[X2Go-Commits] [[X2Go Wiki]] page changed: doc:howto:tce

wiki-admin at x2go.org wiki-admin at x2go.org
Mon Nov 20 13:46:45 CET 2017


A page in your DokuWiki was added or changed. Here are the details:

Date        : 2017/11/20 12:46
Browser     : Mozilla/5.0 (X11; Linux x86_64; rv:52.9) Gecko/20100101 Goanna/3.4 Firefox/52.9 PaleMoon/27.6.0
IP-Address  : 134.3.37.90
Hostname    : HSI-KBW-134-3-37-90.hsi14.kabel-badenwuerttemberg.de
Old Revision: https://wiki.x2go.org/doku.php/doc:howto:tce?rev=1511181792
New Revision: https://wiki.x2go.org/doku.php/doc:howto:tce
Edit Summary: [List of open ToDos/FIXMEs for this page] updated SSH Private Keys FIXME
User        : stefanbaur

@@ -1000,24 +1000,13 @@
    * additional scripts could be added that work "automagically" if there's no PXE/TFTP/HTTP/FTP server yet - maybe in a separate package x2go-tce-setup-aids.deb which then has dependencies on atftpd and apache|lighttpd, ...
  
  FIXME To be checked: Does the live-config "builtin" command ''live-config.nottyautologin'' do the same as our ''nouser'' command? If yes, ''nouser'' could be removed. Note that
''live-config.nottyautologin'' **might** mean "there's a login prompt, but you just need to enter username ''user'' and password ''live'' to login" - this is not what we want.  We need a solution to entirely block user logons.
  
- FIXME It would be cool if there was some kind of autodetection for SSH private keys, on local storage media and/or on USB media. 
+ FIXME autodetection for SSH Private Keys might need some more bells and whistles.
  For USB media, this may require adding an automounter.
-   * Stefan once wrote a script 2500-x2go-keychange for this, but it only handles local storage media, also, it needs to be adapted to the current TCE.
-   * 1150-openssh-readsshprivatekeys or 1150-x2go-readsshprivatekeys would probably be the proper names
-   * Maybe it would be better to split the process into 2 scripts, one that fetches the keys from local storage/USB media, and one that patches the sessions file
-   * 2800-x2go-thinclientconfig would also have to be changed so it uses
the keyfile(s) when in broker mode (''--broker-ssh-key'')
-   * https://packages.debian.org/jessie/usbmount might come in handy - needs to be configured to mount everything read-only
-   * udev can be used to trigger an action when a block device gets plugged in or plugged out: /lib/udev/rules.d/80-do-something.rules ''SUBSYSTEM=="block", RUN+="/usr/bin/some-command"'' (command to trigger devices that were already plugged in at boot: ''udevadm trigger --action=add'')
-   * all keys found on "real" (non-USB) disks that weren't already mounted should be copied to the ramdisk, mimicking the directory structure, and the device should be umounted immediately afterwards (so we don't interfere with the update script when running from NTFS)
-   * once a key has been selected, it should be copied to /home/user/.ssh/id_[d|r]sa, and all other in-memory copies of keys should be wiped
+   * how about a script that patches the sessions file to enable autologin for all sessions when keys have been
found?
+   * 2800-x2go-thinclientconfig needs to be changed so it uses the keyfile(s) when in broker mode (''--broker-ssh-key'')
    * directory scan 
-     * scan USB devices first
-     * scan already mounted block devices belonging to fixed disks next (parse output of ''df'' or ''/proc/mounts'')
-     * then start ro-mounting remaining partitions
-     * scan for .ssh and ssh folders in /, /home/*/ and /*/ (in case /home was a separate mount point), but no subdirectories underneath them
-     * check every file using the ''file'' command - output ends e.g. in ''PEM RSA private key''
      * should we abort on first match?
    * how do we treat multiple keys?
      * no keys on USB and exactly one key on disk -> use key
      * exactly one key on USB -> takes precedence over key/keys found on disk? Or present chooser based on gxmessage?
@@ -1025,8 +1014,9 @@
    * problem with gxmessage as chooser is that it can only display 6 buttons on 640x480 (Which we should assume as minimum
screen size)
      * 4 key choices, back, next?
    * oooooor we might just load all keys into ssh-agent and let it figure out which one it needs?
      * next problem: How do we prompt for passwords of such keys?
+ 
  FIXME 2200-xserver-xorg-getxorgconf should be taught to understand file:<nowiki>//</nowiki> URLs.
  
  FIXME Parsing the output of e.g. <code>udevadm info --query path /dev/sdb
  /devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0/host2/target2:0:0/2:0:0:0/block/sdb


-- 
This mail was generated by DokuWiki at
https://wiki.x2go.org/



More information about the x2go-commits mailing list