[X2Go-Dev] X2go browser plugin & session broker
Stefan Baur
newsgroups.mail2 at stefanbaur.de
Thu Oct 10 22:28:45 CEST 2013
Am 10.10.2013 22:17, schrieb Ted Barnes:
> Q: How do other people do this, where there is no secure connection
> until the private ssh key is provided? Email doesn't seem to be a
> great way to send someone a key (e.g., as a password protected
> file)....maybe try some sort of "user login" web page or drop box? My
> understanding of the documented way of giving someone a key assumes
> you are on the same LAN....is that wrong?
Uh, no. You shouldn't create the private key for them. It's called a
"private key" for a reason. It's theirs, and theirs alone.
Have your users create their private keys on their own machines. Then
have them send you their *public* keys via E-Mail, and verify the
fingerprint of the public key by transmitting it on a different channel
(SMS, phone call, snail-mail letter, fax, whatever).
-Stefan
More information about the x2go-dev
mailing list