<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi !<br>
<br>
After a long time, sharing folder works on HP T620.<br>
<br>
On the t620 :<br>
* activate SSH server :<br>
* /usr/bin/mclient set root/sshd/enabled 1<br>
* /usr/bin/mcleint set root/sshd/userAccess 1<br>
* /usr/bin/mclient commit<br>
* /usr/share/manticore/plugins/sshd/wrappers/apply.s<wbr>h
root/sshd<br>
<br>
* put a sshd_config file like (it come from an ubuntu server
config, perhaps is it possible to optimize it) :<br>
<br>
# What ports, IPs and protocols we listen for<br>
Port 22<br>
# Use these options to restrict which interfaces/protocols sshd will
bind to<br>
#ListenAddress ::<br>
#ListenAddress 0.0.0.0<br>
Protocol 2<br>
# HostKeys for protocol version 2<br>
HostKey /etc/ssh/ssh_host_rsa_key<br>
HostKey /etc/ssh/ssh_host_dsa_key<br>
HostKey /etc/ssh/ssh_host_ecdsa_key<br>
HostKey /etc/ssh/ssh_host_ed25519_key<br>
#Privilege Separation is turned on for security<br>
UsePrivilegeSeparation yes<br>
<br>
# Lifetime and size of ephemeral version 1 server key<br>
KeyRegenerationInterval 3600<br>
ServerKeyBits 1024<br>
<br>
# Logging<br>
SyslogFacility AUTH<br>
LogLevel INFO<br>
<br>
# Authentication:<br>
LoginGraceTime 120<br>
PermitRootLogin without-password<br>
StrictModes yes<br>
<br>
RSAAuthentication yes<br>
PubkeyAuthentication yes<br>
#AuthorizedKeysFile %h/.ssh/authorized_keys<br>
<br>
# Don't read the user's ~/.rhosts and ~/.shosts files<br>
IgnoreRhosts yes<br>
# For this to work you will also need host keys in
/etc/ssh_known_hosts<br>
RhostsRSAAuthentication no<br>
# similar for protocol version 2<br>
HostbasedAuthentication no<br>
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication<br>
#IgnoreUserKnownHosts yes<br>
<br>
# To enable empty passwords, change to yes (NOT RECOMMENDED)<br>
PermitEmptyPasswords no<br>
<br>
# Change to yes to enable challenge-response passwords (beware
issues with<br>
# some PAM modules and threads)<br>
ChallengeResponseAuthentication no<br>
<br>
# Change to no to disable tunnelled clear text passwords<br>
#PasswordAuthentication yes<br>
<br>
# Kerberos options<br>
#KerberosAuthentication no<br>
#KerberosGetAFSToken no<br>
#KerberosOrLocalPasswd yes<br>
#KerberosTicketCleanup yes<br>
<br>
# GSSAPI options<br>
#GSSAPIAuthentication no<br>
#GSSAPICleanupCredentials yes<br>
<br>
X11Forwarding yes<br>
X11DisplayOffset 10<br>
PrintMotd no<br>
PrintLastLog yes<br>
TCPKeepAlive yes<br>
#UseLogin no<br>
<br>
#MaxStartups 10:30:60<br>
#Banner /etc/issue.net<br>
<br>
# Allow client to pass locale environment variables<br>
AcceptEnv LANG LC_*<br>
<br>
Subsystem sftp /usr/lib/openssh/sftp-server<br>
<br>
# Set this to 'yes' to enable PAM authentication, account
processing,<br>
# and session processing. If this is enabled, PAM authentication
will<br>
# be allowed through the ChallengeResponseAuthentication and<br>
# PasswordAuthentication. Depending on your PAM configuration,<br>
# PAM authentication via ChallengeResponseAuthentication may bypass<br>
# the setting of "PermitRootLogin without-password".<br>
# If you just want the PAM account and session checks to run without<br>
# PAM authentication, then enable this but set
PasswordAuthentication<br>
# and ChallengeResponseAuthentication to 'no'.<br>
UsePAM yes<br>
DenyUsers<br>
<br>
Hope it's help anyone<br>
<br>
Regards<br>
<br>
Franck<br>
<br>
<div class="moz-cite-prefix">Le 19/10/2016 08:51, "> BOTZ Franck
(Administrateur Systèmes et Réseaux) - DDT 67/SIDSIC/Pôle Infra
(par Internet, dépôt <a class="moz-txt-link-abbreviated" href="mailto:x2go-user-bounces@lists.x2go.org">x2go-user-bounces@lists.x2go.org</a>)" a écrit :<br>
</div>
<blockquote cite="mid:580717DD.8040206@bas-rhin.gouv.fr" type="cite">Hi
!
