x2go-bugs

x2go-bugs@lists.x2go.org

529 discussions

[Tickets #47] URL broken for new tickets created by mail
by bugs＠x2go.org 01 Mar '11

01 Mar '11

Ticket URL: http://code.x2go.org/horde4/whups/ticket/?id=47 ------------------------------------------------------------------------------ Ticket | 47 Created By | mike.gabriel(a)das-netzwerkteam.de Summary | URL broken for new tickets created by mail Queue | zzz - X2go BUGTRACKER Type | Bug State | Confirmed Priority | 2. Medium Operating System | 10 Owners | ------------------------------------------------------------------------------ mike.gabriel(a)das-netzwerkteam.de (2011-03-01 15:38) wrote: When people send in bug reports or patches via e-mail the ticket URL is broken. The problem is that it does not take HORDE's vhost setup properly into account.

1 0

[Tickets #46] Extra file starts also in dropbox
by bugs＠x2go.org 01 Mar '11

01 Mar '11

Ticket URL: https://code.x2go.org/horde4/whups/ticket/?id=46 ------------------------------------------------------------------------------ Ticket | 46 Created By | dick.kniep(a)lindix.nl Summary | Extra file starts also in dropbox Queue | pyhoca-gui Version | HEAD Type | Bug State | Unconfirmed Priority | 1. Low Operating System | 4 Owners | ------------------------------------------------------------------------------ dick.kniep(a)lindix.nl (2011-03-01 10:23) wrote: The dropbox is used to start files on the client. From our application CVix, we are sending an xls to the dropbox. This starts beautifully ;-) However if one is using openoffice, opening a file also creates a ~lock file. As this lock file is created, it is also opened with a program. Off course this causes confusion with the users.

1 1

[Tickets #42] Printing does not work
by bugs＠x2go.org 01 Mar '11

01 Mar '11

Ticket URL: http://code.x2go.org/horde4/whups/ticket/?id=42 ------------------------------------------------------------------------------ Ticket | 42 Created By | dick.kniep(a)lindix.nl Summary | Printing does not work Queue | pyhoca-gui Version | HEAD Type | Bug State | Unconfirmed Priority | 3. High Operating System | 4 Owners | ------------------------------------------------------------------------------ dick.kniep(a)lindix.nl (2011-02-22 17:33) wrote: When I try to print, no output is generated, even when I use CUPS-x2go. In the logs it indicates that the backend finishes succesful, however no output. Now in pyhoca-gui there is no way to indicate the printcommand that is to be executed. So possibly there is no printcommand configured. How do I specify the printcommand??

1 4

[Tickets #45] Can't use non-ascii-characters in passwords with x2goclient
by bugs＠x2go.org 27 Feb '11

27 Feb '11

Ticket-URL: http://code.x2go.org/horde4/whups/ticket/?id=45 ------------------------------------------------------------------------------ Ticket | 45 Erstellt Von | oongi(a)web.de Zusammenfassung | Can't use non-ascii-characters in passwords with | x2goclient Warteschlange | x2goclient-qt Version | 3.0.1.17 Typ | Bug Status | Unconfirmed Priorität | 1. Low Operating System | Zuständige | ------------------------------------------------------------------------------ oongi(a)web.de (2011-02-27 23:49) hat geschrieben: Hi x2go-developers! x2goclient (3.01-17 with linux and 3.01-18 with win 7) can't establish a connection for a user-account, who uses non-ascii-characters in his password (like "°", "§" and "ü" for example). The message is: "Access denied. Authentication that can continue: publickey,password,keyboard-interactive,hostbased". I belive, that this is a bug in x2goclient, because I can login with this user-account, when I use pyhoca-gui or ssh directly (and no, I didn't typed the password wrong, when using x2goclient). On the server-side is a x2goserver 3.0.1 on Debian lenny (without ldap). Bye oongi

1 0

[Tickets #30] SSH Host Key warning
by bugs＠x2go.org 27 Feb '11

27 Feb '11

Ticket URL: https://code.x2go.org/horde4/whups/ticket/?id=30 ------------------------------------------------------------------------------ Ticket | 30 Created By | mike.gabriel(a)das-netzwerkteam.de Summary | SSH Host Key warning Queue | pyhoca-gui Version | HEAD Type | Enhancement State | New Priority | 1. Low Owners | ------------------------------------------------------------------------------ mike.gabriel(a)das-netzwerkteam.de (2011-02-03 08:19) wrote: PyHoca-GUI requires an SSH host key warning in case the SSH host key of the remote X2go server cannot yet be found in the client user's known_hosts file.

