Hi Stefan:
Thanks so much for the ping back….my sense is while what you are suggesting is "the right way", it's not practical for our user base (i.e., to ask them to generate an ssh key, email etc.).
So that might bring me back to the other parts of the email - can we work with some sort of encrypted tunnel without using ssh?
- does the plugin approach work on Windows and OS X yet (I can't tell from the documentation - they may still only work on linux clients) such that would use SSL and some sort of user login page
- or would the x2go-broker approach allow something similar, where a user goes to a web page, logs in, and has an SSL tunnel to connect to the x2go server…
Thanks!
On Oct 11, 2013, at 6:00 AM, x2go-dev-request@lists.berlios.de wrote:
Send X2Go-Dev mailing list submissions to x2go-dev@lists.berlios.de
To subscribe or unsubscribe via the World Wide Web, visit https://lists.berlios.de/mailman/listinfo/x2go-dev or, via email, send a message with subject or body 'help' to x2go-dev-request@lists.berlios.de
You can reach the person managing the list at x2go-dev-owner@lists.berlios.de
When replying, please edit your Subject line so it is more specific than "Re: Contents of X2Go-Dev digest..."
Today's Topics:
- X2go browser plugin & session broker (Ted Barnes)
- Re: X2go browser plugin & session broker (Stefan Baur)
Message: 1 Date: Thu, 10 Oct 2013 20:17:47 +0000 From: Ted Barnes <madogdevelopment@gmail.com> To: x2go-user@lists.berlios.de, x2go-dev@lists.berlios.de Subject: [X2Go-Dev] X2go browser plugin & session broker Message-ID: <52570B6B.3040609@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi All:
Currently the people I support who use x2go connect over ssh and are "outside the firewall". This means needing some secure way to get remote users the ssh private key.
Q: How do other people do this, where there is no secure connection until the private ssh key is provided? Email doesn't seem to be a great way to send someone a key (e.g., as a password protected file)....maybe try some sort of "user login" web page or drop box? My understanding of the documented way of giving someone a key assumes you are on the same LAN....is that wrong?
Q: Does x2go session broker still require ssh even if the initial connection is made over HTTPS? Would x2go session broker be a way to avoid using SSH keys but still provide an encrypted connection?
Q: Does the x2go plugin work on Windows and OS X at this point? Would the x2go plugin be a means to connect over HTTPS securely with a user name and password and avoid SSH keys?
Any suggestions, please!
Message: 2 Date: Thu, 10 Oct 2013 22:28:45 +0200 From: Stefan Baur <newsgroups.mail2@stefanbaur.de> To: x2go-dev@lists.berlios.de Subject: Re: [X2Go-Dev] X2go browser plugin & session broker Message-ID: <52570DFD.9090608@stefanbaur.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Am 10.10.2013 22:17, schrieb Ted Barnes:
Q: How do other people do this, where there is no secure connection until the private ssh key is provided? Email doesn't seem to be a great way to send someone a key (e.g., as a password protected file)....maybe try some sort of "user login" web page or drop box? My understanding of the documented way of giving someone a key assumes you are on the same LAN....is that wrong?
Uh, no. You shouldn't create the private key for them. It's called a "private key" for a reason. It's theirs, and theirs alone. Have your users create their private keys on their own machines. Then have them send you their *public* keys via E-Mail, and verify the fingerprint of the public key by transmitting it on a different channel (SMS, phone call, snail-mail letter, fax, whatever).
-Stefan
X2Go-Dev mailing list X2Go-Dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
End of X2Go-Dev Digest, Vol 58, Issue 7