Securely Access E-Mail Servers using Mac OS X
So, I finally got around to making a couple of AppleScript scripts to automate the tunneling of my SMTP and IMAP traffic through a secure SSH connection established to my mail server. Here are the steps I took.
First, I generated an SSH DSA key from a UNIX shell on my PowerBook. I suggest supplying a password for the DSA key since it will prevent an attacker who has access to the client (PowerBook) from accessing the remote system (mail server) without your DSA password. The command I used to create a key was "ssh-keygen -t dsa".
Next, I added an entry in my Mac OS X keychain for the DSA key password. The keychain is a secure way of consolidating your various security credentials with OS-level protection. I started the Keychain from "Applications->Utilities->Keychain Access". Then, I selected the "File->New Password Item" menuitem and supplied the password associated with the newly created DSA key:
I then created a shell script capable of starting the 'ssh-agent' program. The role of 'ssh-agent' is to cache SSH keys in memory so that the key password needs to be supplied only once. I gleaned this script from the MacTechNotes website. Here's the body of the script:
#!/bin/sh # # Check that the ssh-agent is running, and if not, kick it off # if [[ -z $SSH_AUTH_SOCK ]]; then SOCKETFILE=/Users/${USER}/tmp/ssh/ssh-agent.socket else SOCKETFILE=${SSH_AUTH_SOCK} fi /bin/ps -wU ${USER} | /usr/bin/grep "[s]sh-agent" > /dev/null if [[ $? -gt 0 ]]; then /bin/rm -f ${SOCKETFILE} /usr/bin/ssh-agent -a ${SOCKETFILE} > /dev/null /bin/chmod 600 ${SOCKETFILE} fi