[Users] configuring IMAP over SSH tunnel

Dan Lyke danlyke at flutterby.com
Fri Jun 6 00:25:28 CEST 2014 

On Thu, Jun 5, 2014 at 3:02 PM, Davide Mancusi <arekfu at yahoo.it> wrote:
> Is this the new RTFM? I would gladly provide a patch for the manual if
> someone explains how this option is supposed to work. I'm willing to
> experiment and I even tried to read the source code, but I'm unable to
> understand how claws handles the custom command without some
> basic knowledge about IMAP, POSIX programming and claws itself.

I don't know how this works in Claws, I haven't been following this
thread, and don't have the specifics to set this up, but when I've
implemented SSH tunnels...

SSH can connect to a remote service without prompting for a password
if you copy ~/.ssh/id_*.pub (whichever you have) to the
~/.ssh/authorized_keys on the remote machine. Roughly, this lets the
remote machine say "hey, if someone tries to log in with this key
signature, let me send them a 'nonce' encrypted with my private key
and their public key, and if they can decrypt it with their private
key and my public key and then send me back a variant, then I know
that the public key I have for them matches their private key".

(You can do this on Windows too, just like most things on Windows it's
a pain in the tailfeathers, and harder to describe and depends on
which SSH client you're using.)

You can also forward random ports over SSH, like so:

ssh -L1220:localhost:220 me at remoteserver.example.com

This starts listening on the local port 1220, starts an ssh session to
me at remoteserver.example.com, and then, on the far end, attempts to
connect to 220 on the localhost interface (on the remote machine).

So if I try to connect to *my* localhost:1220, the connection
invisibly goes through to remoteserver.example.com's localhost:220.

If I were the dude implementing this, what I'd have done is set up the
"Account preferences->Advanced->Use command to communicate with
server" option to start an SSH session like this, so that if I
configured the account to use localhost:1220 as my IMAP host and port,
it would get SSH tunnelled to the remote side.

If you wanted to test this procedure, see if I'm smoking crack or
right on the money, and figure out the tweaks necessary to make it
work with Claws, you'd be awesome and amazing and a bunch of other
cool "a" words.

Dan

More information about the Users mailing list