[X2Go-User] Problems with broker-session-autologin

Mathias Ewald mathias.ewald at vxpertise.net
Sun Oct 13 15:08:14 CEST 2013


Hi everyone,

the way I understand the broker-session-autologin feature as described 
on 
http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:loadbalancing?s[]=autologin 
is that a user will not have to type username and password to the x2go 
server machine he is logging in to.


Therefore we create an SSH key pair on the broker with

x2gobroker-keygen

and then import it on the X2go server with x2gobroker-agent installed using

x2gobroker-pubkeyauthorizer --broker-url 
http(s)://<broker-server>:<port>/<basepatch>/pubkeys/


It looks like step 1 worked fine:

x2gobroker at x2gobroker:~$ ls -l .ssh
total 12
-rw------- 1 x2gobroker x2gobroker 1683 Oct 13 07:26 id_rsa
-rw-r--r-- 1 x2gobroker x2gobroker  380 Oct 13 07:26 id_rsa.pub
-rw-r--r-- 1 x2gobroker x2gobroker  222 Oct 13 07:34 known_hosts
x2gobroker at x2gobroker:~$

On the desktop (x2go server) the key was imported:

root at desktop:~# ls -l /var/lib/x2gobroker/.ssh/
total 4
-rw-r--r-- 1 x2gobroker x2gobroker 422 Okt 13 13:30 authorized_keys
root at desktop:~# cat /var/lib/x2gobroker/.ssh/authorized_keys
ssh-rsa 
AAAAB3NzaC1yc2EAAAADAQABAAABAQDBHBNRsjCy80ihzJmKxK7I3Gfn8FMlr+I8MyLbZbMHBdlKhHnAP2qm2AfsWwJa2hP62RgS2Ussxk0d9b7pLe43GfS3xcZR6+/YPSYblFqmTx2NPTV9A8ycG0wGr/RYh6qgWOTBlPoyGbZeFa538iSt/6iNNln+fbFBOwmTDi+UondjVovIhERAC96tFMVLQdRg+4vMViOZkUdmn2+7VVpeYEAmdNPtXd8fluSYYLZo8D8RFPn8IHf3LWr6OXpos/7AOglsxJy2A3EtEkif7boKHV7XyRviKsamahhuNTw1HelbZvr8eAB/TPKWI80giszKPz+1H8PFU4KM2paB8T9f 
x2gobroker at x2gobroker.***************
root at desktop:~#

With a session of this configuration

[vs55-dev-mathias]
setsessiontitle=true
krblogin=false
pack=16m-jpeg
quality=9
speed=2
usesshproxy=true
sshproxytype=SSH
sshproxyhost=88.198.244.99
sshproxyport=22
sshproxyautologin=false
sshproxysamepass=false
sshproxysameuser=false
width=800
height=600
dpi=96
fullscreen=false
maxdim=false
multidisp=false
xinerama=false
usekbd=true
sound=false
soundtunnel=false
defsndport=false
soundsystem=none
startsoundsystem=false
useexports=false
useiconv=false
iconvform=UTF-8
iconvto=UTF-8
fstunnel=true
print=false
usemimebox=false
mimeboxaction=OPEN
autostart=false
xdmcpserver=localhost
command=XFCE4
published=false
sessiontitle=vXLT - vSphere 5.5 Dev
host=10.173.20.16
user=student0
name=vSphere 5.5 Dev
command=XFCE
sshproxyuser=mathias
sshproxysameuser=false
acl-groups-allow=mathias
acl-groups-deny=ALL
acl-clients-allow=ALL
acl-any-order=deny-allow
broker-session-autologin=true

I would assume I did everything as described in the link above but here 
is what happens:

1) x2goclient --broker-url ....
2) session profiles received
3) click session above
4) enter password to ssh proxy
5) get window with title "student0 at 10.173.20.16" and text "Enter 
password to decrypt key"

Now which password?? I didn't set any...