1 3

[Tickets #44] X2go Server script have to explicitly use /bin/bash as interpreter command
by bugs＠x2go.org 26 Feb '11

26 Feb '11

Ticket-URL: http://code.x2go.org/horde4/whups/ticket/?id=44 ------------------------------------------------------------------------------ Ticket | 44 Erstellt Von | mike.gabriel(a)das-netzwerkteam.de Zusammenfassung | X2go Server script have to explicitly use /bin/bash as | interpreter command Warteschlange | x2goserver Version | HEAD Typ | Bug Status | Confirmed Priorität | 1. Low Operating System | Zuständige | ------------------------------------------------------------------------------ mike.gabriel(a)das-netzwerkteam.de (2011-02-26 23:55) hat geschrieben: Replace #!/bin/sh by #!/bin/bash in every X2go server script (unless it's a perl script ;-) ).

1 0

[Tickets #43] x2goprint is broken with x2goserver 3.0.99
by bugs＠x2go.org 25 Feb '11

25 Feb '11

Ticket URL: https://code.x2go.org/horde4/whups/ticket/?id=43 ------------------------------------------------------------------------------ Ticket | 43 Created By | mike.gabriel(a)das-netzwerkteam.de Summary | x2goprint is broken with x2goserver 3.0.99 Queue | x2goprint Version | HEAD Type | Bug State | Unconfirmed Priority | 2. Medium Operating System | 2 Owners | +New Attachment | x2goprint.patch ------------------------------------------------------------------------------ mike.gabriel(a)das-netzwerkteam.de (2011-02-24 22:12) wrote: When using x2goserver 3.0.99 the latest available x2goprint script is broken. The attached patch (a) adds x2godbwrapper to x2goprint (b) allows x2goprint when homes are mounted via NFS (with root_squash or sec=krb5*) Greets, Mike

1 1

[Tickets #25] x2goprint in NFS4/Kerberos environments
by bugs＠x2go.org 25 Feb '11

25 Feb '11

Ticket-URL: http://code.x2go.org/horde4/whups/ticket/?id=25 ------------------------------------------------------------------------------ Ticket | 25 Erstellt Von | mike.gabriel(a)das-netzwerkteam.de Zusammenfassung | x2goprint in NFS4/Kerberos environments Warteschlange | x2goprint Version | HEAD Typ | Bug Status | Unconfirmed Priorität | 1. Low Zuständige | ------------------------------------------------------------------------------ mike.gabriel(a)das-netzwerkteam.de (2011-02-02 13:26) hat geschrieben: x2goprint uses sudo to place PDF (print queue) files as user root into the home directory of the server-side user. If the user's home directory is mounted via NFS4/Krb5 (sec=krb5i or sec=krb5p), the superuser root cannot access the user's home directory. Thus, the x2goprint jobs cannot be placed into the user's home dir and x2goprint will fail.

1 3

[Tickets #39] Bug in dropbox
by bugs＠x2go.org 23 Feb '11

23 Feb '11

Ticket URL: http://code.x2go.org/horde4/whups/ticket/?id=39 ------------------------------------------------------------------------------ Ticket | 39 Created By | dick.kniep(a)lindix.nl Summary | Bug in dropbox Queue | pyhoca-gui Version | HEAD Type | Bug State | Unconfirmed Priority | 1. Low Operating System | 4 Owners | ------------------------------------------------------------------------------ dick.kniep(a)lindix.nl (2011-02-22 15:33) wrote: I have taken a look at the code and it looks like the object is not what you expect, but I do not immediately see what is going wrong opgwrapper insertmount dick-53-1298383001_stRTERMINAL_dp24 "/tmp/dick_media/disk/_home_dick" 127.0.0.1', 'result: INSERT 0 1', 'inserted,', 'sshfs -o IdentityFile=/home/dick/.x2go/ssh/key.z29045,UserKnownHostsFile=/home/dick/.x2go/ssh/key.z29045.ident dick(a)127.0.0.1:"/home/dick" "/tmp/dick_media/disk/_home_dick" -p 30003', 'mount /home/dick ok', 'fname: /home/dick/Desktop/_home_dick(sshfs-disk)', ''] pyhoca-gui[26132] (x2godropboxqueue-pylib) NOTICE: processing incoming X2go dropbox job: dick_groepen.xls Exception in thread Thread-18: Traceback (most recent call last): File "/usr/lib/python2.6/threading.py", line 532, in __bootstrap_inner self.run() File "/usr/lib/python2.6/threading.py", line 484, in run self.__target(*self.__args, **self.__kwargs) File "/home/dick/x2go/pyhoca-gui/x2go/dropbox.py", line 214, in x2go_dropboxjob_handler dropbox_action.profile_name = parent_thread.profile_name AttributeError: 'unicode' object has no attribute 'profile_name'

