<<< Date Index >>>     <<< Thread Index >>>

Re: mutt and plaintext passwords : muttrc encryption ?



On Mon, Jul 28, 2008 at 05:12:50PM +0100, Michele Martone wrote:
> Hello.
> I was wondering about some way to protect the passwords potentially 
> stored in the mutt rc files (i have multiple acccounts, and I feel
> unconfortable remembering and typing all of them each time using
> mutt) on my Linux laptop.

Hi,

Provided you have shell access on your imap host, ssh can help you 
eleminate all passwords from you muttrc:

1) generate a ssh key with a passphrase identical to you login password,

2) when entering your gnome or kde session your key should be decrypted, 
(if using xdm then you need libpam-ssh) and ssh-agent active,

3) configure password-less ssh access to your imap and smtp host,

4) add (and adapt) these lines to your .muttrc

        account-hook ^imaps?://your.imap.host/ 'set tunnel="/usr/bin/ssh 
your.imap.host /usr/bin/imapd 2>/dev/null"'

        set sendmail="/usr/bin/ssh your.smtp.host /usr/sbin/sendmail -oem -oi"

Look Ma, no passwords!

If you don't have shell access to your mail host, then I suggest you get 
a hosted account or (better) a linux virtual server, they are really 
cheap these days (starting at 6 euros at 
http://www.gandi.net/hebergement/). Then forward all other accounts to 
this central one.