My email is finally secure!

I rule, yet again! I was trying to set up SSH tunnelling with my email, since I go over a wireless connection, and I finally got it to work. I tried several sources, but finally came up with my own way of doing it. I set it up so that people can’t read my username and password when I connect to my server to check email. If my ISP used SSL, then I wouldn’t even have to do that. I could just check off a box in my Mail.app (Apple’s email program) and it would take care of itself. Furthermore, some people might say I should use IMAP. I don’t because I don’t want to keep all my mail on the server and since I have a laptop, portability isn’t an issue.

Just a note for all you Windows users, this is specifically for Mac, but you can make it work for Windows. The Stop Design site I talk about below has some suggestions for Windows. Most everything is the same except the program you use to set up the tunnel. The StopDesign site also tells you why you should do this.

First, I generated my SSH keypair following the instructions on the MacDevCenter page to create an SSH keypair, with one exception. The command is ssh-keygen -dt rsa. The d tells it to generate a SSH2 keypair rather than the standard SSH keypair. This is important for me because my ISP doesn’t support SSH2. I didn’t bother with the script because it didn’t work for me. I think I know why, but I’m not going to bother trying to get it to work. I put the public key on my mail server as directed, renaming it to authorized_keys2 and all that.

Next, I downloaded and set up a program called SSHKeychain for creating the SSH tunnel. I told it to create a new tunnel and set it up with the information needed. Now I can create a tunnell and don’t need a password.

Finally, I followed the instructions on the Stop Design site for setting up my email client.

Once I had the tunnel open and checked my mail, it worked great. As a side note, I found out that GMail has SSL email, so I didn’t have to set anything up for it. I just checked off the SSL box in the account settings in Mail.app and it worked fine. I wish my ISP used SSL. Things would be much easier.

Of course, I had to figure all this out on my own. None of the sites I just mentioned had the whole answer for me, and it took me some hours to get it all figured out. My problem is that once I start on something like this, I can’t stop until I figure it out. That’s why I don’t try this on Sunday afternoons any more. Only on Friday and Saturday now. Going to work on a couple of hours sleep is for the birds.

Oh yeah, one final thing to do is to set this up so I can open the tunnel and get my mail with one AppleScript. For that, I’m reading up on Applescript.