Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Pine and ssh (sigh)

13 views
Skip to first unread message

Gopi Sundaram

unread,
Jan 30, 2001, 11:00:12 AM1/30/01
to
I know how many times this has been brought up before, but having read
the archives on Deja and the pine-info archives, I still can't find a
solution to this problem: Pine still prompts me for a password when
logging into my IMAP server.

I set the rsh-timeout to 0, and the rsh-command and rsh-path empty.

Then, I set the ssh path (/usr/local/bin/ssh) and the ssh-command
(%s %s -l %s exec /usr/sbin/%sd), set the ssh-timout to 30.

I have my keys set up correctly. I can ssh to the IMAP server without
a password fine. When I try to get Pine to, it fails. I ran it with
the -d9 flag. Surprisingly, the message from the IMAP server is

* OK xxxxx.xx.edu IMAP4rev1 v12.250 server ready
instead of
* PREAUTH xxxxx.xx.edu IMAP4rev1 v12.250 server ready

If I use rsh, it works fine. If I use ssh in the rsh fields, it
doesn't. If I type in the command
/usr/local/bin/ssh xxxx -l gopalan exec /usr/sbin/imapd
at a shell prompt, I get a pre-authenticated IMAP session correctly.

Is there anything else I need to check?

--
Gopi Sundaram
go...@cse.sc.edu
http://www.cse.sc.edu/~gopalan/Pine/


Mark Crispin

unread,
Jan 30, 2001, 4:13:42 PM1/30/01
to Gopi Sundaram
On Tue, 30 Jan 2001, Gopi Sundaram wrote:
> When I try to get Pine to, it fails. I ran it with
> the -d9 flag. Surprisingly, the message from the IMAP server is
>
> * OK xxxxx.xx.edu IMAP4rev1 v12.250 server ready
> instead of
> * PREAUTH xxxxx.xx.edu IMAP4rev1 v12.250 server ready

This means that you got a TCP connection instead of one through ssh.

The rules for which type of connection to use for IMAP are complex. Here
they are:

1) If anonymous, or explicit port specified, or /ssl specified, then open
a TCP connection (using SSL if /ssl specified) and return it.
2) else if can open an ssh connection, return it.
3) else if try-alternative-authentication-driver-first set or /tryalt
specified, and can open a TCP connection using SSL, return it.
4) else if can open an rsh connection, return it.
5) else return a non-SSL TCP connection

To open an ssh or rsh connection, the very first thing returned must be
the characters "* PREAUTH " with nothing else before it. If your ssh
returns anything else, it will not be used.

-- Mark --

http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.


Mark Crispin

unread,
Jan 30, 2001, 4:29:01 PM1/30/01
to Gopi Sundaram
On Tue, 30 Jan 2001, Gopi Sundaram wrote:
> Is there a way to get a look at the exact command that Pine has forked
> after all the %s formats have been substituted?

What I would do is run gdb and breakpoint at the point in routine
imap_open() that runs through those tests. If it seems that the first
imap_rimap() call (the one that uses "*imap" as the service name) is
failing, breakpoint either in imap_rimap() or all the way down to
tcp_aopen() and figure out what's going on.

Gopi Sundaram

unread,
Jan 30, 2001, 4:21:09 PM1/30/01
to Mark Crispin
[posted and mailed]

On Tue, 30 Jan 2001, Mark Crispin wrote:

> 1) If anonymous, or explicit port specified, or /ssl specified, then open
> a TCP connection (using SSL if /ssl specified) and return it.
> 2) else if can open an ssh connection, return it.

I did not attempt to connect anonymously. /ssl was not specified, nor
was a port number.

It should have gone to (2) next which should've worked.

> To open an ssh or rsh connection, the very first thing returned
> must be the characters "* PREAUTH " with nothing else before it.
> If your ssh returns anything else, it will not be used.

The problem is that when I try the ssh command at a shell-prompt, I
get the correct response from the server, but from within Pine I get
the non-pre-authenticated connection (was that a new word?)

Is there a way to get a look at the exact command that Pine has forked
after all the %s formats have been substituted?

--

Gopi Sundaram

unread,
Jan 30, 2001, 5:04:27 PM1/30/01
to
Stupid mistake. My inbox-path had an FQDN for the IMAP server, but my
known_hosts file for ssh had the unqualified hostname. Fixed that.

Now if only I could get my remote configuration without having to type
in my password. I tried giving it all the ssh- options on the command-
line but that didn't work.

On that note, does Pine open a separate IMAP connection to the server
if the remote pinerc and INBOX sit on the same server? Now I'm
thinking that if it doesn't, then specifying all this ssh stuff is
useless if I have a remote pinerc file.

Scott Leibrand

unread,
Jan 30, 2001, 6:55:29 PM1/30/01
to Pine Info Mailing List
On Tue, 30 Jan 2001, Gopi Sundaram wrote:

> Now if only I could get my remote configuration without having to type
> in my password. I tried giving it all the ssh- options on the command-
> line but that didn't work.
>
> On that note, does Pine open a separate IMAP connection to the server
> if the remote pinerc and INBOX sit on the same server? Now I'm
> thinking that if it doesn't, then specifying all this ssh stuff is
> useless if I have a remote pinerc file.

Has anyone ever gotten Pine to to use a preauthenticated (passwordless)
SSH connection to retrieve a remote .pinerc? At one point during
pre-release testing of the new remote .pinerc's and exception files, I
tried to get this to work by having a small local file that just specifies
the SSH options and the location of the remote .pinerc, but I couldn't get
it to work. So before I try it again, I'd like to know if anyone has
gotten this to work (and if so, how), or if anyone knows whether it should
be possible or not.

Thanks.
--
Scott Leibrand
leibran...@u.washington.edu (Yes, that is a valid address.)
http://students.washington.edu/leibrand
* Opinions expressed are mine. Everyone else can get their own. :) *
* RCW 19.190 notice: This email address is located in Washington State. *
* Unsolicited commercial email may be billed $500 per message. *

Gopi Sundaram

unread,
Jan 31, 2001, 9:11:13 AM1/31/01
to
On Tue, 30 Jan 2001, Scott Leibrand wrote:

> Has anyone ever gotten Pine to to use a preauthenticated
> (passwordless) SSH connection to retrieve a remote .pinerc?

<snip>


> So before I try it again, I'd like to know if anyone has gotten
> this to work (and if so, how), or if anyone knows whether it
> should be possible or not.

I have tried and failed. However, you should try as well, as I have
a poor track record with this ssh thing.

I think it should work. I tried giving all the ssh options on the
command-line. I didn't add the ones to disable rsh because according
to Mark, if the ssh pre-authentication succeeds, it shouldn't even get
to the rsh method. Needless to say, it doesn't work.

Of course, I haven't checked the source to see if it follows the same
procedures to open a remote pinerc as it does for an IMAP inbox. If it
doesn't, well hopefully it will in v4.33

Gopi Sundaram

unread,
Jan 31, 2001, 5:38:58 PM1/31/01
to Cristian Ionescu-Idbohrn
On Wed, 31 Jan 2001, Cristian Ionescu-Idbohrn wrote:

> On Tue, 30 Jan 2001, Gopi Sundaram wrote:

<snip>


> > Now if only I could get my remote configuration without having to type
> > in my password. I tried giving it all the ssh- options on the command-
> > line but that didn't work.
>

> did you try to put those options in $HOME/.ssh/ssh_config but that
> didn't work either?

Huh? the ssh-command, ssh-path and ssh-open-timeout were the options I
was talking about. These are for Pine's interaction with ssh.

0 new messages