In the meantime, x2goclient logs this:

x2go-DEBUG-../onmainwindow.cpp:2160> Reading 3 sessions from config file.
x2go-DEBUG-../onmainwindow.cpp:2757> Starting session with key.
x2go-DEBUG-../httpbrokerclient.cpp:459> cmd request answer: "Access 
granted SERVER:10.173.20.16:22"
x2go-DEBUG-../httpbrokerclient.cpp:441> parsing "Access granted 
SERVER:10.173.20.16:22"
x2go-DEBUG-../httpbrokerclient.cpp:480> starting parser
x2go-DEBUG-../httpbrokerclient.cpp:499> server IP: "10.173.20.16"
x2go-DEBUG-../httpbrokerclient.cpp:500> server port: "22"
x2go-DEBUG-../httpbrokerclient.cpp:507> parsing has finished
x2go-DEBUG-../onmainwindow.cpp:1165> Removing apps from tray
x2go-DEBUG-../onmainwindow.cpp:3307> Server: "10.173.20.16"
x2go-INFO-8> "Starting connection to server: 10.173.20.16:22"
x2go-DEBUG-../onmainwindow.cpp:2796> Start new ssh connection to 
server:"10.173.20.16":"22" krbLogin: false
x2go-DEBUG-../httpbrokerclient.cpp:518> sslError ,code:"The host name 
did not match any of the valid hosts for this certificate":
x2go-DEBUG-../httpbrokerclient.cpp:518> sslError ,code:"The certificate 
is self-signed, and untrusted":
x2go-DEBUG-../httpbrokerclient.cpp:459> cmd request answer: "Access 
granted SERVER:10.173.20.16:22"
x2go-DEBUG-../httpbrokerclient.cpp:441> parsing "Access granted 
SERVER:10.173.20.16:22"
x2go-DEBUG-../httpbrokerclient.cpp:480> starting parser
x2go-DEBUG-../httpbrokerclient.cpp:499> server IP: "10.173.20.16"
x2go-DEBUG-../httpbrokerclient.cpp:500> server port: "22"
x2go-DEBUG-../httpbrokerclient.cpp:507> parsing has finished
x2go-DEBUG-../onmainwindow.cpp:1165> Removing apps from tray
x2go-DEBUG-../onmainwindow.cpp:3307> Server: "10.173.20.16"
x2go-INFO-8> "Starting connection to server: 10.173.20.16:22"
x2go-DEBUG-../onmainwindow.cpp:2796> Start new ssh connection to 
server:"10.173.20.16":"22" krbLogin: false
x2go-DEBUG-../onmainwindow.cpp:2891> SSH connection established.
x2go-DEBUG-../onmainwindow.cpp:3117> Continue normal x2go session
x2go-DEBUG-../onmainwindow.cpp:3497> "Session data: "
x2go-DEBUG-../onmainwindow.cpp:3500> Starting new managed session.
x2go-DEBUG-../onmainwindow.cpp:1165> Removing apps from tray
x2go-DEBUG-../onmainwindow.cpp:3940> Executing remote command: 
"x2gostartagent 800x600 adsl 16m-jpeg-9 unix-kde-depth_24 us auto 1 D XFCE"
x2go-DEBUG-../onmainwindow.cpp:1423> Close event received.
x2go-INFO-6> "Closing x2goclient..."
x2go-DEBUG-../onmainwindow.cpp:1276> Saving settings...
x2go-DEBUG-../onmainwindow.cpp:1285> Saved  settings.
x2go-DEBUG-../onmainwindow.cpp:1307> Waiting for the SSH connection to 
finish...
x2go-DEBUG-../onmainwindow.cpp:1309> Waited  for the SSH connection to 
finish.
x2go-INFO-7> "Closed  x2goclient."



x2gobroker shows this in the logs:

root at x2gobroker:~# tail -n 0 -f /var/log/x2gobroker/*
==> /var/log/x2gobroker/access.log <==