<br>
<br>
So, there is my configuration :
<br>
<br>
Terminal
<br>
Hardware : HP t620
<br>
HP Thinpro (ubuntu 14.04 base)
<br>
x2goclient 4.0.5.3
<br>
<br>
Broker
<br>
Ubuntu server 16.04 64 LTS
<br>
python-x2gobroker 0.0.3.1-0~934~ubuntu16.04.1
all X2Go Session Broker (Python modules)
<br>
x2gobroker 0.0.3.1-0~934~ubuntu16.04.1
all X2Go Session Broker (executable)
<br>
x2gobroker-loadchecker 0.0.3.1-0~934~ubuntu16.04.1 all
X2Go Session Broker (load checker service)
<br>
x2gobroker-ssh 0.0.3.1-0~934~ubuntu16.04.1
amd64 X2Go Session Broker (SSH broker)
<br>
<br>
Server :
<br>
Ubuntu Desktop 16.04 64 LTS
<br>
libx2go-log-perl 4.1.0.0-0~1359~ubuntu16.04.1 all Perl
X2Go::Log package
<br>
libx2go-server-db-per 4.1.0.0-0~1359~ubuntu16.04.1 amd64
Perl X2Go::Server:DB package
<br>
libx2go-server-perl 4.1.0.0-0~1359~ubuntu16.04.1 all Perl
X2Go::Server package
<br>
x2goagent 2:3.5.0.33-0~687~ubuntu16.04.1 all X2Go agent
<br>
x2gobroker-agent 0.0.3.1-0~934~ubuntu16.04.1 amd64 X2Go
Session Broker (remote agent)
<br>
x2goclient 4.0.5.1-0~1103~ubuntu12.04.1 amd64 X2Go Client
application (Qt4)
<br>
x2goserver 4.1.0.0-0~1359~ubuntu16.04.1 amd64 X2Go server
daemon scripts
<br>
x2goserver-common 4.1.0.0-0~1359~ubuntu16.04.1 amd64 X2Go
Server (common files)
<br>
x2goserver-extensions 4.1.0.0-0~1359~ubuntu16.04.1 all
X2Go Server (extension support)
<br>
x2goserver-fmbindings 4.1.0.0-0~1359~ubuntu16.04.1 all
X2Go Server (file manager bindings)
<br>
x2goserver-printing 4.1.0.0-0~1359~ubuntu16.04.1 all X2Go
server (printing support)
<br>
x2goserver-xsession 4.1.0.0-0~1359~ubuntu16.04.1
<br>
<br>
I can connect from my t620 to the server trough the broker. I can
resum/suspend a session. The system is functionnal.
<br>
<br>
My next step is sharing a folder on the t620 (the folder used to
mount a mass storage /tmp/tmpfs/media and access to it from the
session open on the server.
<br>
<br>
On the broker, my x2gobroker-sessionprofiles.conf :
<br>
[DEFAULT]
<br>
defsndport=true
<br>
useiconv=false
<br>
iconvfrom=UTF-8
<br>
#height=600
<br>
export=
<br>
quality=9
<br>
#fullscreen=true
<br>
#layout=
<br>
#model=
<br>
useexports=true
<br>
#width=800
<br>
speed=2
<br>
soundsystem=pulse
<br>
print=false
<br>
sndport=4713
<br>
xinerama=true
<br>
variant=
<br>
usekbd=true
<br>
fstunnel=true
<br>
applications=
<br>
multidisp=false
<br>
sshproxyport=22
<br>
sound=true
<br>
rootless=true
<br>
iconvto=UTF-8
<br>
soundtunnel=true
<br>
dpi=96
<br>
sshport=22
<br>
setdpi=0
<br>
pack=16m-jpeg
<br>
directrdp=false
<br>
user=
<br>
<br>
[xfce]
<br>
host=x2go-server-01 (10.0.0.1)
<br>
name=XFCE
<br>
command=XFCE
<br>
type=auto
<br>
fullscreen=true
<br>
xinerama=false
<br>
export="/tmp/tmpfs/media:1"
<br>
broker-session-autologin=false
<br>
usebrokerpass=true
<br>
<br>
As you can see, in the xfce section, I export the
"/tmp/tmpfs/media:1" directory.
<br>
<br>
On the t620 my mass storage is mounted on
/tmp/tmpfs/media/SomeUsbStick and I access it with the user who
launch the x2goclient.
<br>
<br>
When the session openned I see on the server :
<br>
* the time to open session is longer with the export directive
<br>
* the media directory appears is home directory
<br>
* the media contained disk/_tmp_tmpfs_media directory
<br>
* When I list _tmp_tmpfs_media i have "permission denied"
<br>
* the mount command let me see (but brievely) a line like
<a class="moz-txt-link-abbreviated" href="mailto:user@127.0.0.1">user@127.0.0.1</a> ...
<br>
* the trash disappear
<br>
<br>
So what can I do to access to my USB mass storage stick ?
<br>
<br>
Sincerly
<br>
<br>
Franck
<br>
_______________________________________________
<br>
x2go-user mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:x2go-user@lists.x2go.org">x2go-user@lists.x2go.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.x2go.org/listinfo/x2go-user">http://lists.x2go.org/listinfo/x2go-user</a>
<br>
<br>
</blockquote>
<br>
</body>
</html>