[X2Go-Dev] X2Go-Dev Digest, Vol 58, Issue 7

Alexander Wuerstlein snalwuer at cip.informatik.uni-erlangen.de
Fri Oct 11 16:18:13 CEST 2013 

On 13-10-11 15:50, Madog <madogdevelopment at gmail.com> wrote:
> Hi Stefan:
> 
> Thanks so much for the ping back….my sense is while what you are
> suggesting is "the right way", it's not practical for our user base
> (i.e., to ask them to generate an ssh key, email etc.).  

What you are suggesting is dangerously negligent with regards to
security. Key exchanges by sending around private key material amounts
to no sensible encryption or security at all, only a weak simulation
thereof. Which might fool some of your users thereby endangering their
privacy, the integrity of their data and of your service.

You may be able to make the process more user-friendly by automating
things, e.g. create a nice GUI for key creation and a phone dialogue
system or automatically printed mail-in form to verify fingerprint and
userid, but the basic steps will remain:
- user creates keypair
- user sends public key and fingerprint along with his userid.
- you verify that public key and fingerprint match
- you verify the authenticity of fingerprint and userid
- only if the previous two steps were successful: you authorize the
  public key for this userid.
- the private key must never leave the user's computer

A similar process is used to assure the user of your servers
authenticity by means of the server's hostkey fingerprint.

> So that might bring me back to the other parts of the email - can we
> work with some sort of encrypted tunnel without using ssh?

Maybe you could modify the x2go components to tunnel via openssl or
gnutls, but that does not really solve your problem. You need a secure
way to authenticate the user and for that you either need a verified
public key from the user (be it X.509 or ssh) or the user needs to set
some kind of password in a secure way. There are ways to do this, but
one needs to be careful to ensure mutual authentication, which is
exactly the same kind of problem as with the ssh keys.

Also, generally any kind of "build-your-own"-security is very dangerous.
History has shown that each of those homegrown solutions were lacking in
important aspects, at least in the first few iterations of CVEs...
Try to use ssh and do it the right way, you and your customers will be
happier in the long run.



Ciao,

Alexander Wuerstlein.

More information about the x2go-dev mailing list