x2go-commits March 2013

x2go-commits@lists.x2go.org

2 participants
1021 discussions

page changed: wiki:advanced:x2gobroker:start
by wiki-admin＠x2go.org 27 Mar '13

27 Mar '13

A page in your DokuWiki was added or changed. Here are the details: Date : 2013/03/27 16:44 Browser : Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1 IP-Address : 213.178.75.58,10.0.32.50 Hostname : nocatv2.tng.de,10.0.32.50 Old Revision: http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:start?rev=1364400682 New Revision: http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:start Edit Summary: User : sunweaver @@ -11,156 +11,20 @@ ===== How do I use an X2Go Session Broker with X2Go Client ===== If you have access to an X2Go Session Broker, you can launch X2Go Client in broker mode. There are several command line options to configure X2Go Client's broker mode - * ''<nowiki>--</nowiki>broker-name=<name>'': Name of broker to display in X2Go client. This parameter is optional + * ''<nowiki>--broker-name=<name></nowiki>'': Name of broker to display in X2Go client. This parameter is optional. - * ''<nowiki>--broker-url=<protocol>://[username@]<host>[:port]/path</nowiki>'': URL of broker. Protocol is "http", "https" or "ssh". You can specify an username in URL. In this case it will be pasted in authorization dialog of X2Go Client. URL examples are: + * ''<nowiki>--broker-url=<protocol>://[username@]<host>[:port]/path</nowiki>'': URL of session broker. Protocol is either of "http", "https" or "ssh". You can specify a username in URL. In this case it will be pasted into authorization dialog of X2Go Client. URL examples are: * ''<nowiki>--broker-url=https://x2gobroker.org/cgi-bin/x2gobroker.cgi</nowiki>'' * ''<nowiki>--broker-url=ssh://user@x2gobroker.org:22/usr/lib/x2go/x2gobroker.pl</nowiki>'' - * ''<nowiki>--</nowiki>broker-ssh-key=<path to key>'': Path to SSH key to use for authorization on broker. This parameter is - valid only for SSH broker. + * ''<nowiki>--broker-ssh-key=<path to key></nowiki>'': Path to SSH key to use for authorization against SSH broker. This parameter is only valid with SSH brokers. - * ''<nowiki>--</nowiki>broker-autologin'': Use default SSH key or SSH agent for authorization on broker. This - parameter is valid only for SSH broker. + * ''<nowiki>--broker-autologin</nowiki>'': Use default SSH key or SSH agent for authorization against session broker. This + parameter is only valid with SSH brokers. - * ''<nowiki>--</nowiki>broker-noauth'': Do not ask for user credentials for broker authorizations. This can be useful if you using HTTP(S) broker without authentication. Username will be sent to broker if it specified in broker URL. This option is valid - only for HTTP(S) broker. + * ''<nowiki>--broker-noauth</nowiki>'': Do not ask for user credentials during broker authorization. This can be useful if you are using an HTTP(S) broker without authentication.\\ If you run an HTTP(S) server without authentication, but with user-specific profiles, then put the username into the broker URL (see above). The username then will be taken from the broker URL and be sent to the session broker. This option is only valid with HTTP(S) brokers. - - ===== How X2Go broker work ===== - - ==== Authentication ==== - - The X2Go client can use different methods of authentication. - - On HTTP(S) - broker it could be username and password. On SSH broker a SSH key - authentication can also be used. With both types of broker you can - verify additional parameter "authid". It is a user defined string which - is saved in file. Path to file can be specified as X2Go Client command - line option "--auth-id". You can configure your broker not to check user - data as it shown in example above. In such case function checkAccess - should always return 1. In example of SSH-Broker this function is not - called at all. The broker just print "Access granted" to let X2Go Client - know, that authentication is successful. In some setups can make sense - to give access to broker without authentication. For example in LAN if - broker only serve as load balancer for X2Go Servers. - - 2.2. List of predefined X2Go sessions - - After successful authentication on broker, X2Go Client will request list - of predefined X2Go Sessions. This list look just the same as session - file of X2Go Client. The function, that send X2Go sessions to Client - look like: - <code> - sub listSessions - { - print "START_USER_SESSIONS - [ <session 1> ] - option1=value1 - .... - optionN=valueN - [ <session 2> ] - option1=value1 - .... - optionN=valueN - END_USER_SESSIONS "; - } - </code> - The options are the same as in X2Go Client configuration file. There is - only a difference in parameters "host" and "key". And there are two - parameters which are not supported in configuration file "status" and - "usebrokerpass". - The "host" parameter it is not necessary a hostname of X2Go server. The - actual address of a server will be provided after session selection. It - can make sense in a case of load balancing. The best server will be - chosen after selection and sent to client. - The "key" parameter is also ignored. Key can be provided to client after - selection of session too. However, you can set this parameter with some - value to inform the Client, that passwordless authentication should be - tried, for example: "key=will be provided later". - Parameter "usebrokerpass" say, that a user password for this session - should not be asked, but broker password should be used instead. It can - be useful if the broker and X2Go Server using same authentication server - and there is no need to ask the same password twice. It is not - recommended to use such authentication with HTTP Broker without SSL - encryption. - Parameter "status" can be one of two values "S" or "R". It can be used - to say X2Go Client that an instance (or instances) of this session - already running or are suspended on server. X2Go Client will display the - status on the Session button. - - 2.3. Selecting a session - - When predefined sessions are listed in X2Go Client, user can choose a - session from sessions list. The id of chosen session will be sent to - broker and broker send a connection data back to client. It is - responsibility of function "selectSession": - <code> - sub selectSession - { - my ($user, $sid)=@_; - if($sid eq "123456789") - { - print "SERVER:x2goserver.org:22\n"; - } - } - </code> - - This function send a server address and SSH port for X2Go connection. If - no other data are specified a new X2Go session will be created. - Broker can also send to Client information, that suspended session - should be resumed. In this case broker should also send a session data - to Client: - <code> - sub selectSession - { - my ($user, $sid)=@_; - if($sid eq "123456789") - { - print "SERVER:phoca:22\n"; - print - "SESSION_INFO:12542|ncryer-53-1348753256_stDstartxfce4_dp24|53|debian|S|2012-09-27T06:40:57|7db77095d8a782f479d509d96f2e3261|188.195.168.12|30004|30005|2012-09-27T06:41:28|ncryer|285|30006|\n"; - } - </code> - Broker can get this data from session database or by executing - "x2golistsessions $user" on X2Go server. If X2Go Client running in - broker mode, it will not verify if there are existing sessions on X2Go - server. It is a responsibility of X2Go Broker. Broker should also - suspend session before providing session data to client if session is - running. - - The broker can also provide a SSH Key to client: - <code> - sub selectSession - { - my ($user, $sid)=@_; - if($sid eq "123456789") - { - print "SERVER:phoca:22\n"; - print "-----BEGIN DSA PRIVATE KEY----- - Proc-Type: 4,ENCRYPTED - DEK-Info: AES-128-CBC,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - yX7XLwCszCLM1FCYpdIGmM98vuHVcpNlVUBVgNcTxE1XCCnPZPjUXiNnUZPk1lme - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - o1q7Q1YmH43qI18lifjUhGZUTYWKQSsj2Am9bnjqaveV2aMEWymC8J9aJOYLpVZG - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - G1DwWnSRgyJaxRm4Ik0/kh78ioUfkVerXaCf2OKCMyiZBWcsNfvQwDa9MBrZ4rYW - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - VR60OGB7dHy+7ozqkjzuX+uB04GIqPJwG797i26Bo4v7uhbALjMa5qsObqXIPM1S - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - XXXXXXXXXXXXXXXX== - -----END DSA PRIVATE KEY-----"; - } - } - </code> - It can be useful in some cases. It is recommended to transfer such keys - only over encrypted channels. It is also recommended to transfer only - temporary keys, which should be removed from known_hosts after - authorization on X2Go server. -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:advanced:x2gobroker:start
by wiki-admin＠x2go.org 27 Mar '13

