ZKeychain - A SSH ssh-agent GUI for the Zaurus

Download ipk
Requirements
Configuration
Running
Troubleshooting

ZKeychain provides a GUI to Keychain 2.51. It allows the entry of your ssh passphraes in a dialog window and allows you to start multiple ssh and scp sessions without having to retype your passphrase. Additionally, it provides functionality to start encrypted tunnels for SMTP, POP3, HTTP and VNC traffic. An ipk is available here

What is Keychain?

As explained in the keychain homepage:
Keychain is a manager for OpenSSH, ssh.com, Sun SSH and GnuPG agents. It acts as a front-end to the agents, allowing you to easily have one long-running agent process per system, rather than per login session. This dramatically reduces the number of times you need to enter your passphrase from once per new login session to once every time your local machine is rebooted.

Why do I need it?

Well, you don't necessarily need it, but if you use ssh, it can make your life much easier. In addition to eliminating the need to retype your passphrase every time you start a ssh or scp session, it provides a simple GUI to setup encrypted tunnels for SMTP, POP3, HTTP and VNC traffic.

Requirements

Configuration

  1. ZKeychain Configuration

    Server configuration information is stored in two files:

    • /home/zaurus/.zkeychain/ssh_servers
      In this file, you can list addresses of servers you contact frequently. Addresses should be listed one per line in numerial IP format or as a server name. Comments or information other than valid server address are not allowed. The contents of this file are listed in the "SSH Server" list input dialog window.

      Note that you can always type a name of a new server in the dialog input box, if it is not listed in this configuration file.

      Example: 

      192.168.0.13
192.168.0.14
ssh_server1
ssh_server2
ssh_server.org
    • /home/zaurus/.zkeychain/zkeychain.conf

      This file contain configuration of your SMTP, POP3, VNC and HTTP servers. 

      # zkeychain.conf
# This file contains the configuration of zkeychain
# Minimum configuration required: 
# SSH_USERH_NAME and at least one server
#
# Set variable below will provide debug information
DEBUG=Y
# server configuration
SSH_SERVER_USERNAME=
SMTP_SERVER=
POP3_SERVER=
VNC_SERVER=
# Default port configuration
# Uncomment and change if needed
#
# Your e-mail client should be configure to use these ports 
#SMTP_LOCAL_PORT=8025
#POP3_LOCAL_PORT=8110
# These are the ports used by your servers
#POP3_REMOTE_PORT=110
#SMTP_REMOTE_PORT=25
# The VNC server and client must be configure to listen on these ports
# On the Z, the VNC client should connect to the 
# VNC_LOCAL_PORT at localhost
#VNC_LOCAL_PORT=5900
#VNC_REMOTE_PORT=5900
# Set variable below to tunnel HTTP traffic
TUNNEL_HTTP=Y
# The proxy configuration for your network connection should be 
# localhost:HTTP_LOCAL_PORT
# You need a proxy such as squid running on SSH_SERVER 
# listening on HTTP_REMOTE_PORT
#HTTP_LOCAL_PORT=3128
#HTTP_REMOTE_PORT=3128
  2. Client software on the Zaurus
    • HTTP Proxy

      Configure the proxy information using the Network Wizard: Select "HTTP Proxy" and use "localhost" for the address and the port number defined by HTTP_LOCAL_PORT.

    • E-mail Client

      Create a new account and configure both POP3 and SMTP servers as "localhost" and use the port numbers configured with SMPT_LOCAL_PORT and POP3_LOCAL_PORT.

  3. Some programs can be configured to use the proxy directly. Check the program documentatin for the details. For instance:

Running ZKeychain

  1. Start ZKeychain by clicking on its icon. A dialog window will pop-up asking for your passphrase.

  2. Type your passphrase and click the OK button. A message window will pop-up showing the output of Keychain. If the correct passphrase is entered, Keychain will indicate that the key was added successfully.

  3. Next, indicate if you wish to set-up and start encrypted tunnels.

  4. Then select the server to connect to from the list box input. If the server is not shown on the list, simply type it in the dialog box.

  5. If your have DEBUG set in zkeychain.conf, the following window will pop-up showing the entire ssh command string. This is useful to verify your initial configuration.

  6. Finally, zkeychain opens an instance of embeddedkonsole. From there, you can use ssh, scp and friends at will without needing to retype your passphrase. This is true even if you open multiple console windows in embeddedkonsole.

  7. When you finally close embeddedkonsole, Keychain stops ssh-agent and all ssh sessions are killed. To resume ssh, you will need to retype your passphrase.

    Troubleshooting

    The most effective way to troubleshoot your installation is to go through all the steps manually before attempting to use zkeychain.

    1. Start with a working installation of ssh. You must be able to manually login to your servers from the console -- ie, you can get in using 
       ssh -l username server
    2. Once you can get in, try to set up tunnels manually, one at a time.
    3. To tunnel HTTP, you will need a proxy server running on the same machine running sshd. (This is how I got it to work anyway.). I used squid with good results. Configure it to proxy only from localhost. The squid faq is your friend here.
    4. Set DEBUG in zkeychain.conf. Copy the entire ssh command displayed on the debug window, adding the -v flag to obtain more verbose output if needed.
    5. I found that tunneling from an external server is harder than from your internal network. For instance, I have not been able to tunnel SMTP or HTTP from a an external hotspot; POP3 works fine. I believe this is due to the SMTP and HTTP servers denying the connection, but I haven't proven this yet. I will post initial info once I figure it out with my connection.

      Webmaster<webmaster@akiaki.org>

      Last modified: 

       Sat Mar 26 12:52:32 EST 2005