This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
wiki:advanced:authentication:passwordless-gpg-card [2010/01/12 21:52] h1 created |
wiki:advanced:authentication:passwordless-gpg-card [2010/01/17 20:30] h1 |
||
---|---|---|---|
Line 2: | Line 2: | ||
1. GPG card configuration: | 1. GPG card configuration: | ||
- | '' | + | < |
+ | user@x2goclient$ gpg --card-edit | ||
+ | </ | ||
+ | < | ||
Application ID ...: D2760001240102000000000000420000 | Application ID ...: D2760001240102000000000000420000 | ||
Version ..........: 2.0 | Version ..........: 2.0 | ||
Line 23: | Line 26: | ||
Authentication key: [none] | Authentication key: [none] | ||
General key info..: [none] | General key info..: [none] | ||
+ | </ | ||
+ | < | ||
Command> admin | Command> admin | ||
+ | </ | ||
+ | < | ||
Admin commands are allowed | Admin commands are allowed | ||
+ | </ | ||
+ | < | ||
Command> sex | Command> sex | ||
+ | </ | ||
+ | < | ||
Sex ((M)ale, (F)emale or space): M | Sex ((M)ale, (F)emale or space): M | ||
gpg: 3 Admin PIN attempts remaining before card is permanently locked | gpg: 3 Admin PIN attempts remaining before card is permanently locked | ||
Admin PIN | Admin PIN | ||
+ | </ | ||
+ | < | ||
Command> login | Command> login | ||
+ | </ | ||
+ | |||
+ | < | ||
Login data (account name): beispielb | Login data (account name): beispielb | ||
+ | </ | ||
+ | < | ||
Command> generate | Command> generate | ||
+ | </ | ||
+ | |||
+ | < | ||
Make off-card backup of encryption key? (Y/n) n | Make off-card backup of encryption key? (Y/n) n | ||
Line 91: | Line 112: | ||
sub | sub | ||
sub | sub | ||
+ | </ | ||
+ | < | ||
Command> quit | Command> quit | ||
+ | </ | ||
IMPORTANT: login Name is a name of user on remote system | IMPORTANT: login Name is a name of user on remote system | ||
- | 2. Configuring ssh connection | ||
- | 2.1. Starting gpg-agent with ssh support | ||
Be sure, that pinentry-x2go is installed. For test purposes you can use | Be sure, that pinentry-x2go is installed. For test purposes you can use | ||
Line 104: | Line 125: | ||
x2goclient pinentry-x2go is required | x2goclient pinentry-x2go is required | ||
- | user@x2goclient$ gpg-agent --enable-ssh-support --daemon | + | |
- | --pinentry-program / | + | < |
+ | user@x2goclient$ gpg-agent --enable-ssh-support --daemon --pinentry-program / | ||
+ | </ | ||
+ | |||
+ | < | ||
GPG_AGENT_INFO=/ | GPG_AGENT_INFO=/ | ||
SSH_AUTH_SOCK=/ | SSH_AUTH_SOCK=/ | ||
SSH_AGENT_PID=24620; | SSH_AGENT_PID=24620; | ||
+ | </ | ||
+ | |||
+ | Export SSH environment variables (copy gpg-agent output in console) | ||
- | 2.2. Export SSH environment variables (copy gpg-agent output in console) | + | < |
user@x2goclient$ GPG_AGENT_INFO=/ | user@x2goclient$ GPG_AGENT_INFO=/ | ||
export GPG_AGENT_INFO; | export GPG_AGENT_INFO; | ||
Line 116: | Line 144: | ||
SSH_AUTH_SOCK; | SSH_AUTH_SOCK; | ||
user@x2goclient$ SSH_AGENT_PID=24620; | user@x2goclient$ SSH_AGENT_PID=24620; | ||
+ | </ | ||
- | 2.3. You can check the key on your smart card with command: | + | You can check the key on your smart card with command: |
+ | |||
+ | < | ||
user@x2goclient$ ssh-add -l | user@x2goclient$ ssh-add -l | ||
- | 1024 ef: | + | </ |
- | (RSA) | + | |
- | 2.4. Copy public part of your key to remote computer | + | < |
+ | 1024 ef: | ||
+ | </ | ||
+ | |||
+ | Copy public part of your key to remote computer | ||
+ | |||
+ | < | ||
user@x2goclient$ ssh-copy-id beispielb@x2goserver | user@x2goclient$ ssh-copy-id beispielb@x2goserver | ||
+ | </ | ||
+ | |||
+ | < | ||
beispielb@x2goserver' | beispielb@x2goserver' | ||
+ | </ | ||
+ | |||
Now try logging into the machine, with "ssh ' | Now try logging into the machine, with "ssh ' | ||
check in: | check in: | ||
+ | < | ||
| | ||
+ | </ | ||
to make sure we haven' | to make sure we haven' | ||
- | 2.5. Testing ssh connection | + | Testing ssh connection |
+ | < | ||
user@x2goclient$ ssh beispielb@x2goserver | user@x2goclient$ ssh beispielb@x2goserver | ||
+ | </ | ||
+ | |||
+ | < | ||
Last login: Thu Sep 24 22:00:50 2009 from x2goclient | Last login: Thu Sep 24 22:00:50 2009 from x2goclient | ||
+ | </ | ||
+ | |||
+ | < | ||
beispielb@x2goserver: | beispielb@x2goserver: | ||
+ | </ | ||
stop gpg-agent: | stop gpg-agent: | ||
+ | |||
+ | < | ||
user@x2goclient$ kill $SSH_AGENT_PID | user@x2goclient$ kill $SSH_AGENT_PID | ||
+ | </ | ||
- | 3. Using smart card authentication with x2goclient | + | Using smart card authentication with x2goclient |
+ | < | ||
user@x2goclient$ x2goclient --pgp-card | user@x2goclient$ x2goclient --pgp-card | ||
+ | </ | ||
+ | |||
or | or | ||
+ | |||
+ | < | ||
user@x2goclient$ x2goclient_gtk --pgp-card | user@x2goclient$ x2goclient_gtk --pgp-card | ||
+ | </ | ||
+ |