27 Mar '13

A page in your DokuWiki was added or changed. Here are the details: Date : 2013/03/27 16:11 Browser : Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1 IP-Address : 213.178.75.58,10.0.32.50 Hostname : nocatv2.tng.de,10.0.32.50 Old Revision: http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:start?rev=1364400647 New Revision: http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:start Edit Summary: User : sunweaver @@ -15,10 +15,10 @@ * ''<nowiki>--</nowiki>broker-name=<name>'': Name of broker to display in X2Go client. This parameter is optional * ''<nowiki>--broker-url=<protocol>://[username@]<host>[:port]/path</nowiki>'': URL of broker. Protocol is "http", "https" or "ssh". You can specify an username in URL. In this case it will be pasted in authorization dialog of X2Go Client. URL examples are: - * ''<nowiki>--</nowiki>broker-url=https://x2gobroker.org/cgi-bin/x2gobroker.cgi'' - * ''<nowiki>--</nowiki>broker-url=ssh://user@x2gobroker.org:22/usr/lib/x2go/x2gobroker.pl'' + * ''<nowiki>--broker-url=https://x2gobroker.org/cgi-bin/x2gobroker.cgi</nowiki>'' + * ''<nowiki>--broker-url=ssh://user@x2gobroker.org:22/usr/lib/x2go/x2gobroker.pl</nowiki>'' * ''<nowiki>--</nowiki>broker-ssh-key=<path to key>'': Path to SSH key to use for authorization on broker. This parameter is valid only for SSH broker. -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:advanced:x2gobroker:start
by wiki-admin＠x2go.org 27 Mar '13

27 Mar '13

A page in your DokuWiki was added or changed. Here are the details: Date : 2013/03/27 16:10 Browser : Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1 IP-Address : 213.178.75.58,10.0.32.50 Hostname : nocatv2.tng.de,10.0.32.50 Old Revision: http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:start?rev=1364400195 New Revision: http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:start Edit Summary: User : sunweaver @@ -11,22 +11,22 @@ ===== How do I use an X2Go Session Broker with X2Go Client ===== If you have access to an X2Go Session Broker, you can launch X2Go Client in broker mode. There are several command line options to configure X2Go Client's broker mode - * ''--broker-name=<name>'': Name of broker to display in X2Go client. This parameter is optional + * ''<nowiki>--</nowiki>broker-name=<name>'': Name of broker to display in X2Go client. This parameter is optional - * ''--broker-url=<protocol>://[username@]<host>[:port]/path'': URL of broker. Protocol is "http", "https" or "ssh". You can specify an username in URL. In this case it will be pasted in authorization dialog of X2Go Client. URL examples are: + * ''<nowiki>--broker-url=<protocol>://[username@]<host>[:port]/path</nowiki>'': URL of broker. Protocol is "http", "https" or "ssh". You can specify an username in URL. In this case it will be pasted in authorization dialog of X2Go Client. URL examples are: - * ''--broker-url=https://x2gobroker.org/cgi-bin/x2gobroker.cgi'' - * ''--broker-url=ssh://user@x2gobroker.org:22/usr/lib/x2go/x2gobroker.pl'' + * ''<nowiki>--</nowiki>broker-url=https://x2gobroker.org/cgi-bin/x2gobroker.cgi'' + * ''<nowiki>--</nowiki>broker-url=ssh://user@x2gobroker.org:22/usr/lib/x2go/x2gobroker.pl'' - * ''--broker-ssh-key=<path to key>'': Path to SSH key to use for authorization on broker. This parameter is + * ''<nowiki>--</nowiki>broker-ssh-key=<path to key>'': Path to SSH key to use for authorization on broker. This parameter is valid only for SSH broker. - * ''--broker-autologin'': Use default SSH key or SSH agent for authorization on broker. This + * ''<nowiki>--</nowiki>broker-autologin'': Use default SSH key or SSH agent for authorization on broker. This parameter is valid only for SSH broker. - * ''--broker-noauth'': Do not ask for user credentials for broker authorizations. This can be useful if you using HTTP(S) broker without authentication. Username will be sent to broker if it specified in broker URL. This option is valid + * ''<nowiki>--</nowiki>broker-noauth'': Do not ask for user credentials for broker authorizations. This can be useful if you using HTTP(S) broker without authentication. Username will be sent to broker if it specified in broker URL. This option is valid only for HTTP(S) broker. ===== How X2Go broker work ===== -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:advanced:x2gobroker:start
by wiki-admin＠x2go.org 27 Mar '13

27 Mar '13

A page in your DokuWiki was added or changed. Here are the details: Date : 2013/03/27 16:03 Browser : Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1 IP-Address : 213.178.75.58,10.0.32.50 Hostname : nocatv2.tng.de,10.0.32.50 Old Revision: http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:start?rev=1364399936 New Revision: http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:start Edit Summary: User : sunweaver @@ -11,46 +11,32 @@ ===== How do I use an X2Go Session Broker with X2Go Client ===== If you have access to an X2Go Session Broker, you can launch X2Go Client in broker mode. There are several command line options to configure X2Go Client's broker mode - * --broker-name=<name> - Name of broker to display in X2Go client. This parameter is optional + * ''--broker-name=<name>'': Name of broker to display in X2Go client. This parameter is optional - * --broker-url=<protocol>://[username@]<host>[:port]/path - URL of broker. Protocol is "http", "https" or "ssh". You can specify an - username in URL. In this case it will be pasted in authorization dialog - of X2Go Client. Examples of URL: + * ''--broker-url=<protocol>://[username@]<host>[:port]/path'': URL of broker. Protocol is "http", "https" or "ssh". You can specify an username in URL. In this case it will be pasted in authorization dialog of X2Go Client. URL examples are: - --broker-url=https://x2gobroker.org/cgi-bin/x2gobroker.cgi - --broker-url=ssh://user@x2gobroker.org:22/usr/lib/x2go/x2gobroker.pl + * ''--broker-url=https://x2gobroker.org/cgi-bin/x2gobroker.cgi'' + * ''--broker-url=ssh://user@x2gobroker.org:22/usr/lib/x2go/x2gobroker.pl'' - --broker-ssh-key=<path to key> - - Path to SSH key to use for authorization on broker. This parameter is + * ''--broker-ssh-key=<path to key>'': Path to SSH key to use for authorization on broker. This parameter is valid only for SSH broker. - --broker-autologin - - Use default SSH key or SSH agent for authorization on broker. This + * ''--broker-autologin'': Use default SSH key or SSH agent for authorization on broker. This parameter is valid only for SSH broker. - --broker-noauth - - Do not ask for user credentials for broker authorizations. This can be - useful if you using HTTP(S) broker without authentication. Username will - be sent to broker if it specified in broker URL. This option is valid + * ''--broker-noauth'': Do not ask for user credentials for broker authorizations. This can be useful if you using HTTP(S) broker without authentication. Username will be sent to broker if it specified in broker URL. This option is valid only for HTTP(S) broker. + ===== How X2Go broker work ===== + ==== Authentication ==== + The X2Go client can use different methods of authentication. - - 2. How X2Go broker work - - 2.1. Authentication - - The X2Go client can use different methods of authentication. On HTTP(S) + On HTTP(S) broker it could be username and password. On SSH broker a SSH key authentication can also be used. With both types of broker you can verify additional parameter "authid". It is a user defined string which is saved in file. Path to file can be specified as X2Go Client command -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:advanced:x2gobroker:start
by wiki-admin＠x2go.org 27 Mar '13

27 Mar '13

A page in your DokuWiki was added or changed. Here are the details: Date : 2013/03/27 15:58 Browser : Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1 IP-Address : 213.178.75.58,10.0.32.50 Hostname : nocatv2.tng.de,10.0.32.50 Old Revision: http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:start?rev=1364332396 New Revision: http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:start Edit Summary: User : sunweaver @@ -1,7 +1,180 @@ ====== X2Go Session Broker ====== ===== What is X2Go Session Broker ===== - Soon to come... Stay tuned!!! + Most of you have already used X2Go Client in standalone mode. X2Go Client in standalone mode allows to be configured by the user himself. Normally, the user creates a set of session profiles that allow the user to work remotely on one or more X2Go Servers. See the documentation that explains [[doc:usage:x2goclient|the usage of X2Go Client]]. + + When X2Go Client is run in broker mode, then it does not allow the local definition of session profiles. The list of session profiles gets provided by the X2Go Session Broker. A session broker is either a HTTP(s) server or an SSH server. + + The implementations of the X2Go Session Broker can be manifold as long as the returned result is interpretable by X2Go Client. + + ===== How do I use an X2Go Session Broker with X2Go Client ===== + + If you have access to an X2Go Session Broker, you can launch X2Go Client in broker mode. There are several command line options to configure X2Go Client's broker mode + + * --broker-name=<name> + Name of broker to display in X2Go client. This parameter is optional + + * --broker-url=<protocol>://[username@]<host>[:port]/path + URL of broker. Protocol is "http", "https" or "ssh". You can specify an + username in URL. In this case it will be pasted in authorization dialog + of X2Go Client. Examples of URL: + + --broker-url=https://x2gobroker.org/cgi-bin/x2gobroker.cgi + --broker-url=ssh://user@x2gobroker.org:22/usr/lib/x2go/x2gobroker.pl + + --broker-ssh-key=<path to key> + + Path to SSH key to use for authorization on broker. This parameter is + valid only for SSH broker. + + --broker-autologin + + Use default SSH key or SSH agent for authorization on broker. This + parameter is valid only for SSH broker. + + --broker-noauth + + Do not ask for user credentials for broker authorizations. This can be + useful if you using HTTP(S) broker without authentication. Username will + be sent to broker if it specified in broker URL. This option is valid + only for HTTP(S) broker. + + + + + + + 2. How X2Go broker work + + 2.1. Authentication + + The X2Go client can use different methods of authentication. On HTTP(S) + broker it could be username and password. On SSH broker a SSH key + authentication can also be used. With both types of broker you can + verify additional parameter "authid". It is a user defined string which + is saved in file. Path to file can be specified as X2Go Client command + line option "--auth-id". You can configure your broker not to check user + data as it shown in example above. In such case function checkAccess + should always return 1. In example of SSH-Broker this function is not + called at all. The broker just print "Access granted" to let X2Go Client + know, that authentication is successful. In some setups can make sense + to give access to broker without authentication. For example in LAN if + broker only serve as load balancer for X2Go Servers. + + 2.2. List of predefined X2Go sessions + + After successful authentication on broker, X2Go Client will request list + of predefined X2Go Sessions. This list look just the same as session + file of X2Go Client. The function, that send X2Go sessions to Client + look like: + <code> + sub listSessions + { + print "START_USER_SESSIONS + [ <session 1> ] + option1=value1 + .... + optionN=valueN + [ <session 2> ] + option1=value1 + .... + optionN=valueN + END_USER_SESSIONS "; + } + </code> + The options are the same as in X2Go Client configuration file. There is + only a difference in parameters "host" and "key". And there are two + parameters which are not supported in configuration file "status" and + "usebrokerpass". + The "host" parameter it is not necessary a hostname of X2Go server. The + actual address of a server will be provided after session selection. It + can make sense in a case of load balancing. The best server will be + chosen after selection and sent to client. + The "key" parameter is also ignored. Key can be provided to client after + selection of session too. However, you can set this parameter with some + value to inform the Client, that passwordless authentication should be + tried, for example: "key=will be provided later". + Parameter "usebrokerpass" say, that a user password for this session + should not be asked, but broker password should be used instead. It can + be useful if the broker and X2Go Server using same authentication server + and there is no need to ask the same password twice. It is not + recommended to use such authentication with HTTP Broker without SSL + encryption. + Parameter "status" can be one of two values "S" or "R". It can be used + to say X2Go Client that an instance (or instances) of this session + already running or are suspended on server. X2Go Client will display the + status on the Session button. + + 2.3. Selecting a session + + When predefined sessions are listed in X2Go Client, user can choose a + session from sessions list. The id of chosen session will be sent to + broker and broker send a connection data back to client. It is + responsibility of function "selectSession": + <code> + sub selectSession + { + my ($user, $sid)=@_; + if($sid eq "123456789") + { + print "SERVER:x2goserver.org:22\n"; + } + } + </code> + + This function send a server address and SSH port for X2Go connection. If + no other data are specified a new X2Go session will be created. + Broker can also send to Client information, that suspended session + should be resumed. In this case broker should also send a session data + to Client: + <code> + sub selectSession + { + my ($user, $sid)=@_; + if($sid eq "123456789") + { + print "SERVER:phoca:22\n"; + print + "SESSION_INFO:12542|ncryer-53-1348753256_stDstartxfce4_dp24|53|debian|S|2012-09-27T06:40:57|7db77095d8a782f479d509d96f2e3261|188.195.168.12|30004|30005|2012-09-27T06:41:28|ncryer|285|30006|\n"; + } + </code> + Broker can get this data from session database or by executing + "x2golistsessions $user" on X2Go server. If X2Go Client running in + broker mode, it will not verify if there are existing sessions on X2Go + server. It is a responsibility of X2Go Broker. Broker should also + suspend session before providing session data to client if session is + running. + + The broker can also provide a SSH Key to client: + <code> + sub selectSession + { + my ($user, $sid)=@_; + if($sid eq "123456789") + { + print "SERVER:phoca:22\n"; + print "-----BEGIN DSA PRIVATE KEY----- + Proc-Type: 4,ENCRYPTED + DEK-Info: AES-128-CBC,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + yX7XLwCszCLM1FCYpdIGmM98vuHVcpNlVUBVgNcTxE1XCCnPZPjUXiNnUZPk1lme + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + o1q7Q1YmH43qI18lifjUhGZUTYWKQSsj2Am9bnjqaveV2aMEWymC8J9aJOYLpVZG + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + G1DwWnSRgyJaxRm4Ik0/kh78ioUfkVerXaCf2OKCMyiZBWcsNfvQwDa9MBrZ4rYW + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + VR60OGB7dHy+7ozqkjzuX+uB04GIqPJwG797i26Bo4v7uhbALjMa5qsObqXIPM1S + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXX== + -----END DSA PRIVATE KEY-----"; + } + } + </code> + It can be useful in some cases. It is recommended to transfer such keys + only over encrypted channels. It is also recommended to transfer only + temporary keys, which should be removed from known_hosts after + authorization on X2Go server. -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:development:x2gobroker:plaintexprotocol
by wiki-admin＠x2go.org 27 Mar '13

27 Mar '13

A page in your DokuWiki was added or changed. Here are the details: Date : 2013/03/27 15:48 Browser : Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1 IP-Address : 213.178.75.58,10.0.32.50 Hostname : nocatv2.tng.de,10.0.32.50 Old Revision: http://wiki.x2go.org/doku.php/wiki:development:x2gobroker:plaintexprotocol?… New Revision: http://wiki.x2go.org/doku.php/wiki:development:x2gobroker:plaintexprotocol Edit Summary: User : sunweaver @@ -1,7 +1,12 @@ ====== X2Go Session Broker Protocol: Plain Text ====== - //Client implementations: X2Go Client (since 3.x.y.z), Python X2Go (planned for 0.6.x.y)// + //Provided by Oleksandr Shneyder, edited by Mike Gabriel// + + **Client implementations:** + + * X2Go Client (since 3.x.y.z) + * Python X2Go (planned for 0.6.x.y) The X2Go project offers a [[http://code.x2go.org/gitweb?p=x2gobroker.git;a=summary|public X2Go Session Broker implementation]]. However, there also exist several other implementations in large-scale production deployments. In theory, you can implement your own X2Go Session Broker by meeting some basic demands. @@ -14,14 +19,16 @@ - the broker frontend (either of the below): - ''x2gobroker.cgi'' (a CGI script written in Perl -> HTTP based broker) - ''x2gobroker'' (a command line script written in Perl -> SSH based broker) - ===== X2Go Session Broker: The Backend ==== + ===== X2Go Session Broker: an Example Implementation ==== + + ==== Broker Module / Backend ==== The package ''x2gobroker.pm'' can be considered as the broker backend. It has to implement two functions at minimal (names are arbitrary): - * listProfiles - * selectProfile + * listSessions + * selectSessions If you want to use authentication with your session broker, the broker backend also has to provide a function called * checkAccess @@ -33,10 +40,15 @@ use strict; use base 'Exporter'; our @EXPORT = ('checkAccess', 'listSessions', 'selectSession'); - #we have two sessions - sub selectSession + # + # We have two session profiles (hard-coded in this example) + # + # + sid=123456789 + # + sid=abcdefg + # + sub selectProfile { my ($user, $sid)=@_; if($sid eq "123456789") { @@ -46,44 +58,57 @@ { print "SERVER:x2gotest.org:22\n"; } } - #do not check authentication data, - #return true on any - #combination of username/password + + # Do not check authentication data, + # return true on any combination of username/password. + # + # Modify to your needs if you need authentication + sub checkAccess { return 1; } - #configuration for two sessions + + # configuration for our two session profiles + sub listSessions { my $user=shift; - print "START_USER_SESSIONS - [123456789] - name=X2Go Session - command=KDE - host=x2goserver.org - user=$user - [abcdefg] - name= Test X2Go Session 2 - command=startxfce4 - host=x2gotest.org - user=test - END_USER_SESSIONS "; + print "START_USER_SESSIONS + + [123456789] + name=X2Go Session + command=KDE + host=x2goserver.org + user=$user + + [abcdefg] + name= Test X2Go Session 2 + command=XFCE + host=x2gotest.org + user=test + + END_USER_SESSIONS + "; } 1; </code> - ==== CLient side ==== + ==== Broker Frontends ==== - FIXME -> TODO + X2Go Client can access a broker module using one of two broker methods: + + * HTTP(S) + * SSH. + + ==== Broker Frontend: HTTP(s) ==== + + The implementation of an HTTP(S) X2Go Session Broker is usually a CGI script, which can look like this (if written in Perl): - X2Go client can access a broker module using one of two broker methods. - Via HTTP(S) or SSH. - HTTP(S) broker is usually CGI script, which can look like: <code> #!/usr/bin/perl use strict; @@ -94,9 +119,9 @@ my $cgi = new CGI; my @formValues = $cgi->param(); - print $cgi->header(-type =>'text/html', + print $cgi->header(-type =>'text/plain', -expires =>'+1h'), $cgi->start_html( -title =>'X2Go Broker', -author =>'team(a)obviously-nice.de', -base =>'true', @@ -120,24 +145,25 @@ } if ($cgi->param('task') eq 'selectsession') { - selectSession($cgi->param('user'), $cgi->param('sid')); + selectSessions($cgi->param('user'), $cgi->param('sid')); } - $cgi->hr(), $cgi->end_form(); print $cgi->end_html(); sub printNoAccess { print $cgi->start_form(), - $cgi->hr(), $cgi->strong('Access denied'), $cgi->end_form(); } </code> - SSH broker can be a simple Perl script, which can look like: + ==== Broker Frontend: SSH ==== + + An SSH broker implementation can be a simple Perl script that gets run from the command line via SSH. Such a script could look like this: + <code> #!/usr/bin/perl use strict; use lib "/usr/lib/x2go"; @@ -148,22 +174,28 @@ my $authid; my $task; my $sid; - #you don't need to check password on ssh brocker. - #But possible you steel want to check auth id + # + # You don't need to check password on ssh brocker. + # But possible you still want to check auth id + # + #if (!checkAccess($user, $authid) == 1) #{ # printNoAccess(); # exit (0); #} + print "Access granted\n"; GetOptions('task=s' => \$task, 'sid=s' => \$sid); + if(! $task) { die "parameter --task is required"; } + if ($task eq 'listsessions') { listSessions($user); } @@ -178,174 +210,12 @@ else { die "task \"".$task."\" not implemented on broker\n"; } + sub printNoAccess { die 'Access denied'; } </code> - - 2. How X2Go broker work - - 2.1. Authentication - - The X2Go client can use different methods of authentication. On HTTP(S) - broker it could be username and password. On SSH broker a SSH key - authentication can also be used. With both types of broker you can - verify additional parameter "authid". It is a user defined string which - is saved in file. Path to file can be specified as X2Go Client command - line option "--auth-id". You can configure your broker not to check user - data as it shown in example above. In such case function checkAccess - should always return 1. In example of SSH-Broker this function is not - called at all. The broker just print "Access granted" to let X2Go Client - know, that authentication is successful. In some setups can make sense - to give access to broker without authentication. For example in LAN if - broker only serve as load balancer for X2Go Servers. - - 2.2. List of predefined X2Go sessions - - After successful authentication on broker, X2Go Client will request list - of predefined X2Go Sessions. This list look just the same as session - file of X2Go Client. The function, that send X2Go sessions to Client - look like: - <code> - sub listSessions - { - print "START_USER_SESSIONS - [ <session 1> ] - option1=value1 - .... - optionN=valueN - [ <session 2> ] - option1=value1 - .... - optionN=valueN - END_USER_SESSIONS "; - } - </code> - The options are the same as in X2Go Client configuration file. There is - only a difference in parameters "host" and "key". And there are two - parameters which are not supported in configuration file "status" and - "usebrokerpass". - The "host" parameter it is not necessary a hostname of X2Go server. The - actual address of a server will be provided after session selection. It - can make sense in a case of load balancing. The best server will be - chosen after selection and sent to client. - The "key" parameter is also ignored. Key can be provided to client after - selection of session too. However, you can set this parameter with some - value to inform the Client, that passwordless authentication should be - tried, for example: "key=will be provided later". - Parameter "usebrokerpass" say, that a user password for this session - should not be asked, but broker password should be used instead. It can - be useful if the broker and X2Go Server using same authentication server - and there is no need to ask the same password twice. It is not - recommended to use such authentication with HTTP Broker without SSL - encryption. - Parameter "status" can be one of two values "S" or "R". It can be used - to say X2Go Client that an instance (or instances) of this session - already running or are suspended on server. X2Go Client will display the - status on the Session button. - - 2.3. Selecting a session - - When predefined sessions are listed in X2Go Client, user can choose a - session from sessions list. The id of chosen session will be sent to - broker and broker send a connection data back to client. It is - responsibility of function "selectSession": - <code> - sub selectSession - { - my ($user, $sid)=@_; - if($sid eq "123456789") - { - print "SERVER:x2goserver.org:22\n"; - } - } - </code> - - This function send a server address and SSH port for X2Go connection. If - no other data are specified a new X2Go session will be created. - Broker can also send to Client information, that suspended session - should be resumed. In this case broker should also send a session data - to Client: - <code> - sub selectSession - { - my ($user, $sid)=@_; - if($sid eq "123456789") - { - print "SERVER:phoca:22\n"; - print - "SESSION_INFO:12542|ncryer-53-1348753256_stDstartxfce4_dp24|53|debian|S|2012-09-27T06:40:57|7db77095d8a782f479d509d96f2e3261|188.195.168.12|30004|30005|2012-09-27T06:41:28|ncryer|285|30006|\n"; - } - </code> - Broker can get this data from session database or by executing - "x2golistsessions $user" on X2Go server. If X2Go Client running in - broker mode, it will not verify if there are existing sessions on X2Go - server. It is a responsibility of X2Go Broker. Broker should also - suspend session before providing session data to client if session is - running. - - The broker can also provide a SSH Key to client: - <code> - sub selectSession - { - my ($user, $sid)=@_; - if($sid eq "123456789") - { - print "SERVER:phoca:22\n"; - print "-----BEGIN DSA PRIVATE KEY----- - Proc-Type: 4,ENCRYPTED - DEK-Info: AES-128-CBC,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - yX7XLwCszCLM1FCYpdIGmM98vuHVcpNlVUBVgNcTxE1XCCnPZPjUXiNnUZPk1lme - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - o1q7Q1YmH43qI18lifjUhGZUTYWKQSsj2Am9bnjqaveV2aMEWymC8J9aJOYLpVZG - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - G1DwWnSRgyJaxRm4Ik0/kh78ioUfkVerXaCf2OKCMyiZBWcsNfvQwDa9MBrZ4rYW - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - VR60OGB7dHy+7ozqkjzuX+uB04GIqPJwG797i26Bo4v7uhbALjMa5qsObqXIPM1S - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - XXXXXXXXXXXXXXXX== - -----END DSA PRIVATE KEY-----"; - } - } - </code> - It can be useful in some cases. It is recommended to transfer such keys - only over encrypted channels. It is also recommended to transfer only - temporary keys, which should be removed from known_hosts after - authorization on X2Go server. - - 3. Configuring X2Go client for connection to broker - - There are several command line parameters to configure X2Go Client for - use with broker: - - --broker-name=<name> - Name of broker to display in X2Go client. This parameter is optional - - --broker-url=<protocol>://[username@]<host>[:port]/path - URL of broker. Protocol is "http", "https" or "ssh". You can specify an - username in URL. In this case it will be pasted in authorization dialog - of X2Go Client. Examples of URL: - --broker-url=https://x2gobroker.org/cgi-bin/x2gobroker.cgi - --broker-url=ssh://user@x2gobroker.org:22/usr/lib/x2go/x2gobroker.pl - - --broker-ssh-key=<path to key> - Path to SSH key to use for authorization on broker. This parameter is - valid only for SSH broker. - - --broker-autologin - Use default SSH key or SSH agent for authorization on broker. This - parameter is valid only for SSH broker. - - --broker-noauth - Do not ask for user credentials for broker authorizations. This can be - useful if you using HTTP(S) broker without authentication. Username will - be sent to broker if it specified in broker URL. This option is valid - only for HTTP(S) broker. - - -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:advanced:start
by wiki-admin＠x2go.org 27 Mar '13

27 Mar '13

A page in your DokuWiki was added or changed. Here are the details: Date : 2013/03/27 10:49 Browser : Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1 IP-Address : 46.142.186.224 Hostname : 224-186-142-46.pool.kielnet.net Old Revision: http://wiki.x2go.org/doku.php/wiki:advanced:start?rev=1364381156 New Revision: http://wiki.x2go.org/doku.php/wiki:advanced:start Edit Summary: [X2Go Session Broker] User : sunweaver @@ -32,9 +32,9 @@ A session broker is a tool to provide session configurations to an X2Go client machine. The X2Go Session Broker can be an http(s):// server or an ssh:// server. The public X2Go Session Broker implementation is (as of 2013-03-15) rather fresh and certainly needs some more time to mature. * [[wiki:advanced:x2gobroker:start|How the X2Go Session Broker works]] * [[doc:installation:x2gobroker|Install the X2Go Session Broker]] - * [[wiki:advanced:x2gobroker:protocol|X2Go Session Broker Protocols]] + * [[wiki:development:x2gobroker:protocol|X2Go Session Broker Protocols]] (background information) * [[wiki:advanced:x2gobroker:loadbalancing|Load-balancing with X2Go Session Broker]] ===== X2Go Thin Client Environment (TCE) ===== * [[wiki:advanced:tce:install|Installation of the X2Go TCE]] -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:development:x2gobroker:protocol
by wiki-admin＠x2go.org 27 Mar '13

