ii  libssl0.9.7                 0.9.7e-3     SSL shared libraries

-- debconf information:
* fetchmail/confwarn:
* fetchmail/systemwide: true
* fetchmail/initdefaultswarn:
* fetchmail/runasroot: false
  fetchmail/fetchidswarn:

More information about the pkg-fetchmail-maint mailing list