[X2Go-User] Problems with broker-session-autologin
Mathias Ewald
mathias.ewald at vxpertise.net
Sun Oct 13 15:08:14 CEST 2013
Hi everyone,
the way I understand the broker-session-autologin feature as described
on
http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:loadbalancing?s[]=autologin
is that a user will not have to type username and password to the x2go
server machine he is logging in to.
Therefore we create an SSH key pair on the broker with
x2gobroker-keygen
and then import it on the X2go server with x2gobroker-agent installed using
x2gobroker-pubkeyauthorizer --broker-url
http(s)://<broker-server>:<port>/<basepatch>/pubkeys/
It looks like step 1 worked fine:
x2gobroker at x2gobroker:~$ ls -l .ssh
total 12
-rw------- 1 x2gobroker x2gobroker 1683 Oct 13 07:26 id_rsa
-rw-r--r-- 1 x2gobroker x2gobroker 380 Oct 13 07:26 id_rsa.pub
-rw-r--r-- 1 x2gobroker x2gobroker 222 Oct 13 07:34 known_hosts
x2gobroker at x2gobroker:~$
On the desktop (x2go server) the key was imported:
root at desktop:~# ls -l /var/lib/x2gobroker/.ssh/
total 4
-rw-r--r-- 1 x2gobroker x2gobroker 422 Okt 13 13:30 authorized_keys
root at desktop:~# cat /var/lib/x2gobroker/.ssh/authorized_keys
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDBHBNRsjCy80ihzJmKxK7I3Gfn8FMlr+I8MyLbZbMHBdlKhHnAP2qm2AfsWwJa2hP62RgS2Ussxk0d9b7pLe43GfS3xcZR6+/YPSYblFqmTx2NPTV9A8ycG0wGr/RYh6qgWOTBlPoyGbZeFa538iSt/6iNNln+fbFBOwmTDi+UondjVovIhERAC96tFMVLQdRg+4vMViOZkUdmn2+7VVpeYEAmdNPtXd8fluSYYLZo8D8RFPn8IHf3LWr6OXpos/7AOglsxJy2A3EtEkif7boKHV7XyRviKsamahhuNTw1HelbZvr8eAB/TPKWI80giszKPz+1H8PFU4KM2paB8T9f
x2gobroker at x2gobroker.***************
root at desktop:~#
With a session of this configuration
[vs55-dev-mathias]
setsessiontitle=true
krblogin=false
pack=16m-jpeg
quality=9
speed=2
usesshproxy=true
sshproxytype=SSH
sshproxyhost=88.198.244.99
sshproxyport=22
sshproxyautologin=false
sshproxysamepass=false
sshproxysameuser=false
width=800
height=600
dpi=96
fullscreen=false
maxdim=false
multidisp=false
xinerama=false
usekbd=true
sound=false
soundtunnel=false
defsndport=false
soundsystem=none
startsoundsystem=false
useexports=false
useiconv=false
iconvform=UTF-8
iconvto=UTF-8
fstunnel=true
print=false
usemimebox=false
mimeboxaction=OPEN
autostart=false
xdmcpserver=localhost
command=XFCE4
published=false
sessiontitle=vXLT - vSphere 5.5 Dev
host=10.173.20.16
user=student0
name=vSphere 5.5 Dev
command=XFCE
sshproxyuser=mathias
sshproxysameuser=false
acl-groups-allow=mathias
acl-groups-deny=ALL
acl-clients-allow=ALL
acl-any-order=deny-allow
broker-session-autologin=true
I would assume I did everything as described in the link above but here
is what happens:
1) x2goclient --broker-url ....
2) session profiles received
3) click session above
4) enter password to ssh proxy
5) get window with title "student0 at 10.173.20.16" and text "Enter
password to decrypt key"
Now which password?? I didn't set any...
