  Secure POP via SSH mini-HOWTO
  Manish Singh, <yosh@gimp.org>
  v1.0, 30 September 1998
   ,<takavoid@palette.plala.or.jp>
  14 September 1999

  ̕ł ssh pS POP ڑ̐ݒ@ɂĐĂ
  B
  ______________________________________________________________________

  ڎ

  1. 
  2. {IȎg
     2.1 |[g]̐ݒ
     2.2 Oւ̃eXg

  3. [[łĂ݂܂傤
     3.1 fetchmail ̐ݒ
     3.2 ̕@
     3.3 fetchmail gȂꍇ

  4. t^
     4.1 Disclaimer
     4.2 쌠
     4.3 

  ______________________________________________________________________

  1.  

  ʏ POP [ZbV́A̐Sł͂܂BpX[
  h͒Nłǂ܂NAeLXgƂălbg[Nʉ߂܂BM
  płt@CAEH[ŎꂽȂ炱̂Ƃ͂܂
  ɂȂȂ܂Bw╁ʂ ISP ̂悤Ȍ̃lbg
  [NȂǂłAȒPȃlbg[N\tggpāAȂ̃p
  X[h邱ƂłĂ܂܂BA̐lIɃ[
  `FbN悤ɐݒ肵Ă邽߂ɁAȂpɂɃpX[h
  āÂ͂ɗeՂɂȂĂ܂B

  A^bJ[͂̃pX[hĂ΁A@A邢͎Iȏ
  ܂Ă邩ȂȂ E-mail AJEgɃANZX邱
  ł܂BẴpX[h̓VFAJEg̃pX[hƓ
  ɂȂĂ̂ŁAɔQ傫Ȃ\܂B

  POP ʐMsƂ͏ɈÍꂽ`lg悤ɂ΁Albg
  [Nz̃NAeLXgɂʐM͂ȂȂ܂Bssh ̎lȔF
  ؕ@v[eLXg̑ɗp邱Ƃł܂B̕@p
  ^̈Ӗ́A[ÍđM邱Ƃł͂Ȃ (̎_ňÍ
  ĂʂłB[{bNXɓ͂Oɒʂlbg[Nł͂
  炭ÍȂ܂ܒʂĂ܂Ă邩łBʐMëÍ GNU
  Privacy Guard  PGP ̎dłāAssh ̎dł͂܂)AS
  F؂邱Ƃɂ܂B

  ̑ɂ APOP, KPOP  IMAP ̂悤ɈSȔF؂𐬂@
  ܂A ssh p闘_͂ꂪʏ POP ̐ݒœƂ
  łBʂȃNCAggKv͂܂ (ׂẴ[N
  CAgAPOP, KPOP, IMAP ̂悤ȃvgRT|[gĂł
  ܂ ) BăT[ołT|[g͕svł (T[o sshd 
  Ă邱Ƃ) BȂ̃voC_͂ȏSȃvgR
  gƂłȂA͎gCȂ܂B̑ɂ
  ssh p邱ƂɂăgtBbNk邱Ƃł܂BᑬȐ
  ̃[UɂƂĂ͈Γ񒹂ƂłB

  ( : ̘bɊւ́ASSH-FAQ ̒ɂ܂B{
   http://www.vacia.is.tohoku.ac.jp/%7Es-yamane/FAQ/ssh/ ɂ܂
  )

  2.  {IȎg

  ̕@ ssh ̊{Iȋ@\łA|[g] (port forwarding) 
  gĂ܂B

  ̃e[}ɂẮAȂ̃[̐ݒ̍D݂ɈˑĂ܂܂ȃo
  G[V܂BƂɂ ssh KvłB̂Ƃ납
  ܂B http://www.ssh.fi/ Ƃ̃~[TCgB RPM ł
  ftp://ftp.replay.com/pub/crypto/ Bꂩ Debian ł ftp://non-
  us.debian.org/debian-non-US/  (Ăꂼ̃~[TCg
  )B( : ʓIɂĈÍ֌W̃\tgEFA͍̓̕
  肪Ȃ悤Ɏv܂B
  ftp://ftp.kyoto.wide.ad.jp/pub/security/ssh/ Ȃǂł邱Ƃ
  v܂)

