Issues using veyon-cli authkeys import


  • Hi Tobias,

    I'm tryin to implement PKI auth on veyon (4.5.5 -> ubuntu mete 20.04).
    When I use the command :
    veyon-cli authkeys import key
    (key is my keyfile)
    I got an error message (translated from french) :
    Writing of file failed. Please check your permissions.
    It's weird : I'm root

    I created the key in veyon-configurator (public and private), then export them. I use the exported files to import keys on students and teachers computers.

    Two other issues (not blocking, but annoying) :

    • When I created the key in veyon-configurator, it refuses the name veyon-master, because it contains a "-". It's annoying, since I already configured this on windows, had no issues with that name, and created the related posix group in LDAP
    • Using veyon-cli authkeys import /tmp/key.pem fails because "key name contains non valid characters". After a few tests, it seems, you can neither use '/', nor '.'
      A little beat weird, we can't use a valid file path to import the file !

    Those last two issues are minor (non blocking), but the first one I related is really blocking the implementation of this security functionnality in my classrooms. If you could provide a solution, I'll be glad 😉

    Thanks for your work and your help
    Regards
    Eric


  • For the record I discovered help for authkeys import, and modified the command like this :
    veyon-cli authkeys import veyon_master public-key.pem

    But exactly the same issues

    (For the record too : I tried to import the pem file in veyon-configurator, it worked)


  • Hi,
    I finally did it "by hand", without using veyon-cli command :
    Create directories in /etc, give required rights to key files, modify conf keys...
    If it can be usefull to someone :

    On all computers (teachers and students) :
    veyon-cli config set Authentication/Method 1
    veyon-cli config set Authentication/KeyAuthenticationEnabled True
    mkdir -p /etc/veyon/keys/public/mykeyname/
    cp my-public-key-file.pem /etc/veyon/keys/public/mykeyname/key
    chmod 444 /etc/veyon/keys/public/mykeyname/key
    chmod -R 755 /etc/veyon
    chown -R root:root /etc/veyon

    On teacher's computer only :
    mkdir -p /etc/veyon/keys/private/mykeyname/
    chmod -R 755 /etc/veyon
    chown -R root:root /etc/veyon
    cp my-private-key-file.pem /etc/veyon/keys/private/mykeyname/key
    chmod 440 /etc/veyon/keys/private/mykeyname/key
    chown root:myauthorizedgroup etc/veyon/keys/private/mykeyname/key

    (.pem files were generated and exported in veyon-configurator, and "myauthorizedgroup" is the user group for users authorized to connect to veyon-master and remote to classroom computers)