27 Mar '13

A page in your DokuWiki was added or changed. Here are the details: Date : 2013/03/27 10:49 Browser : Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1 IP-Address : 46.142.186.224 Hostname : 224-186-142-46.pool.kielnet.net Old Revision: http://wiki.x2go.org/doku.php/wiki:development:x2gobroker:protocol?rev=1364… New Revision: http://wiki.x2go.org/doku.php/wiki:development:x2gobroker:protocol Edit Summary: [Plain Text Broker Protocol] User : sunweaver @@ -6,10 +6,10 @@ ===== Plain Text Broker Protocol ===== The plain text protocol has been the first implementation of the X2Go Session Broker communication. The advantage of it is its simplicity. The disadvantage is that it is not very error tolerant. Neither can the plain text be used to transmit complex data structures. - The protocol's definition is explained on [[wiki:advanced:x2gobroker:plaintexprotocol|this separate page]]. + The protocol's definition is explained on [[wiki:development:x2gobroker:plaintexprotocol|this separate page]]. ===== JSON Broker Protocol ===== Unwritten future plans whisper about a JSON based broker protocol. No ETA for such an implementation is available, yet. -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page added: wiki:development:x2gobroker:plaintexprotocol
by wiki-admin＠x2go.org 27 Mar '13

27 Mar '13

A page in your DokuWiki was added or changed. Here are the details: Date : 2013/03/27 10:48 Browser : Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1 IP-Address : 46.142.186.224 Hostname : 224-186-142-46.pool.kielnet.net Old Revision: --- New Revision: http://wiki.x2go.org/doku.php/wiki:development:x2gobroker:plaintexprotocol Edit Summary: created User : sunweaver ====== X2Go Session Broker Protocol: Plain Text ====== //Client implementations: X2Go Client (since 3.x.y.z), Python X2Go (planned for 0.6.x.y)// The X2Go project offers a [[http://code.x2go.org/gitweb?p=x2gobroker.git;a=summary|public X2Go Session Broker implementation]]. However, there also exist several other implementations in large-scale production deployments. In theory, you can implement your own X2Go Session Broker by meeting some basic demands. This documentation explains a minimal broker implementation along the code of a Perl script. In this example, the X2Go Session Broker consists of two components: - ''x2gobroker.pm'' (a Perl module, the broker backend) - the broker frontend (either of the below): - ''x2gobroker.cgi'' (a CGI script written in Perl -> HTTP based broker) - ''x2gobroker'' (a command line script written in Perl -> SSH based broker) ===== X2Go Session Broker: The Backend ==== The package ''x2gobroker.pm'' can be considered as the broker backend. It has to implement two functions at minimal (names are arbitrary): * listProfiles * selectProfile If you want to use authentication with your session broker, the broker backend also has to provide a function called * checkAccess A very small and simple broker backend can look like this: <code> package x2gobroker; use strict; use base 'Exporter'; our @EXPORT = ('checkAccess', 'listSessions', 'selectSession'); #we have two sessions sub selectSession { my ($user, $sid)=@_; if($sid eq "123456789") { print "SERVER:x2goserver.org:22\n"; } if($sid eq "abcdefg") { print "SERVER:x2gotest.org:22\n"; } } #do not check authentication data, #return true on any #combination of username/password sub checkAccess { return 1; } #configuration for two sessions sub listSessions { my $user=shift; print "START_USER_SESSIONS [123456789] name=X2Go Session command=KDE host=x2goserver.org user=$user [abcdefg] name= Test X2Go Session 2 command=startxfce4 host=x2gotest.org user=test END_USER_SESSIONS "; } 1; </code> ==== CLient side ==== FIXME -> TODO X2Go client can access a broker module using one of two broker methods. Via HTTP(S) or SSH. HTTP(S) broker is usually CGI script, which can look like: <code> #!/usr/bin/perl use strict; use CGI; use CGI::Carp qw(fatalsToBrowser); use lib "/usr/lib/x2go"; use x2gobroker; my $cgi = new CGI; my @formValues = $cgi->param(); print $cgi->header(-type =>'text/html', -expires =>'+1h'), $cgi->start_html( -title =>'X2Go Broker', -author =>'team(a)obviously-nice.de', -base =>'true', -meta =>{'keywords' =>'x2go', 'description'=>'X2Go Broker'}); if (!checkAccess($cgi->param('user'), $cgi->param('password'), $cgi->param('authid')) == 1) { printNoAccess(); print $cgi->end_html(); exit (0); } print $cgi->start_form(), $cgi->strong('Access granted'); if ($cgi->param('task') eq 'listsessions') { listSessions($cgi->param('user')); } if ($cgi->param('task') eq 'selectsession') { selectSession($cgi->param('user'), $cgi->param('sid')); } $cgi->hr(), $cgi->end_form(); print $cgi->end_html(); sub printNoAccess { print $cgi->start_form(), $cgi->hr(), $cgi->strong('Access denied'), $cgi->end_form(); } </code> SSH broker can be a simple Perl script, which can look like: <code> #!/usr/bin/perl use strict; use lib "/usr/lib/x2go"; use x2gobroker; use Getopt::Long; my $user=getlogin(); my $authid; my $task; my $sid; #you don't need to check password on ssh brocker. #But possible you steel want to check auth id #if (!checkAccess($user, $authid) == 1) #{ # printNoAccess(); # exit (0); #} print "Access granted\n"; GetOptions('task=s' => \$task, 'sid=s' => \$sid); if(! $task) { die "parameter --task is required"; } if ($task eq 'listsessions') { listSessions($user); } elsif ($task eq 'selectsession') { if(! $sid) { die "parameter --sid is required"; } selectSession($user, $sid); } else { die "task \"".$task."\" not implemented on broker\n"; } sub printNoAccess { die 'Access denied'; } </code> 2. How X2Go broker work 2.1. Authentication The X2Go client can use different methods of authentication. On HTTP(S) broker it could be username and password. On SSH broker a SSH key authentication can also be used. With both types of broker you can verify additional parameter "authid". It is a user defined string which is saved in file. Path to file can be specified as X2Go Client command line option "--auth-id". You can configure your broker not to check user data as it shown in example above. In such case function checkAccess should always return 1. In example of SSH-Broker this function is not called at all. The broker just print "Access granted" to let X2Go Client know, that authentication is successful. In some setups can make sense to give access to broker without authentication. For example in LAN if broker only serve as load balancer for X2Go Servers. 