Open djwhitt opened 6 years ago
rpwoodbu
commented
6 years ago This support already exists, but I haven't actually documented it. It works similarly to how it does in Secure Shell, except that the agent app ID is hardcoded, so there is no configuration; if the app is installed, and if there's a Yubikey (or similar) with SSH keys on it, it'll try to use it.
Let me know whether you're able to get it to work. I'll go ahead and close this for now.
djwhitt
commented
6 years ago I think might be missing a step somewhere. I was able to get both these apps working with Secure Shell + my Yubikey 4C - https://chrome.google.com/webstore/detail/smart-card-connector/khpfeaanjngmcnplbdlpegiifgpfgdco?hl=en
https://chrome.google.com/webstore/detail/secure-shell-openpgp-smar/gdbjpffhcollcplpbjehfhpfcpdoicob
On Sat, Feb 3, 2018 at 11:06 PM, rpwoodbu notifications@github.com wrote:
This support already exists, but I haven't actually documented it. It works similarly to how it does in Secure Shell, except that the agent app ID is hardcoded https://github.com/rpwoodbu/mosh-chrome/blob/master/mosh_app/mosh_window.js#L79, so there is no configuration; if the app is installed, and if there's a Yubikey (or similar) with SSH keys on it, it'll try to use it.
Let me know whether you're able to get it to work. I'll go ahead and close this for now.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rpwoodbu/mosh-chrome/issues/177#issuecomment-362881409, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAEVv7v7BA9VX9RNf1LSHQlo2NOlzOSks5tRTq4gaJpZM4R4cE8 .
rpwoodbu
commented
6 years ago Not sure what the "SSH forward helper" is. I haven't seen anything like that.
You can experiment with other apps either by editing the code and rebuilding, or poking your way through the JS console and reassigning that app ID variable. Note, however, that those apps may have a whitelist of other apps that are permitted access, and Mosh for Chrome may not be on that list. (gnubbyd has such a thing, and I got us whitelisted.)
rpwoodbu
commented
6 years ago Oh, actually, I might have an idea about the "SSH forward helper" thing. I know about "native messaging", which is a facility through which Chrome can communicate with a native binary on your local machine. This binary has to be installed and configured administratively (i.e., cannot be done by installing a Chrome app or extension alone). I suspect that gnubbyd may have a way to talk to your local ssh-agent if you configure that (just a guess).
I still don't know why you'd be getting that error message, though. I don't immediately see an option in gnubbyd for such a facility. Maybe it doesn't like something about your Yubikey, or maybe you need to go through some sort of initial setup with it?
vapier
commented
6 years ago in order to access the smartcard connector app, you need to be whitelisted by it first: https://github.com/GoogleChromeLabs/chromeos_smart_card_connector/blob/master/third_party/pcsc-lite/naclport/server_clients_management/src/known_client_apps.json
further, the way Secure Shell does it is by building an ssh-agent on top of the connection: https://chromium.googlesource.com/apps/libapps/+/master/nassh/doc/hardware-keys.md
which in turn is not exactly trivial. look at the commits from Fabian here: https://chromium.googlesource.com/apps/libapps/+log/nassh-0.8.41/nassh/
we might be able to factor out our ssh-agent implementation so it could be pulled into other projects ...
i don't think native messaging will help here.
qmx
commented
6 years ago @vapier is there any specific process for getting mosh whitelisted on GSC?
vapier
commented
6 years ago just send them a PR, and feel free to cc me on it so i can sync up with the Googler internally as needed
bryanlharris
commented
5 years ago Hello rpwoodbu, I attempted to use this feature to read a yubikey 5. However, I'm not sure whether I'm doing everything right or not. I installed the keys into the card using win4gpg, and successfully connect with gpg-connect-agent with a regular PuTTY session (after saving the pubkey to my authorized_keys file on remote side). However, both Chrome smart card connector as well as Mosh do not appear to read the yubikey. Is there anything I need to do to make this work? Does it only work on a chromebook or does it also work on Windows 10 running regular Chrome? I can access Navy webmail using a CAC, so I assume my Chrome is able to read other smart cards too.
morfca
commented
5 years ago having similar difficulty with yubikey 5
tv42
commented
4 years ago I have a Yubikey 5c nano in PIV mode working well with the SSH app, Mosh doesn't seem to see it at all.
The Chromebook SSH app supports smartcards (e.g. Yubikeys). Adding similar to support for mosh would be great both in terms of security and convenience.