Results 1 to 7 of 7

Thread: SSH remote access and GPG keys generation

  1. #1
    Join Date
    Oct 2009
    Location
    Minsk
    Posts
    24

    Default SSH remote access and GPG keys generation

    Hi

    My server works operation system openSuSE. Package OpenPGP has installed. This package works both a server console and via a remote access.

    I study package OpenPGP with my students in the computer class (15 computers) via remote access, protocol SSH, port 22. All the features and commands gpg2 are workable. There is a little problem with creating keys.

    When I type in the remote console:

    gpg2 --gen-key

    then go interactive mode and answer questions to the program as shown in the following screen:

    =================== console ===========================
    strekoza:~ # gpg2 --gen-key
    gpg (GnuPG) 2.0.19; Copyright (C) 2012 Free Software Foundation, Inc.
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Please select what kind of key you want:
    (1) RSA and RSA (default)
    (2) DSA and Elgamal
    (3) DSA (sign only)
    (4) RSA (sign only)
    Your selection? 1
    RSA keys may be between 1024 and 4096 bits long.
    What keysize do you want? (2048)
    Requested keysize is 2048 bits
    Please specify how long the key should be valid.
    0 = key does not expire
    <n> = key expires in n days
    <n>w = key expires in n weeks
    <n>m = key expires in n months
    <n>y = key expires in n years
    Key is valid for? (0) 56
    Key expires at Mon Jun 20 16:06:19 2016 MSK
    Is this correct? (y/N) y

    GnuPG needs to construct a user ID to identify your key.
    Real name: Dremu4ii
    Email address: dremu4ii@polo.horse.org
    Comment: welcome to PGP
    You selected this USER-ID:
    "Dremu4ii (welcome to PGP) <dremu4ii@polo.horse.org>"
    Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
    You need a Passphrase to protect your secret key.

    We need to generate a lot of random bytes...

    =================== console ===========================


    When I enter the password and the program then hangs. It requiring generate many random numbers. If I run in a nearby console, command that "does nothing", for example:

    ls -la -R /

    It helps sometimes if does it 2-3 times, then keys can be created. This helps, but not always.

    If I type the command:

    gpg2 --gen-key

    run directly on the console server, this problem does not occur and the keys will be created.

    Tell me, please, what can I do?

  2. #2

    Default Re: SSH remote access and GPG keys generation

    If you read the man page gpg2 and the --gen-key option it says that
    you need to reference the file doc/DETAILS to see how to properly
    use this command.

    On my OpenSusE install, this file is found at: /usr/share/doc/packages/gpg2/DETAILS
    There is a "Unattended key generation" section in this file that may give you the
    answer you are looking for and some examples of how to use the --gen-key option.

    Good luck


    Quote Originally Posted by Dremu4ii View Post
    Hi

    My server works operation system openSuSE. Package OpenPGP has installed. This package works both a server console and via a remote access.

    I study package OpenPGP with my students in the computer class (15 computers) via remote access, protocol SSH, port 22. All the features and commands gpg2 are workable. There is a little problem with creating keys.

    When I type in the remote console:

    gpg2 --gen-key

    then go interactive mode and answer questions to the program as shown in the following screen:

    =================== console ===========================
    strekoza:~ # gpg2 --gen-key
    gpg (GnuPG) 2.0.19; Copyright (C) 2012 Free Software Foundation, Inc.
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Please select what kind of key you want:
    (1) RSA and RSA (default)
    (2) DSA and Elgamal
    (3) DSA (sign only)
    (4) RSA (sign only)
    Your selection? 1
    RSA keys may be between 1024 and 4096 bits long.
    What keysize do you want? (2048)
    Requested keysize is 2048 bits
    Please specify how long the key should be valid.
    0 = key does not expire
    <n> = key expires in n days
    <n>w = key expires in n weeks
    <n>m = key expires in n months
    <n>y = key expires in n years
    Key is valid for? (0) 56
    Key expires at Mon Jun 20 16:06:19 2016 MSK
    Is this correct? (y/N) y

    GnuPG needs to construct a user ID to identify your key.
    Real name: Dremu4ii
    Email address: dremu4ii@polo.horse.org
    Comment: welcome to PGP
    You selected this USER-ID:
    "Dremu4ii (welcome to PGP) <dremu4ii@polo.horse.org>"
    Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
    You need a Passphrase to protect your secret key.

    We need to generate a lot of random bytes...

    =================== console ===========================


    When I enter the password and the program then hangs. It requiring generate many random numbers. If I run in a nearby console, command that "does nothing", for example:

    ls -la -R /

    It helps sometimes if does it 2-3 times, then keys can be created. This helps, but not always.

    If I type the command:

    gpg2 --gen-key

    run directly on the console server, this problem does not occur and the keys will be created.

    Tell me, please, what can I do?

  3. #3
    Join Date
    Oct 2009
    Location
    Minsk
    Posts
    24

    Default Re: SSH remote access and GPG keys generation

    Dear crubel in the documentation to which you refer is only details and features create of the pair keys. In the specified you documentation don't contains reply to my question unfortunately.

    My question is formulated as follows. When I try to create the keys on the server over a remote SSH access running command

    gpg2 --gen-key

    problem arises. The console freezes, keys are not created
    .

    What can I do?

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,167
    Blog Entries
    3

    Default Re: SSH remote access and GPG keys generation

    I'm not sure that I understand the question.

    Have you tried using:
    Code:
    ssh -X
    to start the ssh connection?

    I'm guessing that gpg2 is wanting you to enter a passphrase, and has attempted to open a pinentry dialog. But you are not seeing it over your ssh connection. If that's the problem, then maybe X-forwarding will fix it. Or maybe there is a way that you can force it to use the "ncurses" pinentry option.
    openSUSE Leap 15.1; KDE Plasma 5;

  5. #5
    Join Date
    Oct 2009
    Location
    Minsk
    Posts
    24

    Default Re: SSH remote access and GPG keys generation

    Hello nrickert.

    I use to connect to my Linux-server using SSH utility putty.exe (https://en.wikipedia.org/wiki/PuTTY).

    My class has some machines running operation system Windows 8.1. These machines are connected via SSH (putty.exe) to my Linux server.

    Regards Dremu4ii.

  6. #6
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,167
    Blog Entries
    3

    Default Re: SSH remote access and GPG keys generation

    Quote Originally Posted by Dremu4ii View Post
    My class has some machines running operation system Windows 8.1. These machines are connected via SSH (putty.exe) to my Linux server.
    I used to have my students do that. Back then, the server was using gpg 1.x, which would prompt interactively for key etc. But I think "gpg2" needs "gpg-agent" to always be running. So the student needs to start "gpg-agent" in his session.

    It might be easier to install gpg1, and change it so that the "gpg" command is "gpg1" or a symlink to "gpg1" instead of a symlink to "gpg2".

    I'll note that some distros (Ubuntu, Debian for example) are installing both gpg1 and gpg2. Some of the GUI software gives a choice on which to use. For remote command line users, gpg1 is easier to use. I think there's an openFATE request for opensuse to provide both, but it doesn't look as if it will happen.
    openSUSE Leap 15.1; KDE Plasma 5;

  7. #7
    Join Date
    Oct 2009
    Location
    Minsk
    Posts
    24

    Default Re: SSH remote access and GPG keys generation

    Hi all. Problem running the rngd daemon. Daemon rngd - checks and feeds random data from hardware device to kernel random device.

    I type in command prompt as root:

    rngd -r /dev/urandom -o /dev/random -b

    That is all. The command gpg2 --key-gen succeeds at all client machines now.

    Problem solved, thank you all.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •