[X2Go-Dev] X2Go-Dev Digest, Vol 58, Issue 7

Madog madogdevelopment at gmail.com
Fri Oct 11 15:33:43 CEST 2013 

Hi Stefan:

Thanks so much for the ping back….my sense is while what you are suggesting is "the right way", it's not practical for our user base (i.e., to ask them to generate an ssh key, email etc.).  

So that might bring me back to the other parts of the email - can we work with some sort of encrypted tunnel without using ssh?

- does the plugin approach work on Windows and OS X yet (I can't tell from the documentation - they may still only work on linux clients) such that would use SSL and some sort of user login page
- or would the x2go-broker approach allow something similar, where a user goes to a web page, logs in, and has an SSL tunnel to connect to the x2go server…

Thanks!


On Oct 11, 2013, at 6:00 AM, x2go-dev-request at lists.berlios.de wrote:

> Send X2Go-Dev mailing list submissions to
> 	x2go-dev at lists.berlios.de
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.berlios.de/mailman/listinfo/x2go-dev
> or, via email, send a message with subject or body 'help' to
> 	x2go-dev-request at lists.berlios.de
> 
> You can reach the person managing the list at
> 	x2go-dev-owner at lists.berlios.de
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of X2Go-Dev digest..."
> 
> 
> Today's Topics:
> 
>   1. X2go browser plugin & session broker (Ted Barnes)
>   2. Re: X2go browser plugin & session broker (Stefan Baur)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Thu, 10 Oct 2013 20:17:47 +0000
> From: Ted Barnes <madogdevelopment at gmail.com>
> To: x2go-user at lists.berlios.de, x2go-dev at lists.berlios.de
> Subject: [X2Go-Dev] X2go browser plugin & session broker
> Message-ID: <52570B6B.3040609 at gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> Hi All:
> 
> Currently the people I support who use x2go connect over ssh and are 
> "outside the firewall".   This means needing some secure way to get 
> remote users the ssh private key.
> 
> Q:  How do other people do this, where there is no secure connection 
> until the private ssh key is provided?  Email doesn't seem to be a great 
> way to send someone a key (e.g., as a password protected file)....maybe 
> try some sort of "user login" web page or drop box?  My understanding of 
> the documented way of giving someone a key assumes you are on the same 
> LAN....is that wrong?
> 
> Q:  Does x2go session broker still require ssh even if the initial 
> connection is made over HTTPS?  Would x2go session broker be a way to 
> avoid using SSH keys but still provide an encrypted connection?
> 
> Q:  Does the x2go plugin work on Windows and OS X at this point?  Would 
> the x2go plugin be a means to connect over HTTPS securely with a user 
> name and password and avoid SSH keys?
> 
> Any suggestions, please!
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Thu, 10 Oct 2013 22:28:45 +0200
> From: Stefan Baur <newsgroups.mail2 at stefanbaur.de>
> To: x2go-dev at lists.berlios.de
> Subject: Re: [X2Go-Dev] X2go browser plugin & session broker
> Message-ID: <52570DFD.9090608 at stefanbaur.de>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> Am 10.10.2013 22:17, schrieb Ted Barnes:
>> Q: How do other people do this, where there is no secure connection 
>> until the private ssh key is provided?  Email doesn't seem to be a 
>> great way to send someone a key (e.g., as a password protected 
>> file)....maybe try some sort of "user login" web page or drop box?  My 
>> understanding of the documented way of giving someone a key assumes 
>> you are on the same LAN....is that wrong?
> 
> Uh, no. You shouldn't create the private key for them. It's called a 
> "private key" for a reason. It's theirs, and theirs alone.
> Have your users create their private keys on their own machines. Then 
> have them send you their *public* keys via E-Mail, and verify the 
> fingerprint of the public key by transmitting it on a different channel 
> (SMS, phone call, snail-mail letter, fax, whatever).
> 
> 
> -Stefan
> 
> 
> ------------------------------
> 
> _______________________________________________
> X2Go-Dev mailing list
> X2Go-Dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/x2go-dev
> 
> End of X2Go-Dev Digest, Vol 58, Issue 7
> ***************************************

More information about the x2go-dev mailing list