[X2go-dev] ENHANCEMENT-REQUEST: x2goclient -- option for reverse SSH port

John A. Sullivan III jsullivan at opensourcedevel.com
Fri Jun 25 22:43:28 CEST 2010

On Fri, 2010-06-25 at 22:11 +0200, Mike Gabriel wrote:
> Hi there,
> in the current x2goclient package (3.01-5, Debian, Qt version) there  
> is need for an option to configure the reverse SSH port number (i.e.  
> the SSH daemon's port on the client side). This option should be a  
> client wide config option (not a per-session option).
> Printing and file sharing (sshfs/fuse) build up a reverse port  
> forwarding tunnel from the x2goserver back to the client. This feature  
> is used for x2goprint and x2gomountdirs (if I understand the perl code  
> correctly) and could also be used for any other feature that could be  
> evoked by a reverse SSH connection...
> The linux x2goclient, however, pre-requisites a running ssh daemon on  
> the client system. Its standard port is 22. The x2goclient will only  
> work if the client's SSH daemon runs on the default port 22. It will  
> fail if the port has been set to a custom (high) port.
> Consider a client, whose system administrator has set the SSH port to  
> a high --- to potential intruders unknown --- port number (e.g.  
> 20222). With such an SSH setup, sshfs/fuse will fail...
> Reproduce:
>    o modify /etc/ssh/sshd_config
>    o set ,,Port 20222'' (or something else)
>    o /etc/init.d/ssh restart
>    o start x2goclient as some user and login to a remote x2goserver
>    o start a shell within the x2go session on the server
>    o type ,,mount | grep sshfs''
> Suggestions:
> (a)
> add a global SSH port number option to the x2goclient (linux-only).
> (b)
> Another way for the x2goclient could be some autodetect code:
> lsof -ni  | egrep "^sshd.*root.*IPv4" | awk '{ print $8 }'
> (c)
> Another way, similar to the windows client, could be to run a separate  
> ssh instance that binds to a random port on the localhost lo-device  
> only. That's where the reverse SSH tunnel (server -> client) has its  
> endpoint.
> sshd -o ListenAddress<someport> -o <someOtherOption>
> Hope to be of help,
> Mike
Hi, Mike, and welcome to a great project.  As you suggest, it is a
client and not a session setting hence it does not appear in the session
definitions.  If you go to Options / Settings in the client menu, you
will see an option to set the client side port.  We do always set this
to a non-standard port for security reasons as you also suggest.  Thanks
- John

More information about the x2go-dev mailing list