<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>
<div>Hi Nick,</div>
<div> </div>
<div>Thanks for you mail. I checked the page. I have already set up a working two-factor-authentication, it isn't based on the Radius module but on RSA's own PAM module. It works with normal SSH nicely, but it has problems with x2goclient. I sent a post earlier: it seems that the authentication doesn't directed to the RSA module, but it is somewhat forced to use the "password" method just like when an ssh connection is initiated using the "-o PreferredAuthentications=password" option.</div>
<div> </div>
<div>Swizzly</div>
<div>
<div name="quote" style="margin: 10px 5px 5px 10px; padding: 10px 0px 10px 10px; border-left-color: rgb(195, 217, 229); border-left-width: 2px; border-left-style: solid; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin: 0px 0px 10px;"><b>Gesendet:</b> Freitag, 13. März 2015 um 21:40 Uhr<br/>
<b>Von:</b> "Nick Owen" <nowen@wikidsystems.com><br/>
<b>An:</b> "Mihai Moldovan" <ionic@ionic.de><br/>
<b>Cc:</b> "swizz ly" <swizz.ly@gmx.ch>, "x2go-user@lists.x2go.org" <x2go-user@lists.x2go.org><br/>
<b>Betreff:</b> Re: [X2Go-User] X2Go Two-factor-authentication with SecurID</div>
<div name="quoted-content">I can't speak to the RSA pam plugin, but I know that X2Go works with<br/>
OTPs using pam-radius. You can see this:<br/>
<a href="http://wiki.x2go.org/doku.php/doc:deployment-stories:wikid" target="_blank">http://wiki.x2go.org/doku.php/doc:deployment-stories:wikid</a>.<br/>
<br/>
(Better to use the standard protocol for easier switching too.)<br/>
<br/>
HTH,<br/>
<br/>
Nick<br/>
<br/>
On Fri, Mar 13, 2015 at 12:12 PM, Mihai Moldovan <ionic@ionic.de> wrote:<br/>
> Hi,<br/>
><br/>
><br/>
> On 13.03.2015 02:48 PM, swizz ly wrote:<br/>
>> [...]<br/>
>> In case of the x2goclient-cli Perl script, that comes with the<br/>
>> x2goclient source, I found, that for a single x2go connection several<br/>
>> (3-4x?) SSH connections are made in the background. In case of SecurID<br/>
>> RSA, only the first SSH connection can work with a given PASSCODE, it<br/>
>> is accepted only at the first SSH connection.<br/>
>> Perhaps the normal x2goclient behaves the same way: it tries to<br/>
>> connect using the same PASSCODE several times, and this could be the<br/>
>> cause of the problem.<br/>
><br/>
> Well, the answer is a little bit complicated.<br/>
><br/>
> Yes, it behaves exactly the same way. Several programs are started<br/>
> server side.<br/>
><br/>
> This includes session discovery and of course starting a new session or<br/>
> resuming it.<br/>
><br/>
> For that, a new connection is established via libssh. This connection is<br/>
> authenticated by any means provided: password, key, or<br/>
> keyboard-interactive (i.e., SecurID.)<br/>
><br/>
> This said, libssh uses channels for spawning new commands/shells. These<br/>
> channels do NO authentication but use the established main connection.<br/>
><br/>
> X2Go Client should only open up one connection and then use multiple<br/>
> channels over the already authenticated connection for doing its work.<br/>
><br/>
> Is it really not and instead opening up multiple connections?<br/>
><br/>
><br/>
><br/>
> Mihai<br/>
><br/>
><br/>
> _______________________________________________<br/>
> x2go-user mailing list<br/>
> x2go-user@lists.x2go.org<br/>
> <a href="http://lists.x2go.org/listinfo/x2go-user" target="_blank">http://lists.x2go.org/listinfo/x2go-user</a><br/>
<br/>
<br/>
<br/>
--<br/>
Nick Owen -- WiKID Systems, Inc.<br/>
<a href="http://www.wikidsystems.com" target="_blank">http://www.wikidsystems.com</a><br/>
Commercial/Open Source Two-Factor Authentication<br/>
<a href="http://twitter.com/wikidsystems" target="_blank">http://twitter.com/wikidsystems</a> | #wikid on freenode.net<br/>
Get our low-volume newsletter - Notices, updates : <a href="http://eepurl.com/zzUeP" target="_blank">http://eepurl.com/zzUeP</a></div>
</div>
</div>
</div></div></body></html>