search

r3dlight / keysas

USB virus cleaning station
https://keysas.fr
GNU General Public License v3.0
45 stars 2 forks source link

Web interface issue with Admin #71

Closed Adrien-Rivas closed 3 days ago

Adrien-Rivas commented 1 month ago

Hi,

I tried to install keysas on a virtual machine. For signing USB keys, I saw that I need to install the admin part on another machine but it don't work and I'm in doubt of what I made wrong.

First I use a fresh install of debian 12.

When I want to install the admin part I do :

sudo echo "deb http://deb.debian.org/debian bookworm-backports main contrib non-free" > /etc/apt/sources.list.d/backports.list apt update apt upgrade

apt -qy install -y libyara-dev libyara9 wget cmake make lsb-release software-properties-common libseccomp-dev clamav-daemon clamav-freshclam pkg-config git bash libudev-dev libwebkit2gtk-4.0-dev build-essential curl wget libssl-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev acl xinit sudo rsync apparmor ssh

bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)" curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain nightly -y source "$HOME/.cargo/env" git clone --depth=1 https://github.com/r3dlight/keysas && cd keysas rustup default nightly make help make build

cd keysas-admin npm install vite@latest cargo install cli cargo install tauri-cli (cause I got the message "no such command tauri, do you mean miri ?).

Then I done cargo tauri build.

After building, i copied the /dist folder files to the nginx /var/www/html folder, and tried to setup SSH, but after generating the certificates using the command "ssh-keygen -m PEM -t ed25519 -f mykey", I put the path for the public key and the private key and when i click the ok button nothin happen.

I downloaded the admin .deb file from GitHub and made an apt install ./admin.deb, restart the virtual machine but still have the same problem.

Thanks in advance for your Help

Regards

Adrien

r3dlight commented 1 month ago

Hi,

Not sure if I clearly got your issue, still : Once your SSH keys are generated on your dedicated admin station and imported into keysas-admin, you need to export the public key to your remote Keysas station. This is basically done by adding a new Keysas station (IP & Name) and by clicking on the "Export PubKey". Please make sure that the directory /home/keysas/.ssh is already created on the Keysas station before clicking "Export". Cheers.

Adrien-Rivas commented 1 month ago

Hi and thank you for your answer.

My issue is that when I go to SSH Configuration, I fill the absolute path to the mykey.pub file and mykey file and when I click to the "Go" button nothing happen (I am not yet trying to generate the PKI or connect to a remote station).

I tried Firefox ESR and Chromium.

I just tried the following steps :

And when I push "go" button nothing happen, as is missing something.

Regards

r3dlight commented 1 month ago

By entering your SSH keys paths and pressing Go, you're basically doing nothing but only "recording" these paths into the keysas-admin app. There is nothing to be expected at this point. To configure and create the PKI, this is another procedure. Take a look here : https://keysas.fr/keysas-admin.html The keypair is only required to be created on your keysas-admin machine, not on your keysas stations. Does it help ?

Adrien-Rivas commented 1 month ago

Sorry it seems don't working.

I am in doubt that the installation worked well, so I redo a fresh install following these steps, and at the end I got errors

sudo echo "deb http://deb.debian.org/debian bookworm-backports main contrib non-free" > /etc/apt/sources.list.d/backports.list sudo apt -qy install -y libyara-dev libyara9 wget cmake make \ lsb-release software-properties-common \ libseccomp-dev clamav-daemon clamav-freshclam \ pkg-config git acl rsync bash libudev-dev \ libwebkit2gtk-4.0-dev build-essential curl \ wget libssl-dev apparmor ssh libgtk-3-dev \ libayatana-appindicator3-dev librsvg2-dev

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)" reboot sudo bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)" curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain nightly -y rustup default nightly wget https://github.com/r3dlight/keysas/releases/download/v2.4/keysas-v2.4-x86_64-debian.zip unzip keysas-v2.4-x86_64-debian.zip export PATH=$PATH:/usr/sbin

sudo nano /etc/clamav/clamd.conf sudo systemctl start clamav-daemon clamav-freshclam sudo systemctl restart clamav-daemon clamav-freshclam sudo systemctl status clamav-daemon clamav-freshclam sudo systemctl enable clamav-daemon clamav-freshclam

sudo make install-core sudo make install-yararules systemctl status keysas keysas-in keysas-transit keysas-out systemctl status keysas keysas-in keysas-transit keysas-out keysas-io keysas-backend sudo apt install npm cd keysas cd keysas-admin/

npm i vite@latest

npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: keysas-admin@2.3.0 npm WARN Found: vite@4.5.3 npm WARN node_modules/vite npm WARN peer vite@"^4.0.0" from @vitejs/plugin-vue@4.3.4 npm WARN node_modules/@vitejs/plugin-vue npm WARN dev @vitejs/plugin-vue@"^4.0.0" from the root project npm WARN 1 more (the root project) npm WARN npm WARN Could not resolve dependency: npm WARN peer vite@"^4.0.0" from @vitejs/plugin-vue@4.3.4 npm WARN node_modules/@vitejs/plugin-vue npm WARN dev @vitejs/plugin-vue@"^4.0.0" from the root project