  2.1.  |[g]̐ݒ

  |[g]n߂ɂ͎̃R}h ( : NCAg) ͂
  ĂB

       ssh -C -f popserver -L 11110:popserver:110 sleep 5

  ɂƂĂƃR}h𒭂߂Ă܂傤B

     ssh
        ׂĂȂĂ閂@̃vO ssh ̃oCi{̂łB

     -C ̓f[^̈k@\Lɂ܂Bgǂ͂C
        ܂AƂ킯_CAbṽ[U͏d󂷂ł傤B

     -f x ssh F؂A|[g]mƁÃvO𓮂
        悤ɃobNOEhɃtH[N܂B ssh ̃|[
        g]̋@\g܂̂ŁA tty ւ̃A^b`͕Kv܂B

     popserver
        ꂩڑ POP T[ow肵܂B

     -L 11110:popserver:110
        [J|[g 11110 [gT[o popserver ̃|[g 110
        ɓ]܂Bʃ[Uł]ł悤ɑ傫[J|[g
        (11110) gpĂ܂B( : ʓI POP T[õ|[g
         110 Ԃł)

     sleep 5
        ssh ͎gobNOEhɃtH[NɃR}hs
        ܂B sleep ̓[NCAgT[oƂ̐ڑm
        ɏ\ȎԂ҂߂̂̂łBɂ 5 bΏ\
        傤B

  ɂKvƂ΁AK؂ȃIvVtĂBႦ POP
  T[oƃ[JŃ[UقȂꍇɂ́A[U̐ݒ肪KvłB

  ׂ̈ɂ̓[gT[o popserver  sshd ĂKv
  BAɂȂ̃VFAJEg͕Kv܂B ``You
  cannot telnet here'' ƕ\鎞ԂŁARlNVݒ肷ɂ
  \łB

  2.2.  Oւ̃eXg

  |[g]邽߂̃R}h̏ڍׂɂėȂAȉ̃R}h
  Ă݂ĂB

       $ ssh -C -f msingh@popserver -L 11110:popserver:110 sleep 1000

  popserver  POP T[o̖OłB ̃[J}Vł̃[U
  manish Ȃ̂ŁA͖I msingh Ǝw肷Kv܂B([J
  }Ṽ[U[[g}Ṽ[UƓȂ msingh@ 
  ͕Kv܂)

  Ƃ\܂:

       msingh@popserver's password:

  Ď POP pX[h͂܂ (Ȃ̃VF̃pX[h
  POP ̃pX[h͈Ⴄ܂񂪁ȀꍇVF̃pX[h
  gĂ)Bł܂ˁBł͂ł͂łB

  $ telnet localhost 11110

  Ȋɕ\΂ł傤:

       QUALCOMM POP v3.33 ready.

  ܂Bf[^͈Íălbg[Nđ܂BN
  AeLXgł̒ʐM͎̃[J}V POP T[õ[vobN
  C^tF[XゾłB

  3.  [[łĂ݂܂傤

  ̃ZNVł ssh tH[hRlNVgp邽߂ POP N
  CAg\tgEFAݒ肷@܂B܂̒mĂ POP
  舵ł_ȃ\tgEFAł fetchmail (ESR ɂDꂽ[
  ̎擾Ɠ]̃[eBeB) Ă܂B fetchmail 
  http://www.tuxedo.org/~esr/fetchmail/ ł݂邱Ƃł܂B
  fetchmail ɕtĂDꂽǂނƂɂ fetchmail ͑f
  Ăł傤B