==> /var/log/x2gobroker/access.log.1 <==

==> /var/log/x2gobroker/access.log.2.gz <==

==> /var/log/x2gobroker/authservice.log <==

==> /var/log/x2gobroker/authservice.log.1 <==

==> /var/log/x2gobroker/authservice.log.2.gz <==

==> /var/log/x2gobroker/broker.log <==

==> /var/log/x2gobroker/broker.log.1 <==

==> /var/log/x2gobroker/broker.log.2.gz <==

==> /var/log/x2gobroker/error.log <==

==> /var/log/x2gobroker/error.log.1 <==

==> /var/log/x2gobroker/wsgi.log <==

==> /var/log/x2gobroker/wsgi.log.2013-10-10_06 <==

==> /var/log/x2gobroker/wsgi.log.2013-10-13_06 <==

==> /var/log/x2gobroker/broker.log <==
2013-10-13 09:41:25,008 - broker - INFO - client address is 87.151.248.112
2013-10-13 09:41:25,008 - broker - DEBUG - username: mathias, password: 
XXXXX, task: listsessions, profile_id: , cookie:
2013-10-13 09:41:25,009 - broker - DEBUG - 
base_broker.X2GoBroker.get_authentication_mechanism(): found 
default-auth-mech in global config section: pam
2013-10-13 09:41:25,010 - broker - DEBUG - 
base_broker.X2GoBroker._do_authenticate(): authenticating user=mathias 
with password=<hidden> against backend=inifile.
2013-10-13 09:41:25,010 - broker - DEBUG - connecting to authentication 
service socket /run/x2gobroker/x2gobroker-authservice.socket
2013-10-13 09:41:25,011 - broker - DEBUG - sending username=mathias, 
password=<hidden>, service=x2gobroker to authentication service
2013-10-13 09:41:25,026 - broker - INFO - authentication against PAM 
service »x2gobroker« succeeded for user »mathias«
2013-10-13 09:41:25,027 - broker - DEBUG - 
base_broker.X2GoBroker.check_access(): result of authentication check 
is: True
2013-10-13 09:41:25,034 - broker - DEBUG - 
base_broker.X2GoBroker.get_session_autologin(): found 
default-session-autologin in global config section: False
2013-10-13 09:41:25,087 - broker - DEBUG - 
base_broker.X2GoBroker.get_agent_query_mode(): found 
default-agent-query-mode in global config section: none
2013-10-13 09:41:25,094 - broker - DEBUG - 
base_broker.X2GoBroker.get_session_autologin(): found 
broker-session-autologin in session profile with ID vs55-dev-mathias: 
true. This one has precendence over the default value.
2013-10-13 09:41:25,144 - broker - DEBUG - 
base_broker.X2GoBroker.get_agent_query_mode(): found 
default-agent-query-mode in global config section: none
2013-10-13 09:41:25,151 - broker - DEBUG - 
base_broker.X2GoBroker.get_session_autologin(): found 
default-session-autologin in global config section: False
2013-10-13 09:41:25,206 - broker - DEBUG - 
base_broker.X2GoBroker.get_session_autologin(): found 
default-session-autologin in global config section: False
2013-10-13 09:41:25,259 - broker - DEBUG - 
base_broker.X2GoBroker.get_agent_query_mode(): found 
default-agent-query-mode in global config section: none
2013-10-13 09:41:31,634 - broker - INFO - client address is 87.151.248.112
2013-10-13 09:41:31,635 - broker - DEBUG - username: mathias, password: 
XXXXX, task: selectsession, profile_id: vs55-dev-mathias, cookie:
2013-10-13 09:41:31,636 - broker - DEBUG - 
base_broker.X2GoBroker.get_authentication_mechanism(): found 
default-auth-mech in global config section: pam
2013-10-13 09:41:31,636 - broker - DEBUG - 
base_broker.X2GoBroker._do_authenticate(): authenticating user=mathias 
with password=<hidden> against backend=inifile.
2013-10-13 09:41:31,636 - broker - DEBUG - connecting to authentication 
service socket /run/x2gobroker/x2gobroker-authservice.socket
2013-10-13 09:41:31,637 - broker - DEBUG - sending username=mathias, 
password=<hidden>, service=x2gobroker to authentication service
2013-10-13 09:41:31,652 - broker - INFO - authentication against PAM 
service »x2gobroker« succeeded for user »mathias«
2013-10-13 09:41:31,652 - broker - DEBUG - 
base_broker.X2GoBroker.check_access(): result of authentication check 
is: True
2013-10-13 09:41:31,659 - broker - DEBUG - 
base_broker.X2GoBroker.get_agent_query_mode(): found 
default-agent-query-mode in global config section: none


I am not sure how the mechanism works so that the client can log in 
using pub key as a user for whom no ssh public key was installed, so I 
need your help.

cheers
Mathias



More information about the x2go-user mailing list