[X2Go-Dev] Bug#405: X2GO Client pollutes .ssh/authorized_keys

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Thu Jan 8 15:02:24 CET 2015


Control: tag -1 confirmed
Control: reassign -1 x2goserver
Control: retitle -1 x2gomountdirs/sshfs hangs indefinitely if  
client-side sshd is down

Hi,

I have spent the last 1.5 days with hunting down the cause for #405.

The phenomenon is:

   o client-side is Linux (or maybe Mac OS X)
   o sshd ist not running on the client machine
   o the session profile has printing or client-side folder sharing enabled

If X2Go Client launches a remote session it does the following things:

   o set up a reverse port forwarding tunnel that allows
     <server-side-localhost>:<fsPort> -> <client-side-localhost>:<sshd-Port>
   o if sshd is not running, the above will still work...
   o then x2gomountdirs is evoked...
   o ... which attempts to run sshfs against <server-side-localhost>:<fsPort>
   o however, in X2Go Client this triggers an I/O error because the client-side
     sshd is not listening / not running

I studied the X2Go Client code (sshmasterconnection.cpp and  
sshprocess.cpp) very deeply and added several new debug messages +  
improved the debugging output of existing messages.

In X2Go Client, the mounting of a client-side folder uses two SSH  
channel inside this reverse port forwarding tunnel:

   o one SSH channel for the tunnel itself
   o one SSH channel per x2gomountdirs command call evoked on the server

Furthermore, X2Go Client can detect if failures occur in x2gomountdirs  
this way:

   o something strange happens while executing the command (SSH  
disconnects etc.)
   o the stdOut of the evoked command (x2gomountdirs) is empty while  
stdErr is not

So, (and I did not know this), all X2Go Server side commands  
(/usr/bin/x2go*) should properly write to stderr if things go wrong  
and leave stdOut untouched at the same time.

The problem now is: if x2gomountdirs is not detected as "failing"  
(which it is not), the sshfs pubkey required for client-side folder  
sharing is not removed from the .ssh/authorized_keys file.

Furthermore, X2Go Client detects the I/O errors on the sshfs tunnel  
channel, but cannot relate to that to the x2gomountdirs command evoked  
via the SSH command channel.

My first attempts targetted getting X2Go Client to tidy up the  
authorized_keys file whenever a tunnel failure occurs. X2Go Client  
should be able to detect this, but this would require a partial  
redesign of the complete reverse port forwarding mechanism. I  
disrecommend doing this for the current X2Go Client implementation,  
but we should keep it in the back of our heads for a later redesign.  
It took about 8h to come to this conclusion.

My second approach (and I will commit soon is this):

   o evoke sshfs command with "timeout 30 sshfs <options>"
   o print error messages to STDERR (not to STDOUT)
   o and make sure we unregister the mount point if sshfs fails (with  
fusermount -u)

Wit this approach, X2Go Client tries to call x2gomountdirs,  
x2gomountdirs fails after 30 seconds with error messages printed to  
STDERR. This gets caught by X2Go Client and then the  
post-startX2goMount code is triggered which removes the used pubkey  
from ~/.ssh/authorized_keys.

Commit will come in a minute...

Greets,
Mike


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20150108/97214bfe/attachment-0001.pgp>


More information about the x2go-dev mailing list