1 5

[Tickets #41] Security setup
by bugs＠x2go.org 22 Feb '11

22 Feb '11

Ticket URL: http://code.x2go.org/horde4/whups/ticket/?id=41 ------------------------------------------------------------------------------ Ticket | 41 Created By | dick.kniep(a)lindix.nl Summary | Security setup Queue | pyhoca-gui Version | HEAD Type | Enhancement State | New Priority | 2. Medium Owners | ------------------------------------------------------------------------------ dick.kniep(a)lindix.nl (2011-02-22 17:25) wrote: Hi Mike, Included is a description about the way the server can be configured in such a way that the security is OK. In your config it was still possible for a competent user to add a command to the ssh command. With the included config that possibility is also closed. I would suggest that this lindix -> x2go -> (preliminary) report Felix C. Stegerman <flx(a)obfusk.net> 2011-01-18 16:36 -- === TODO === # {{{1 * wrapper * analysis * users, files/dirs, keys, ... * ... meta !!! * bash/perl code quality * bugs * ... # }}}1 -- === Situation (Example) === # {{{1 Provider: lindix Apps: cvix, appX, appY Services: x2goserver [ -> ssh ] === Clients, Users & Apps === # {{{2 Client Users Apps ------ ----- ---- foo alice, bob cvix bar chris, dan cvix baz emma, fred, greg appX User Apps ---- ---- dan appX fred appY # }}}2 === Posix Groups & Users === # {{{2 Group Users ----- ----- x2gotunnel foo, bar, baz x2gousers alice, bob, chris, dan, emma, fred, greg ( x2gosftp alice-sftp, bob-sftp, ... ) ( alice-sftp alice-sftp, alice ) ( bob-sftp bob-sfsp, bob ) ( ... ... ) # }}}2 # }}}1 === CAVEATS === # {{{1 * All configuration examples should be double-checked and tested before being used in a production environment. * It is not clear to me how the various ports/protocols/services are secured. It seems to me that: * Other users (on the client) can access forwarded (server) ports. * Users with server access (e.g. via SSH port forwarding) can access ports used by others. * Unless: port/protocol/service access is authenticated/restricted/controlled. * Unknown: is the X/nx port/service secured (e.g. with xauth)? * Unknown: are the sound/fs/printer/... ports/services secured? * A firewall (e.g. shorewall) may be needed to prevent users from accessing ports used by others. * The rules in /etc/security/access.conf apply to all PAM configurations using pam_access (with the default configuration file), not just SHH. It may therefore be necessary to use separate configuration files. The relevant examples assume that pam_access is used only for SSH (or that the configuration is compatible with all uses of pam_access). See pam_access(8). * ... # }}}1 === Server (Changes) === # {{{1 === SSH (+ PAM) === # {{{2 === Notes === # {{{3 * With a little effort, it is possible to run two instances of sshd: one for normal ssh (administrative) access, and one for x2go. <<See Notes>> # TODO # }}}3 ,----[ /etc/ssh/sshd_config ] # {{{3 >> ->| Port 2222 | Protocol 2 ->| # ListenAddress ... | | HostKey /etc/ssh/ssh_host_rsa_key | HostKey /etc/ssh/ssh_host_dsa_key | | UsePrivilegeSeparation yes | | KeyRegenerationInterval 3600 | ServerKeyBits 768 | | SyslogFacility AUTH | LogLevel INFO | | LoginGraceTime 120 | PermitRootLogin no | StrictModes yes | | RSAAuthentication no | PubkeyAuthentication yes | ->| # AuthorizedKeysFile %h/.ssh/authorized_keys >> ..