Hi All:
Currently the people I support who use x2go connect over ssh and are "outside the firewall". This means needing some secure way to get remote users the ssh private key.
Q: How do other people do this, where there is no secure connection until the private ssh key is provided? Email doesn't seem to be a great way to send someone a key (e.g., as a password protected file)....maybe try some sort of "user login" web page or drop box? My understanding of the documented way of giving someone a key assumes you are on the same LAN....is that wrong?
Q: Does x2go session broker still require ssh even if the initial connection is made over HTTPS? Would x2go session broker be a way to avoid using SSH keys but still provide an encrypted connection?
Q: Does the x2go plugin work on Windows and OS X at this point? Would the x2go plugin be a means to connect over HTTPS securely with a user name and password and avoid SSH keys?
Any suggestions, please!
Am 10.10.2013 22:17, schrieb Ted Barnes:
Q: How do other people do this, where there is no secure connection until the private ssh key is provided? Email doesn't seem to be a great way to send someone a key (e.g., as a password protected file)....maybe try some sort of "user login" web page or drop box? My understanding of the documented way of giving someone a key assumes you are on the same LAN....is that wrong?
Uh, no. You shouldn't create the private key for them. It's called a "private key" for a reason. It's theirs, and theirs alone. Have your users create their private keys on their own machines. Then have them send you their *public* keys via E-Mail, and verify the fingerprint of the public key by transmitting it on a different channel (SMS, phone call, snail-mail letter, fax, whatever).
-Stefan
-
Stefan Baur -
Ted Barnes