In this ninth part of a nineteen-part series covering advanced topics in SSH, you'll learn how to make Pine use SSH. We'll cover such topics as mail relaying, news access, and using a connection script. This article is excerpted from chapter 11 of the book SSH, The Secure Shell: The Definitive Guide, Second Edition, written by Daniel J. Barrett, Richard E. Silverman and Robert G. Byrnes (O'Reilly; ISBN-10: 0596008953).
11.3.1.2 Making Pine use SSH
Pine’s SSH feature is controlled by three configuration variables in the ~/.pinerc file: ssh-path, ssh-command, and ssh-open-timeout.ssh-pathstores the program name for opening a Unix remote shell connection. The default should point to a usable SSH program, but you may have to set it yourself:
ssh-path=/usr/bin/ssh
ssh-commandrepresents the Unix command line for opening the SSH connection. The value is aprintf-style format string with four “%s” conversion specifications that are automatically filled in at runtime. From first to last, these four specifications stand for:
The value ofssh-path
The remote hostname
The remote username
The connection method; in this case, “imap”
The default value ofssh-commandis:
"%s %s -l %s exec /etc/r%sd"
To access the mailbox on imap.example.com for user smith via SSH, Pine would then run the command:
/usr/bin/ssh imap.example.com -l smith exec /etc/rimapd
This follows a convention, somewhat antiquated nowadays, of having links named /etc/r<protocol>d that point to servers for various protocols that operate in this preauthenticated fashion. In modern systems such links are usually not available, so you may need to alter the ssh-command to run imapd. You can also use it to add other options, like so:
The –q (Quiet) option is advisable so that ssh doesn’t emit warning messages that may confuse Pine, which would try to interpret them as part of the IMAP protocol. The options -ax turns off agent and X Windows forwarding, which might be on by default but are not necessary for this connection.BatchModelets ssh know that it can’t prompt the user for a password on the terminal, since Pine is using it.
The third variable,ssh-open-timeout, sets the number of seconds Pine will wait for the SSH connection to succeed; its default value is 15. A value of 0 disables SSH entirely, which may be useful if the feature is on by default and you do not want to use it.
Generally, you want to use an SSH authentication method that doesn’t require typing a password or passphrase, such as hostbased or public-key with an agent. SSH is run behind the scenes by Pine and doesn’t have access to the terminal to prompt you. If you’re running the X Window System, ssh can instead pop up an X widget—
Remote Usernames in Pine
By the way, it’s not mentioned in the Pine manpage or configuration file comments, but if you need to specify a different username for connecting to a remote mailbox, the syntax is:
{hostname/user=jane}mailbox
This causes Pine to call thessh-commandwith “jane” as the remote username (i.e., the third %s substitution).
ssh-askpass—to get input, but you probably don’t want that either. Pine may make several separate IMAP connections in the course of reading your mail, even if it’s all on the same server, and this will cause repeated queries for your password.
With the given settings in your ~/.pinerc file and the right kind of SSH authentication in place, you’re ready to try Pine over SSH. Just start Pine and open your remote mailbox; if all goes well, it will open without prompting for a password.