| AuthorizedKeysFile /etc/ssh-keys/%u/authorized_keys | | IgnoreRhosts yes | RhostsRSAAuthentication no | HostbasedAuthentication no | IgnoreUserKnownHosts yes | | PermitEmptyPasswords no | ChallengeResponseAuthentication no ->| PasswordAuthentication no | >> ->| AllowGroups wheel x2gotunnel x2gousers x2gosftp | ->| X11Forwarding no | X11DisplayOffset 10 | PrintMotd no | PrintLastLog yes | TCPKeepAlive yes | | AcceptEnv LANG LC_* | ->| # Subsystem sftp /usr/lib/openssh/sftp-server >> ..| Subsystem sftp internal-sftp | ->| UsePAM yes | ->| Match Group x2gotunnel ..| AllowTcpForwarding no ..| ForceCommand /bin/false ..| PasswordAuthentication no >> ..| PermitOpen localhost:2222 ..| X11Forwarding no | ->| Match Group x2gousers >> ..| # AllowTcpForwarding no >> ..| ForceCommand /usr/local/bin/x2go-ssh-wrapper ..| PasswordAuthentication yes >> ..| # PermitOpen localhost:30001 localhost:30002 ... ..| X11Forwarding no | ->| Match Group x2gosftp ..| AllowTcpForwarding no >> ..| ChrootDirectory /home/__sftp__/%u ..| ForceCommand internal-sftp ..| PasswordAuthentication yes ..| X11Forwarding no `---- # }}}3 ,----[ /etc/pam.d/sshd ] # {{{3 | ... | | # account required pam_access.so ++| account required pam_access.so | | ... `---- # }}}3 ,----[ /etc/security/access.conf ] # {{{3 | ... | >> ++| + : x2gotunnel : ALL ++| + : x2gousers x2gosftp : localhost | ++| - : ALL EXCEPT wheel : ALL `---- # }}}3 # }}}2 === x2go SSH Wrapper === # {{{2 See <../bin/x2go-ssh-wrapper>. # }}}2 # }}}1 === Analyses === # {{{1 === python-x2go === # {{{2 ... # }}}2 === x2goserver === # {{{2 ,----[ (relevant) files ] # {{{3 | INSTALL ?| debian/README.Debian ?| debian/changelog ?| debian/compat ?| debian/control ?| debian/copyright ?| debian/dirs ?| debian/docs ?| debian/init.d | debian/preinst ?| debian/rules ?| sql | x2gocleansessions | x2gocmdexitmessage | x2gocreatebase.sh | x2gogetservers | x2golistsessions | x2golistsessions_root | x2golistsessions_sql | x2gomountdirs | x2gopgwrapper | x2gopgwrapper_local | x2gopgwrapper_net | x2gopgwrapper_sqlite | x2goresume-session | x2goruncommand ?| x2goserver.conf | x2gosessionlimit | x2goshowblocks | x2gosqlite.sh | x2gostartagent | x2gosuspend-agent | x2gosuspend-session | x2goterminate | x2goterminate-session | x2goumount | x2goumount_session `---- # }}}3 ... # }}}2 # }}}1 === Packages === # {{{1 === Notes === # {{{2 * Dependencies considered extraneous to this report have been omitted. # }}}2 === Server === # {{{2 x2goserver [x2go] -> x2goagent [x2go] -> nxcompext [x2go] -> nxcomp [x2go] -> nxcompshad [x2go] -> sudo, openssh-server, openssh-client [!?], sshfs [!?] # }}}2 === Client === # {{{2 pyhoca-gui [gabriel] -> python-x2go [gabriel] -> nxproxy [x2go] -> nxcomp [x2go] -> python (>= 2.6), python-gevent, python-paramiko, python-cups -> python-argparse, python-notify, python-setproctitle, python-wxtools # }}}2 # }}}1 === Remarks === # {{{1 This report is based on: * Information provided by Dick Kniep. * Searching the Internet. * The sshd_config man page (and others). * My (preliminary) analysis of: Package Version Status ------- ------- ------ python-x2go 0.0.31(-0~nwt1) TODO x2goclient 3.01(-5) Done/Sufficient x2goserver 3.0.1(-5) TODO/Unfinished # }}}1 -- vim: set ft= tw=70 sw=2 sts=2 et fdm=marker:

1 3

← Newer
1
...
46
47
48
49
50
51
52
53
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

x2go-bugs