Am 11.10.2013 15:33, schrieb Madog:
Thanks so much for the ping backā¦.my sense is while what you are suggesting is "the right way", it's not practical for our user base (i.e., to ask them to generate an ssh key, email etc.).
I will leave answering your other questions to the more qualified list members. What on earth are you doing, though, that your users are unable to create their own private key? You can use PuTTYgen or the cygwin suite on Windows, and possibly script the whole issue so your users only have to double-click on an installer icon. And for Linux and MacOS (since it is Unix-based as well), scripting is even easier, I'd say.
Remember, as soon as someone else (That includes you as the admin! Your users' private key files are none of your business!) has access to the private key file, it is not safer than a traditional password-based login. Security is even worse, actually, as a password change on the user's keyfile by himself doesn't propagate back to the additional copies. Whoever gets a hold of a key file and manages to guess/crack the password on it, has eternal access to the system where the matching public key file is installed, no matter how often the legitimate user changes his password afterwards.
So why go through the extra hassle of creating a keyfile when you break security again right afterwards? Use a traditional password-based login (X2Go supports it) and that's it.
-Stefan _______________________________________________ X2Go-Dev mailing list X2Go-Dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