In the meantime, x2goclient logs this:
x2go-DEBUG-../onmainwindow.cpp:2160> Reading 3 sessions from config file.
x2go-DEBUG-../onmainwindow.cpp:2757> Starting session with key.
x2go-DEBUG-../httpbrokerclient.cpp:459> cmd request answer: "Access
granted SERVER:10.173.20.16:22"
x2go-DEBUG-../httpbrokerclient.cpp:441> parsing "Access granted
SERVER:10.173.20.16:22"
x2go-DEBUG-../httpbrokerclient.cpp:480> starting parser
x2go-DEBUG-../httpbrokerclient.cpp:499> server IP: "10.173.20.16"
x2go-DEBUG-../httpbrokerclient.cpp:500> server port: "22"
x2go-DEBUG-../httpbrokerclient.cpp:507> parsing has finished
x2go-DEBUG-../onmainwindow.cpp:1165> Removing apps from tray
x2go-DEBUG-../onmainwindow.cpp:3307> Server: "10.173.20.16"
x2go-INFO-8> "Starting connection to server: 10.173.20.16:22"
x2go-DEBUG-../onmainwindow.cpp:2796> Start new ssh connection to
server:"10.173.20.16":"22" krbLogin: false
x2go-DEBUG-../httpbrokerclient.cpp:518> sslError ,code:"The host name
did not match any of the valid hosts for this certificate":
x2go-DEBUG-../httpbrokerclient.cpp:518> sslError ,code:"The certificate
is self-signed, and untrusted":
x2go-DEBUG-../httpbrokerclient.cpp:459> cmd request answer: "Access
granted SERVER:10.173.20.16:22"
x2go-DEBUG-../httpbrokerclient.cpp:441> parsing "Access granted
SERVER:10.173.20.16:22"
x2go-DEBUG-../httpbrokerclient.cpp:480> starting parser
x2go-DEBUG-../httpbrokerclient.cpp:499> server IP: "10.173.20.16"
x2go-DEBUG-../httpbrokerclient.cpp:500> server port: "22"
x2go-DEBUG-../httpbrokerclient.cpp:507> parsing has finished
x2go-DEBUG-../onmainwindow.cpp:1165> Removing apps from tray
x2go-DEBUG-../onmainwindow.cpp:3307> Server: "10.173.20.16"
x2go-INFO-8> "Starting connection to server: 10.173.20.16:22"
x2go-DEBUG-../onmainwindow.cpp:2796> Start new ssh connection to
server:"10.173.20.16":"22" krbLogin: false
x2go-DEBUG-../onmainwindow.cpp:2891> SSH connection established.
x2go-DEBUG-../onmainwindow.cpp:3117> Continue normal x2go session
x2go-DEBUG-../onmainwindow.cpp:3497> "Session data: "
x2go-DEBUG-../onmainwindow.cpp:3500> Starting new managed session.
x2go-DEBUG-../onmainwindow.cpp:1165> Removing apps from tray
x2go-DEBUG-../onmainwindow.cpp:3940> Executing remote command:
"x2gostartagent 800x600 adsl 16m-jpeg-9 unix-kde-depth_24 us auto 1 D XFCE"
x2go-DEBUG-../onmainwindow.cpp:1423> Close event received.
x2go-INFO-6> "Closing x2goclient..."
x2go-DEBUG-../onmainwindow.cpp:1276> Saving settings...
x2go-DEBUG-../onmainwindow.cpp:1285> Saved settings.
x2go-DEBUG-../onmainwindow.cpp:1307> Waiting for the SSH connection to
finish...
x2go-DEBUG-../onmainwindow.cpp:1309> Waited for the SSH connection to
finish.
x2go-INFO-7> "Closed x2goclient."