added 3 packages, changed 8 packages, and audited 174 packages in 4s

38 packages are looking for funding run npm fund for details

found 0 vulnerabilities user1@keyadmin:~/keysas/keysas-admin$ npm audit fix

npm ERR! code ERESOLVE npm ERR! ERESOLVE could not resolve npm ERR! npm ERR! While resolving: @vitejs/plugin-vue@4.3.4 npm ERR! Found: vite@5.4.5 npm ERR! node_modules/vite npm ERR! dev vite@"^5.4.5" from the root project npm ERR! npm ERR! Could not resolve dependency: npm ERR! peer vite@"^4.0.0" from @vitejs/plugin-vue@4.3.4 npm ERR! node_modules/@vitejs/plugin-vue npm ERR! dev @vitejs/plugin-vue@"^4.0.0" from the root project npm ERR! npm ERR! Conflicting peer dependency: vite@4.5.3 npm ERR! node_modules/vite npm ERR! peer vite@"^4.0.0" from @vitejs/plugin-vue@4.3.4 npm ERR! node_modules/@vitejs/plugin-vue npm ERR! dev @vitejs/plugin-vue@"^4.0.0" from the root project npm ERR! npm ERR! Fix the upstream dependency conflict, or retry npm ERR! this command with --force or --legacy-peer-deps npm ERR! to accept an incorrect (and potentially broken) dependency resolution. npm ERR! npm ERR! npm ERR! For a full report see: npm ERR! /home/user1/.npm/_logs/2024-09-16T12_50_32_411Z-eresolve-report.txt

npm ERR! A complete log of this run can be found in: npm ERR! /home/user1/.npm/_logs/2024-09-16T12_50_32_411Z-debug-0.log user1@keyadmin:~/keysas/keysas-admin$ npm audit found 0 vulnerabilities

user1@keyadmin:~/keysas/keysas-admin$ npm i vite@latest

npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: keysas-admin@2.3.0 npm WARN Found: vite@5.4.5 npm WARN node_modules/vite npm WARN dev vite@"5.4.5" from the root project npm WARN npm WARN Could not resolve dependency: npm WARN peer vite@"^4.0.0" from @vitejs/plugin-vue@4.3.4 npm WARN node_modules/@vitejs/plugin-vue npm WARN dev @vitejs/plugin-vue@"^4.0.0" from the root project

up to date, audited 174 packages in 962ms

38 packages are looking for funding run npm fund for details

found 0 vulnerabilities

So I am not sure continue doing the "cargo install" will provide me a functional installation

Regards

r3dlight commented 1 month ago

Try cloning the dev branch like that : git clone --branch=dev https://github.com/r3dlight/keysas.git Then, retry building the frontend using npm. Note that the resulting frontend is for your Keysas stations only.

Adrien-Rivas commented 1 month ago

Ok, I copied the git clone command and got git clone --branch=dev https://github.com/r3dlight/keysas.git

I suppose this is the Develop branch that I should clone. I've got same errors

user1@keyadmin:~/keysas/keysas-admin$ npm i vite@latest npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: keysas-admin@2.5.0 npm WARN Found: vite@4.5.3 npm WARN node_modules/vite npm WARN peer vite@"^4.0.0" from @vitejs/plugin-vue@4.3.4 npm WARN node_modules/@vitejs/plugin-vue npm WARN dev @vitejs/plugin-vue@"^4.0.0" from the root project npm WARN 1 more (the root project) npm WARN npm WARN Could not resolve dependency: npm WARN peer vite@"^4.0.0" from @vitejs/plugin-vue@4.3.4 npm WARN node_modules/@vitejs/plugin-vue npm WARN dev @vitejs/plugin-vue@"^4.0.0" from the root project

added 173 packages, and audited 174 packages in 11s

38 packages are looking for funding run npm fund for details

found 0 vulnerabilities

But why npm i is building frontend whereas I am in the keysas/keysas-admin folder ?

Cheers

r3dlight commented 1 month ago

Hi,

The keysas-admin app is actually made of a frontend part (Javascript) and a backend part (Rust).

Cheers.

Adrien-Rivas commented 1 month ago

Hi, and thank you for your answer.

I don't know what I am doing wrong but it still don't work.

We agree that the install process is :

First for meet requisites in root : sudo echo "deb http://deb.debian.org/debian bookworm-backports main contrib non-free" > /etc/apt/sources.list.d/backports.list

(with sudoer user or root, it is not really important ?)

export PATH=$PATH:/usr/sbin

sudo apt update sudo apt -qy install -y libyara-dev libyara9 wget cmake make \ lsb-release software-properties-common \ libseccomp-dev clamav-daemon clamav-freshclam \ pkg-config git acl rsync bash libudev-dev \ libwebkit2gtk-4.0-dev build-essential curl \ wget libssl-dev apparmor ssh libgtk-3-dev \ libayatana-appindicator3-dev librsvg2-dev

bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)"

curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain nightly -y

source "$HOME/.cargo/env"

Next we get the keysas.zip from here https://github.com/r3dlight/keysas/releases

unzip it

Get the keysas-admin.deb, sudo apt install it, then pass this command :

cd keysas-admin && npm i vite@latest && cargo install cargo-cli && cargo tauri build

cp the /dist content to a nginx folder

Then when i done all of these things, I do the "ssh-keygen -m PEM -t ed25519 -f mykey" in a directory (/root ? /etc/keysas ?) and when I put the full path (like /etc/keysas/ssh/mykey.pub for public and /etc/keysas/mykey).

Then I push the "Go" button and I should see the certificates under the "Registred SSH Keys" and then I can generate my PKI, but nothing happen when I push Go and I never see the "Registred SSH keys".

Could it provide of a nginx misconfiguration ? I don't saw that I need to allow js to work but maybe it could came from here.

Thank you for your help.

Regards

Adrien

Adrien-Rivas commented 4 weeks ago

Hi,

Do you have opinion on this issue ?

Regards

Adrien

r3dlight commented 2 weeks ago

Hi, Keysas-admin should see your generated SSH keypair unless your current user cannot. Please try to generate it in your home, not in /etc/keysas/, btw you should not have such a directory in your keysas-admin machine.