Setup passbolt on another computer

VictorTsang · January 15, 2024, 2:22am

Checklist
[x ] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[ x] I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
[ x] I describe the steps I have taken to trouble shoot the problem
[ x] I describe the steps on how to reproduce the issue

Greeting everyone,

Ran into a problem wonder if anyone has any tips, I’d like to help my colleague to setup his passbolt account onto 2 computers, after successfully setting up the first computer, I use his private key and the recovery link to setup the account on a laptop.

Strangely after I followed the instruction, uploading the private key file and input the password, I’ve got the error :

“The key provided does not belong to given user.”

I didn’t see any log on passbolt docker that suggested something has went wrong, and I have double checked the pgp key and the command I used, both have the same email address.

I have tried to download the private key again from the first computer and repeated the process with the same result.

I wonder if anyone here have any idea/suggestion on how I can fix the issue?

clayton · January 15, 2024, 2:01pm

Hey @VictorTsang welcome to the forum!

Based on the error it points to using the wrong key here. Can you explain a bit more what you mean with this?

I have double checked the pgp key and the command I used, both have the same email address.

When you say both have the same email address are you meaning two different keys?

VictorTsang · January 17, 2024, 1:30am

Thank you for looking into my problem Clayton,

I have since tested with a more straightforward case, allow me to use the new flow instead to explain the problem I see.

I have created a new user, activated the account on chrome on my local machine. I have downloaded the restore kit during the activation process, and just in case, after login, I have also downloaded the private key and saved it separately.

I then try to use firefox to ‘recover’ the account, I generated the recovery request, and used the restore kit file, as well as the private key, both gave me the same key don’t belong to the user error.

clayton · January 17, 2024, 11:45am

Could you run the status report and post the output? We have instructions for that on the help site. Or alternatively we have a different page for docker instructions if that is how you installed

VictorTsang · January 18, 2024, 1:52am

Here’s the healthcheck result.

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 8.2.7.
[PASS] PHP version is 8.1 or above.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://10.31.199.201:2443
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[WARN] SSL peer certificate does not validate
[WARN] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check Passbolt Help | Troubleshoot SSL
[HELP] cURL Error (60) SSL certificate problem: self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 31 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (4.4.2).
[FAIL] Passbolt is not configured to force SSL use.
[HELP] Set passbolt.ssl.force to true in /etc/passbolt/passbolt.php.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.ph p.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

SMTP Settings

[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[WARN] The SMTP Settings source is: /etc/passbolt/passbolt.php.
[HELP] It is recommended to set the SMTP Settings in the database through the administration sect ion.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt. php.

[FAIL] 1 error(s) found. Hang in there!

For the record I am running passbolt with docker, I can’t get smtp working on my end due to SSL cert issue, I’m doing admin work mostly with shell command.

VictorTsang · January 24, 2024, 8:13am

I have tried to pull the latest docker images and did the test again today, still the same issue. so wonder anyone has run into similar problem as I do and got any idea what ocul be wrong?

I’m running the docker locally, without using compose, here’s my docker startup command, in case I missed any folder I should share.

docker run --name passbolt
–add-host=host.docker.internal:host-gateway
-p 2443:443
-v /etc/passbolt/passbolt.php:/etc/passbolt/passbolt.php:z
-v /etc/passbolt/gpg:/etc/passbolt/gpg:z
-v /etc/passbolt/jwt:/etc/passbolt/jwt:z passbolt/passbolt:latest