  3.1.  fetchmail ̐ݒ

   .fetchmailrc ȉ̂悤ɐݒ肵Ă܂B

       ______________________________________________________________________
       defaults
               user msingh is manish
               no rewrite

       poll localhost with protocol pop3 and port 11110:
               preconnect "ssh -C -f msingh@popserver -L 11110:popserver:110 sleep 5"
               password foobar;
       ______________________________________________________________________

  ƂĂPł傤? fetchmail ɂ͑̃R}h܂Adv
   preconnect ̍sƁApoll ̃IvVłB

   POP T[oɒړIɂ͐ڑ܂B localhost 
  11110 Ԃ̃|[gɐڑĂ܂Bpreconnect ̕ fetchmail s
  邽т 5 bԃRlNV𒣂ĂƂƂ\킵Ă
  Bfetchmail ͂̎ԂgĎ̃RlNV𒣂܂Bc
  fetchmail g̏łB

  fetchmail N邽тɁAssh ̃pX[hv܂Bfetchmail
  obNOEhœ (͂Ă܂) ɂ͂͏Xs
  ǂ܂B̏ꍇ͎̃ZNVɐi݂܂傤B

  3.2.  ̕@

  ssh ł͂܂܂ȕ@ŔF؂s܂B̂̈ RSA J
  łB ssh-keygen p邱ƂɂĂȂ̃AJEgp̌
  Ƃł܂Bɂ̓pXt[Yݒ肷邱Ƃł܂A
  ܂܂ɂ邱Ƃł܂BȂ[JŗpAJEgǂ̂
  SƎvɂāApXt[YKvǂ܂܂B

  Ȃ̃}VSƎvȂApXt[Ył\Ȃ
  傤B̏ꍇ .fetchmailrc ͒PȂ fetchmail ̋NɎg
  ܂Bfetchmail f[ƂēĂ΁A_CAAbvƂ
  ɎIɃ[͎荞܂܂Bł܂łB( :
  fetchmail -d Ńf[Ƃē܂Bڂ fetchmail(1)  man
  y[WQƂĉB

  ApXt[YKvƎvꍇɂ́AԂ͂Ԃ񕡎G
  Ȃ܂Bssh  agent ̊ǗŎs邱Ƃł܂Bagent ͌
  o^Assh ̂RlNVF؂܂BŁA
  getmail.sh ƂXNvgpӂ܂B

       ______________________________________________________________________
       #!/bin/sh
       ssh-add
       while true; do fetchmail --syslog --invisible; sleep 5m; done
       ______________________________________________________________________

  _CAAbvƂɁÂ悤ɑł܂B

       $ ssh-agent getmail.sh

  pXt[Yxv܂Ǎ 5 Ƀ[mFĂ
  ܂B_CAAbvڑؒfƂ́Assh-agent I
  B(̏ꍇ͎ ip-up  ip-down XNvg̒ŎIɂ
  ܂)

  3.3.  fetchmail gȂꍇ

   fetchmail gȂAgȂ肵ǂȂ
  傤B Pine, Netscape ₻̑ɂ POP @\NCAg
  ܂A܂ fetchmail gl܂傤! ̕yɏ_
  łA[NCAgɂ͂̎̂Ƃ点ׂł͂
  ܂B Pine  Netscape ̗Ƃ[J̃[VXeg
  ɐݒł܂B
  AȂ̃NCAg fetchmail ̂悤 preconnect ̋@\
  Ȃꍇɂ ssh ̃|[g]Ȃڑ܂ł̊ԂƃAN
  eBuɂĂȂƂ܂B܂肻̓RlNVێĂ
  ߂ sleep 100000000 ̂悤ȐݒgƂӖ܂B͂
  炭Ȃ̃lbg[N̊Ǘ҂ɂ͊}Ȃł傤B

  ɁANCAg̒ɂ (Netscape ̂悤) |[gԍ 110 Ԃɋ
  Iɐݒ肵Ă̂܂B̏ꍇ root ɂȂČŒȃ|[g
  |[g]Kv܂BY܂ƂłBł܂B

  4.  t^

  4.1.  Disclaimer

  There is no guarantee that this document lives up to its intended
  purpose. This is simply provided as a free resource. As such, the
  author of the information provided within cannot make any guarentee
  that the information is even accurate. Use at your own risk.

