X2Go - everywhere@home

User Tools

Site Tools

Trace:
wiki:advanced:authentication:passwordless-gpg-card

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
wiki:advanced:authentication:passwordless-gpg-card [2010/01/12 21:52]
h1 created 		wiki:advanced:authentication:passwordless-gpg-card [2014/04/14 06:08] (current)
sunweaver [GPG card configuration]
Line 1: Line 1:
-x2goclient smart card HOWTO: +====== X2Go Client smartcard HowTo ======
-1. GPG card configuration:+
  
-''user@x2goclient$ gpg --card-edit''+===== The concept of GnuPG smartcard authentication =====
  
 +FixMe
 +
 +===== GPG card configuration =====
 +
 +
 +<code>
 +user@x2goclient$ gpg --card-edit
 +</code>
 +
 +<file>
 Application ID ...: D2760001240102000000000000420000 Application ID ...: D2760001240102000000000000420000
 Version ..........: 2.0 Version ..........: 2.0
Line 23: Line 32:
 Authentication key: [none] Authentication key: [none]
 General key info..: [none] General key info..: [none]
 +</file>
  
 +<code>
 Command> admin Command> admin
 +</code>
 +<file>
 Admin commands are allowed Admin commands are allowed
 +</file>
  
 +<code>
 Command> sex Command> sex
 +</code>
 +<file>
 Sex ((M)ale, (F)emale or space): M Sex ((M)ale, (F)emale or space): M
 gpg: 3 Admin PIN attempts remaining before card is permanently locked gpg: 3 Admin PIN attempts remaining before card is permanently locked
  
 Admin PIN Admin PIN
 +</file>
  
 +<code>
 Command> login Command> login
 +</code>
 +
 +<file>
 Login data (account name): beispielb Login data (account name): beispielb
 +</file>
  
 +<code>
 Command> generate Command> generate
 +</code>
 +
 +<file>
 Make off-card backup of encryption key? (Y/n) n Make off-card backup of encryption key? (Y/n) n
  
Line 91: Line 118:
 sub   1024R/C7151669 2009-09-24 sub   1024R/C7151669 2009-09-24
 sub   1024R/593801C0 2009-09-24 sub   1024R/593801C0 2009-09-24
 +</file>
  
 +<code>
 Command> quit Command> quit
 +</code>
  
 IMPORTANT: login Name is a name of user on remote system IMPORTANT: login Name is a name of user on remote system
  
-2. Configuring ssh connection 
-2.1. Starting gpg-agent with ssh support 
  
 Be sure, that pinentry-x2go is installed. For test purposes you can use Be sure, that pinentry-x2go is installed. For test purposes you can use
Line 104: Line 131:
 x2goclient pinentry-x2go is required x2goclient pinentry-x2go is required
  
-user@x2goclient$ gpg-agent --enable-ssh-support --daemon + 
---pinentry-program /usr/bin/pinentry-x2go+<code> 
 +user@x2goclient$ gpg-agent --enable-ssh-support --daemon --pinentry-program /usr/bin/pinentry-x2go 
 +</code> 
 + 
 +<file>
 GPG_AGENT_INFO=/tmp/gpg-Xh4lY7/S.gpg-agent:24620:1; export GPG_AGENT_INFO; GPG_AGENT_INFO=/tmp/gpg-Xh4lY7/S.gpg-agent:24620:1; export GPG_AGENT_INFO;
 SSH_AUTH_SOCK=/tmp/gpg-LO41WU/S.gpg-agent.ssh; export SSH_AUTH_SOCK; SSH_AUTH_SOCK=/tmp/gpg-LO41WU/S.gpg-agent.ssh; export SSH_AUTH_SOCK;
 SSH_AGENT_PID=24620; export SSH_AGENT_PID; SSH_AGENT_PID=24620; export SSH_AGENT_PID;
 +</file>
  
-2.2. Export SSH environment variables (copy gpg-agent output in console)+Export SSH environment variables (copy gpg-agent output in console) 
 + 
 +<code>
 user@x2goclient$ GPG_AGENT_INFO=/tmp/gpg-Xh4lY7/S.gpg-agent:24620:1; user@x2goclient$ GPG_AGENT_INFO=/tmp/gpg-Xh4lY7/S.gpg-agent:24620:1;
 export GPG_AGENT_INFO; export GPG_AGENT_INFO;
Line 116: Line 150:
 SSH_AUTH_SOCK; SSH_AUTH_SOCK;
 user@x2goclient$ SSH_AGENT_PID=24620; export SSH_AGENT_PID; user@x2goclient$ SSH_AGENT_PID=24620; export SSH_AGENT_PID;
 +</code>
  
-2.3. You can check the key on your smart card with command:+You can check the key on your smart card with command: 
 + 
 +<code>
 user@x2goclient$ ssh-add -l user@x2goclient$ ssh-add -l
-1024 ef:d5:8c:37:cb:38:01:8d:c2:30:00:ac:93:a2:43:98 cardno:000000000042 +</code>
-(RSA)+
  
-2.4. Copy public part of your key to remote computer+<file> 
 +1024 ef:d5:8c:37:cb:38:01:8d:c2:30:00:ac:93:a2:43:98 cardno:000000000042(RSA) 
 +</file> 
 + 
 +Copy public part of your key to remote computer 
 + 
 +<code>
 user@x2goclient$ ssh-copy-id beispielb@x2goserver user@x2goclient$ ssh-copy-id beispielb@x2goserver
 +</code>
 +
 +<file>
 beispielb@x2goserver's password: beispielb@x2goserver's password:
 +</file>
 +
 Now try logging into the machine, with "ssh 'beispielb@x2goserver'", and Now try logging into the machine, with "ssh 'beispielb@x2goserver'", and
 check in: check in:
  
 +<file>
  .ssh/authorized_keys  .ssh/authorized_keys
 +</file>
  
 to make sure we haven't added extra keys that you weren't expecting. to make sure we haven't added extra keys that you weren't expecting.
  
-2.5. Testing ssh connection+Testing ssh connection
  
 +<code>
 user@x2goclient$ ssh  beispielb@x2goserver user@x2goclient$ ssh  beispielb@x2goserver
 +</code>
 +
 +<file>
 Last login: Thu Sep 24 22:00:50 2009 from x2goclient Last login: Thu Sep 24 22:00:50 2009 from x2goclient
 +</file>
 +
 +<code>
 beispielb@x2goserver:~$ exit beispielb@x2goserver:~$ exit
 +</code>
  
 stop gpg-agent: stop gpg-agent:
 +
 +<code>
 user@x2goclient$ kill $SSH_AGENT_PID user@x2goclient$ kill $SSH_AGENT_PID
 +</code>
  
-3. Using smart card authentication with x2goclient+===== Start X2Go Client with GnuPG SmartCard Support =====
  
 +Using smart card authentication with x2goclient
 +
 +<code>
 user@x2goclient$ x2goclient --pgp-card user@x2goclient$ x2goclient --pgp-card
-or +</code> 
-user@x2goclient$ x2goclient_gtk --pgp-card+ 
wiki/advanced/authentication/passwordless-gpg-card.1263333154.txt.gz · Last modified: 2013/03/08 13:31 (external edit)

Page Tools

Imprint & Legal Disclaimer - Data Protection & Privacy Statement
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki