Issues using veyon-cli authkeys import


  • Hi Tobias,

    I'm tryin to implement PKI auth on veyon (4.5.5 -> ubuntu mete 20.04).
    When I use the command :
    veyon-cli authkeys import key
    (key is my keyfile)
    I got an error message (translated from french) :
    Writing of file failed. Please check your permissions.
    It's weird : I'm root

    I created the key in veyon-configurator (public and private), then export them. I use the exported files to import keys on students and teachers computers.

    Two other issues (not blocking, but annoying) :

    • When I created the key in veyon-configurator, it refuses the name veyon-master, because it contains a "-". It's annoying, since I already configured this on windows, had no issues with that name, and created the related posix group in LDAP
    • Using veyon-cli authkeys import /tmp/key.pem fails because "key name contains non valid characters". After a few tests, it seems, you can neither use '/', nor '.'
      A little beat weird, we can't use a valid file path to import the file !

    Those last two issues are minor (non blocking), but the first one I related is really blocking the implementation of this security functionnality in my classrooms. If you could provide a solution, I'll be glad 😉

    Thanks for your work and your help
    Regards
    Eric


  • For the record I discovered help for authkeys import, and modified the command like this :
    veyon-cli authkeys import veyon_master public-key.pem

    But exactly the same issues

    (For the record too : I tried to import the pem file in veyon-configurator, it worked)


  • Hi,
    I finally did it "by hand", without using veyon-cli command :
    Create directories in /etc, give required rights to key files, modify conf keys...
    If it can be usefull to someone :

    On all computers (teachers and students) :
    veyon-cli config set Authentication/Method 1
    veyon-cli config set Authentication/KeyAuthenticationEnabled True
    mkdir -p /etc/veyon/keys/public/mykeyname/
    cp my-public-key-file.pem /etc/veyon/keys/public/mykeyname/key
    chmod 444 /etc/veyon/keys/public/mykeyname/key
    chmod -R 755 /etc/veyon
    chown -R root:root /etc/veyon

    On teacher's computer only :
    mkdir -p /etc/veyon/keys/private/mykeyname/
    chmod -R 755 /etc/veyon
    chown -R root:root /etc/veyon
    cp my-private-key-file.pem /etc/veyon/keys/private/mykeyname/key
    chmod 440 /etc/veyon/keys/private/mykeyname/key
    chown root:myauthorizedgroup etc/veyon/keys/private/mykeyname/key

    (.pem files were generated and exported in veyon-configurator, and "myauthorizedgroup" is the user group for users authorized to connect to veyon-master and remote to classroom computers)


  • @erict: indeed the authentication key name check is too strict at the moment since it only allows word characters (0-9, a-z, A-Z and underscore). I just committed a fix which will also allow the minus character (https://github.com/veyon/veyon/commit/768feeb53c11d7a1f5e5fa4d8378d795c73cc1ad). It will be part of Veyon 4.5.7 next month. In case you build packages on your own, you can simply do this for the latest 4.5 branch.

    Besides that, importing keys via veyon-cli should work with the following command:

     veyon-cli authkeys import veyon_master/public public-key.pem