  ̕Ӑ}ړIɉĂƂۏ؂͂܂B
  ƂāA҂͂Œ񋟂ɂĂȂۏ؂A񂪐
  ۏ؂Ał܂BȂg̐ӔCŎgpĂB

  Cryptographic software such as ssh may be subject to certain
  restrictions, depending on where you live. In some countries, you must
  have a license to use such software. If you are unsure of your local
  laws, please consult someone who is familiar with your situation for
  more information.

  ssh ̂悤ȈÍ\tgEFA͂Ȃ̋ZĂꏊɂĂ͓
  ̐󂯂邩܂B̍ł͂̂悤ȃ\tgEFA
  g߂ɂ͋KvłBł͔fȂꍇɂ͒NȂ
  󋵂悭mĂڂlɑkĂB

  The use of the information provided in this document is most likely
  not anticipated by your mail service provider. The author does not
  encourage the abuse and misuse of network services, and provides this
  document for informational purposes only. If you are in doubt about
  whether the use of these techniques falls within the service agreement
  of your mail provider, please clear that up beforehand.

  ̕ɂĒ񋟂ꂽ̎gȂ̃[T[rXvoC
  _[ɗ\z\͏Ȃł傤B҂̓lbg[NT[rẌ
  Ap̂߂܂񂵁AړIł̕񋟂
  łBȂ^܂܂̋Zpgꍇɂ̓[v
  oC_[Ƃ̍ӂ̏ł낤ƁA炩ߖ炩ɂĂĂ
  B

  4.2.  쌠

  This document is copyright (C) 1998 Manish Singh <yosh@gimp.org>

  ͈̕ȉɒ쌠܂B(C) 1998 Manish Singh
  <yosh@gimp.org>

  Permission is granted to make and distribute verbatim copies of this
  manual provided the copyright notice and this permission notice are
  preserved on all copies.

  쌠\Ƃ̋mt邱ƂɂāA̕̕ʂ̃Rs
  [Azz܂B

  Permission is granted to copy and distribute modified versions of this
  document under the conditions for verbatim copying, provided that this
  copyright notice is included exactly as in the original, and that the
  entire resulting derived work is distributed under the terms of a
  permission notice identical to this one.

  ̒쌠\SɌ̂܂܊܂݁Alȋm̉Ŕzz
  ̏̕Cł̔zz𕶎ʂ̃Rs[Ɠl̏ŋ܂B

  Permission is granted to copy and distribute translations of this
  document into another language, under the above conditions for
  modified versions.

  ̕𑼂̌ɖ|󂵁Azz邱ƂL̏CłƓl̏ŋ
  ܂B

  Commercial redistribution is allowed and encouraged; however, the
  author would like to be notified of any such distributions.

  p̍Ĕzz͏サ܂Â悤Ȕzzꍇɂ͍҂ɘA
  炦ƊłB

  All trademarks used in this document are acknowledged as being owned
  by their respective owners.

  ׂ̒̂̕Ă̏ẂAꂼ̏L҂ɑ܂B

  4.3.  

  ssh ̃|[g]̕@ɂĎɋĂꂽ Seth David Schoen
  <schoen@uclink4.berkeley.edu>Ɋӂ܂B

  ( : {̂ɂĂ͈ȉ̕XɑςbɂȂ܂
  B

  o  삳

  o  y

  o  Kc

  o  {

  o  Hiro Sugawara 

  o  吼

  o  ԍ

  o  삳

  o  ΂

  o  䂳

  o  삳

  ǂ肪Ƃ܂B)

