xpipe

Note on updating

To increase security, the GPG key used to sign releases has been changed to a new completely isolated one that is only available to the GitHub actions pipeline. It is no longer a personal GPG key. If you installed XPipe via a package manager like apt, dnf, or yum, you will have to update the GPG key for the repository. You can do this with:

wget -qO- https://xpipe.io/signatures/0xDD3E0AD0.gpg > xpipe.gpg
sudo install -D -o root -g root -m 644 xpipe.gpg /etc/apt/keyrings/xpipe.gpg
rm xpipe.gpg

or

sudo rpm --import https://xpipe.io/signatures/0xDD3E0AD0.asc

RDP + VNC

There is now a new system for RDP (on Windows) and VNC connections. They are now opened in a separate window with a built-in tabbing system:

This implementation does its best at working around the limitations of mstsc to provide a smooth experience. It comes with a tabbing and size locking system to allow you to open RDP sessions with the preferred size every time. VNC sessions will open in the same tabbed window and now support dynamic desktop resize operations at runtime.

SSH security keys

The support for hardware security keys and smart cards for SSH has been improved. You can now select a PKCS#11 implementation for PIV out of multiple supported ones like ykcs for Yubikeys, OpenSC, macOS keychain, and more. Furthermore, the automatic key selector from agents has been ported to also support security keys:

Documentation

SSH certificates

This releases introduces full support for SSH certificate authentication:

This feature includes an automatic validity check for the certificate TTL and supports short-lived certificates via various integrations to automatically renew your certificate. This currently includes Hashicorp Vault, OpenBao, and the ability to specify custom renewal commands:

This feature is available in the Professional plan, but is also available for free for a few weeks after release.

Documentation

HTTP + SOCKS5 Proxies

You can now add HTTP and SOCKS5 proxy connections in XPipe. These proxies can then be used for things like SSH connections, git sync, and more:

You can also configure the proxy to be used by XPipe itself:

Documentation

Towards more ease of use

Another focus of this update was to iron out some ease-of-use issues where certain elements were confusing, not well explained, or not visible enough.

This release includes a lot of small changes to change certain item descriptions, show explanatory dialogs on first use of certain features, and more.

Other

• Docker and podman containers now automatically select bash if available instead of sh
• Add support for OpenBao as a password manager
• Add dialogs when setting incompatible identity sync options to better explain synced vaults and identities
• Add option to set default gateway for a category
• Add support to resolve IPs to DNS names in network scan
• Add option for webtop to run it as a central API server to handle vault updates via the API
• Add support for KRDC as an RDP/VNC client
• SFTP connections will now automatically adjust the file system root if only a subdirectory is accessible
• Make explicit display scale value only accept multiples of 25% to prevent display issues
• Add synchronization when multiple FIDO2 SSH connections are started to prevent failures caused by concurrent security key requests
• Switch vault key generation for new vaults to argon2 for improved post quantum security of the vault
• Add option to automatically exit background shell sessions after an inactivity period
• Add move and delete actions for batch selections
• Improve port handling when multiple users run XPipe on the same system.
  You can now run multiple instances of XPipe on a system as long as they are run by different users
• Add compress/uncompress menu entry for .gz files in file browser
• Improve PowerShell profile execution to not execute multiple times

Fixes

• Fix various issues with fish shell systems
• Fix various sync issues with plain directory vault sync
• Fix wrong SSH key passphrases not being reset, requiring a restart
• Fix issues with gpg signing and more when sync mode was not set to instant
• Fix vault user password change not properly reencrypting secrets, making them not readable
• Fix sftp and vscode browser actions not opening for shell environments correctly
• Fix browser navbar not aligning properly when the window width is constrained
• Fix browser navbar display issues when a custom display scale was set
• Fix vault user passphrase change dialog lagging
• Fix application restart not working properly in bourne shell
• Fix terminal dock tracking not working correctly if another terminal window was already open before
• Fix manual sync for local dir always pulling on startup
• Fix terminal split pane open being slow
• Fix system-wide vscode installations not being detected on Windows
• Fix macOS focus for terminals sometimes focusing the wrong window

Downloads

You can find all downloadable artifacts below attached to this release. For installation instructions, see the installation guide.

All artifacts are signed by Christopher Schnick (BBDA 885A DD3E 0AD0)