x2gobroker shows this in the logs:
root at x2gobroker:~# tail -n 0 -f /var/log/x2gobroker/*
==> /var/log/x2gobroker/access.log <==
==> /var/log/x2gobroker/access.log.1 <==
==> /var/log/x2gobroker/access.log.2.gz <==
==> /var/log/x2gobroker/authservice.log <==
==> /var/log/x2gobroker/authservice.log.1 <==
==> /var/log/x2gobroker/authservice.log.2.gz <==
==> /var/log/x2gobroker/broker.log <==
==> /var/log/x2gobroker/broker.log.1 <==
==> /var/log/x2gobroker/broker.log.2.gz <==
==> /var/log/x2gobroker/error.log <==
==> /var/log/x2gobroker/error.log.1 <==
==> /var/log/x2gobroker/wsgi.log <==
==> /var/log/x2gobroker/wsgi.log.2013-10-10_06 <==
==> /var/log/x2gobroker/wsgi.log.2013-10-13_06 <==
==> /var/log/x2gobroker/broker.log <==
2013-10-13 09:41:25,008 - broker - INFO - client address is 87.151.248.112
2013-10-13 09:41:25,008 - broker - DEBUG - username: mathias, password:
XXXXX, task: listsessions, profile_id: , cookie:
2013-10-13 09:41:25,009 - broker - DEBUG -
base_broker.X2GoBroker.get_authentication_mechanism(): found
default-auth-mech in global config section: pam
2013-10-13 09:41:25,010 - broker - DEBUG -
base_broker.X2GoBroker._do_authenticate(): authenticating user=mathias
with password=<hidden> against backend=inifile.
2013-10-13 09:41:25,010 - broker - DEBUG - connecting to authentication
service socket /run/x2gobroker/x2gobroker-authservice.socket
2013-10-13 09:41:25,011 - broker - DEBUG - sending username=mathias,
password=<hidden>, service=x2gobroker to authentication service
2013-10-13 09:41:25,026 - broker - INFO - authentication against PAM
service »x2gobroker« succeeded for user »mathias«
2013-10-13 09:41:25,027 - broker - DEBUG -
base_broker.X2GoBroker.check_access(): result of authentication check
is: True
2013-10-13 09:41:25,034 - broker - DEBUG -
base_broker.X2GoBroker.get_session_autologin(): found
default-session-autologin in global config section: False
2013-10-13 09:41:25,087 - broker - DEBUG -
base_broker.X2GoBroker.get_agent_query_mode(): found
default-agent-query-mode in global config section: none
2013-10-13 09:41:25,094 - broker - DEBUG -
base_broker.X2GoBroker.get_session_autologin(): found
broker-session-autologin in session profile with ID vs55-dev-mathias:
true. This one has precendence over the default value.
2013-10-13 09:41:25,144 - broker - DEBUG -
base_broker.X2GoBroker.get_agent_query_mode(): found
default-agent-query-mode in global config section: none
2013-10-13 09:41:25,151 - broker - DEBUG -
base_broker.X2GoBroker.get_session_autologin(): found
default-session-autologin in global config section: False
2013-10-13 09:41:25,206 - broker - DEBUG -
base_broker.X2GoBroker.get_session_autologin(): found
default-session-autologin in global config section: False
2013-10-13 09:41:25,259 - broker - DEBUG -
base_broker.X2GoBroker.get_agent_query_mode(): found
default-agent-query-mode in global config section: none
2013-10-13 09:41:31,634 - broker - INFO - client address is 87.151.248.112
2013-10-13 09:41:31,635 - broker - DEBUG - username: mathias, password:
XXXXX, task: selectsession, profile_id: vs55-dev-mathias, cookie:
2013-10-13 09:41:31,636 - broker - DEBUG -
base_broker.X2GoBroker.get_authentication_mechanism(): found
default-auth-mech in global config section: pam
2013-10-13 09:41:31,636 - broker - DEBUG -
base_broker.X2GoBroker._do_authenticate(): authenticating user=mathias
with password=<hidden> against backend=inifile.
2013-10-13 09:41:31,636 - broker - DEBUG - connecting to authentication
service socket /run/x2gobroker/x2gobroker-authservice.socket
2013-10-13 09:41:31,637 - broker - DEBUG - sending username=mathias,
password=<hidden>, service=x2gobroker to authentication service
2013-10-13 09:41:31,652 - broker - INFO - authentication against PAM
service »x2gobroker« succeeded for user »mathias«
2013-10-13 09:41:31,652 - broker - DEBUG -
base_broker.X2GoBroker.check_access(): result of authentication check
is: True
2013-10-13 09:41:31,659 - broker - DEBUG -
base_broker.X2GoBroker.get_agent_query_mode(): found
default-agent-query-mode in global config section: none
I am not sure how the mechanism works so that the client can log in
using pub key as a user for whom no ssh public key was installed, so I
need your help.
cheers
Mathias
More information about the x2go-user
mailing list