launchd agent for securing mail through ssh tunnel
launchd agent for securing mail through ssh tunnel
- Subject: launchd agent for securing mail through ssh tunnel
- From: Nicola Vitacolonna <email@hidden>
- Date: Fri, 13 Apr 2007 12:13:44 +0200
Hi,
I use to read email through an ssh tunnel and I want to turn the task
into an on-demand launchd user agent. So far, I have come out with
the following, "nearly working", solution:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://
www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>my.smtp.server</string>
<key>OnDemand</key>
<true/>
<key>Program</key>
<string>/usr/bin/ssh</string>
<key>ProgramArguments</key>
<array>
<string>ssh</string>
<string>-i</string>
<string>/Users/myself/.ssh/my-ssh-key</string>
<string>-l</string>
<string>myself</string>
<string>-N</string>
<string>-q</string>
<string>-T</string>
<string>-o</string>
<string>Protocol=2</string>
<string>-o</string>
<string>ConnectionAttempts=3</string>
<string>-o</string>
<string>ServerAliveCountMax=3</string>
<string>-o</string>
<string>ServerAliveInterval=5</string>
<string>-o</string>
<string>ExitOnForwardFailure=yes</string>
<string>-L</string>
<string>1200:localhost:25</string>
<string>my.smtp.server</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>ServiceDescription</key>
<string>SSH tunnel from localhost:1200 to my.smtp.server:25</string>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SockServiceName</key>
<string>1200</string>
<key>SockType</key>
<string>stream</string>
</dict>
</dict>
</dict>
</plist>
I have a couple of problems, though:
1) The first email sent during a session correctly triggers the ssh
tunnel on, but the mail client (I have tried with Apple Mail and
Thunderbird) hangs on "Connecting to localhost...". If I stop sending
the email and try again (now the tunnel is already active) the mail
is sent. Subsequent messages are also sent without any problem.
2) When I pull out the network cable (e.g., because I change
location), ssh quits after a while (see options ServerAliveInterval
and ServerAliveCountMax); it is respawned by launchd, however, no
matter how long it has been running. Since there is no network
available, ssh exits again, and so repearedly until the job is
eventually removed. So, I have to unload/load the plist when I
connect the cable again.
I had thought that the last behaviour might depend on ssh exiting
with code 255, so I have tried to wrap the ssh command into a script
like this:
#!/usr/bash
ssh -i etc etc...
sleep 65
exit 0
and I have changed the plist to run this script, but the same
problems exist. Any ideas?
Nicola
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden