Add smartcard support #177
Comments
|
This support already exists, but I haven't actually documented it. It works similarly to how it does in Secure Shell, except that the agent app ID is hardcoded, so there is no configuration; if the app is installed, and if there's a Yubikey (or similar) with SSH keys on it, it'll try to use it. Let me know whether you're able to get it to work. I'll go ahead and close this for now. |
|
I think might be missing a step somewhere. I was able to get both these
apps working with Secure Shell + my Yubikey 4C -
https://chrome.google.com/webstore/detail/smart-card-connector/khpfeaanjngmcnplbdlpegiifgpfgdco?hl=en
https://chrome.google.com/webstore/detail/secure-shell-openpgp-smar/gdbjpffhcollcplpbjehfhpfcpdoicob
- but,
https://chrome.google.com/webstore/detail/gnubbyd/beknehfpfkghjoafdifaflglpjkojoco
always gives me an error ("SSH forward helper not installed: Specified
native messaging host not found."). I'm not sure if there's something else
I need to install or if gnubbyd is just broken on my Chromebook. It seems
like if I could change the agent ID I could get it working with one of the
other apps though.
…On Sat, Feb 3, 2018 at 11:06 PM, rpwoodbu ***@***.***> wrote:
This support already exists, but I haven't actually documented it. It
works similarly to how it does in Secure Shell, except that the agent app
ID is hardcoded
<https://github.com/rpwoodbu/mosh-chrome/blob/master/mosh_app/mosh_window.js#L79>,
so there is no configuration; if the app is installed, and if there's a
Yubikey (or similar) with SSH keys on it, it'll try to use it.
Let me know whether you're able to get it to work. I'll go ahead and close
this for now.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#177 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAAEVv7v7BA9VX9RNf1LSHQlo2NOlzOSks5tRTq4gaJpZM4R4cE8>
.
|
|
Not sure what the "SSH forward helper" is. I haven't seen anything like that. You can experiment with other apps either by editing the code and rebuilding, or poking your way through the JS console and reassigning that app ID variable. Note, however, that those apps may have a whitelist of other apps that are permitted access, and Mosh for Chrome may not be on that list. (gnubbyd has such a thing, and I got us whitelisted.) |
|
Oh, actually, I might have an idea about the "SSH forward helper" thing. I know about "native messaging", which is a facility through which Chrome can communicate with a native binary on your local machine. This binary has to be installed and configured administratively (i.e., cannot be done by installing a Chrome app or extension alone). I suspect that gnubbyd may have a way to talk to your local ssh-agent if you configure that (just a guess). I still don't know why you'd be getting that error message, though. I don't immediately see an option in gnubbyd for such a facility. Maybe it doesn't like something about your Yubikey, or maybe you need to go through some sort of initial setup with it? |
|
in order to access the smartcard connector app, you need to be whitelisted by it first: further, the way Secure Shell does it is by building an ssh-agent on top of the connection: which in turn is not exactly trivial. look at the commits from Fabian here: we might be able to factor out our ssh-agent implementation so it could be pulled into other projects ... i don't think native messaging will help here. |
|
@vapier is there any specific process for getting mosh whitelisted on GSC? |
|
just send them a PR, and feel free to cc me on it so i can sync up with the Googler internally as needed |
|
Hello rpwoodbu, I attempted to use this feature to read a yubikey 5. However, I'm not sure whether I'm doing everything right or not. I installed the keys into the card using win4gpg, and successfully connect with gpg-connect-agent with a regular PuTTY session (after saving the pubkey to my authorized_keys file on remote side). However, both Chrome smart card connector as well as Mosh do not appear to read the yubikey. Is there anything I need to do to make this work? Does it only work on a chromebook or does it also work on Windows 10 running regular Chrome? I can access Navy webmail using a CAC, so I assume my Chrome is able to read other smart cards too. |
|
having similar difficulty with yubikey 5 |
|
I have a Yubikey 5c nano in PIV mode working well with the SSH app, Mosh doesn't seem to see it at all. |
The Chromebook SSH app supports smartcards (e.g. Yubikeys). Adding similar to support for mosh would be great both in terms of security and convenience.
The text was updated successfully, but these errors were encountered: