[X2Go-Dev] SSH Agent (auth+forwarding) support in Python X2Go / PyHoca-GUI
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Thu Oct 11 12:10:33 CEST 2012
Hi all,
during the last couple of days I have added SSH Agent
(forwarding+auth) support to Python X2Go (and so to PyHoca-GUI and
PyHoca-CLI).
The feature is already available in the nightly-build (Debian)
archive. The Ubuntu nightly-built packages should follow soon.
For SSH agent forwarding you need the not-yet-released Paramiko
version 1.8.0. For Debian I have packaged a Git snapshot and it is
available with the nightly-build of python-x2go.
Try it out:
place your SSH pubkey on machine-1 and machine-2 (which can be reached via
machine-1) into the (for this demo) otherwise empty files:
user-1 at machine-1:~user-1/.ssh/authorized_keys
and
user-2 at machine-2:~user-2/.ssh/authorized_keys
Back on your local client:
$ ssh-add [<priv-keyfile>]
$ pyhoca-gui
Enable SSH agent forwarding in connection tab of a session profile for
machine-1. Use a simple TERMINAL session command.
Connect to user-1 at machine-1 and start a session on machine-1
$ echo $SSH_AUTH_SOCK
/tmp/ssh-<hash>/agent.<pid>
$ ssh <user-2>@<machine-2>
(should work without password)
For the authentication from user-1 at machine-1 to user-2 at machine-2 you use a
SSH agent connection that is tunneled back through Python X2Go to
your client
machine (the machine you run PyHoca-GUI on). So, the SSH agent on
your client
machine serves a challenge/response request from SSH client programs within
X2Go sessions.
Note: if you try the above with a GNOME desktop (XFCE4 probably as well) the
gnome-keyring will hijack the SSH agent functionality and ignore forwarded
SSH agent connections (with x2goserver-xsession package installed).
Use this command to disable SSH agent feature in gnome-keyring (within the
X2Go Session):
$ gconftool-2 -s /apps/gnome-keyring/daemon-components/ssh false
--type bool
After you have applied this gconf change, logout and start a new GNOME
session. Now SSH agent stuff is handled through ssh-agent and it should also
be aware of SSH agent forwarding connections.
Have fun!
Mike
--
DAS-NETZWERKTEAM
mike gabriel, rothenstein 5, 24214 neudorf-bornstein
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20121011/4b956985/attachment.pgp>
More information about the x2go-dev
mailing list