2.2. List of predefined X2Go sessions After successful authentication on broker, X2Go Client will request list of predefined X2Go Sessions. This list look just the same as session file of X2Go Client. The function, that send X2Go sessions to Client look like: <code> sub listSessions { print "START_USER_SESSIONS [ <session 1> ] option1=value1 .... optionN=valueN [ <session 2> ] option1=value1 .... optionN=valueN END_USER_SESSIONS "; } </code> The options are the same as in X2Go Client configuration file. There is only a difference in parameters "host" and "key". And there are two parameters which are not supported in configuration file "status" and "usebrokerpass". The "host" parameter it is not necessary a hostname of X2Go server. The actual address of a server will be provided after session selection. It can make sense in a case of load balancing. The best server will be chosen after selection and sent to client. The "key" parameter is also ignored. Key can be provided to client after selection of session too. However, you can set this parameter with some value to inform the Client, that passwordless authentication should be tried, for example: "key=will be provided later". Parameter "usebrokerpass" say, that a user password for this session should not be asked, but broker password should be used instead. It can be useful if the broker and X2Go Server using same authentication server and there is no need to ask the same password twice. It is not recommended to use such authentication with HTTP Broker without SSL encryption. Parameter "status" can be one of two values "S" or "R". It can be used to say X2Go Client that an instance (or instances) of this session already running or are suspended on server. X2Go Client will display the status on the Session button. 2.3. Selecting a session When predefined sessions are listed in X2Go Client, user can choose a session from sessions list. The id of chosen session will be sent to broker and broker send a connection data back to client. It is responsibility of function "selectSession": <code> sub selectSession { my ($user, $sid)=@_; if($sid eq "123456789") { print "SERVER:x2goserver.org:22\n"; } } </code> This function send a server address and SSH port for X2Go connection. If no other data are specified a new X2Go session will be created. Broker can also send to Client information, that suspended session should be resumed. In this case broker should also send a session data to Client: <code> sub selectSession { my ($user, $sid)=@_; if($sid eq "123456789") { print "SERVER:phoca:22\n"; print "SESSION_INFO:12542|ncryer-53-1348753256_stDstartxfce4_dp24|53|debian|S|2012-09-27T06:40:57|7db77095d8a782f479d509d96f2e3261|188.195.168.12|30004|30005|2012-09-27T06:41:28|ncryer|285|30006|\n"; } </code> Broker can get this data from session database or by executing "x2golistsessions $user" on X2Go server. If X2Go Client running in broker mode, it will not verify if there are existing sessions on X2Go server. It is a responsibility of X2Go Broker. Broker should also suspend session before providing session data to client if session is running. The broker can also provide a SSH Key to client: <code> sub selectSession { my ($user, $sid)=@_; if($sid eq "123456789") { print "SERVER:phoca:22\n"; print "-----BEGIN DSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX yX7XLwCszCLM1FCYpdIGmM98vuHVcpNlVUBVgNcTxE1XCCnPZPjUXiNnUZPk1lme XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX o1q7Q1YmH43qI18lifjUhGZUTYWKQSsj2Am9bnjqaveV2aMEWymC8J9aJOYLpVZG XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX G1DwWnSRgyJaxRm4Ik0/kh78ioUfkVerXaCf2OKCMyiZBWcsNfvQwDa9MBrZ4rYW XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX VR60OGB7dHy+7ozqkjzuX+uB04GIqPJwG797i26Bo4v7uhbALjMa5qsObqXIPM1S XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX== -----END DSA PRIVATE KEY-----"; } } </code> It can be useful in some cases. It is recommended to transfer such keys only over encrypted channels. It is also recommended to transfer only temporary keys, which should be removed from known_hosts after authorization on X2Go server. 3. Configuring X2Go client for connection to broker There are several command line parameters to configure X2Go Client for use with broker: --broker-name=<name> Name of broker to display in X2Go client. This parameter is optional --broker-url=<protocol>://[username@]<host>[:port]/path URL of broker. Protocol is "http", "https" or "ssh". You can specify an username in URL. In this case it will be pasted in authorization dialog of X2Go Client. Examples of URL: --broker-url=https://x2gobroker.org/cgi-bin/x2gobroker.cgi --broker-url=ssh://user@x2gobroker.org:22/usr/lib/x2go/x2gobroker.pl --broker-ssh-key=<path to key> Path to SSH key to use for authorization on broker. This parameter is valid only for SSH broker. --broker-autologin Use default SSH key or SSH agent for authorization on broker. This parameter is valid only for SSH broker. --broker-noauth Do not ask for user credentials for broker authorizations. This can be useful if you using HTTP(S) broker without authentication. Username will be sent to broker if it specified in broker URL. This option is valid only for HTTP(S) broker. -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:advanced:x2gobroker:plaintexprotocol
by wiki-admin＠x2go.org 27 Mar '13

27 Mar '13

A page in your DokuWiki was added or changed. Here are the details: Date : 2013/03/27 10:48 Browser : Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1 IP-Address : 46.142.186.224 Hostname : 224-186-142-46.pool.kielnet.net Old Revision: http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:plaintexprotocol?rev… New Revision: http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:plaintexprotocol Edit Summary: removed User : sunweaver @@ -1,351 +1 @@ - ====== X2Go Session Broker Protocol: Plain Text ====== - - //Client implementations: X2Go Client (since 3.x.y.z), Python X2Go (planned for 0.6.x.y)// - - The X2Go project offers a [[http://code.x2go.org/gitweb?p=x2gobroker.git;a=summary|public X2Go Session Broker implementation]]. However, there also exist several other implementations in large-scale production deployments. - - In theory, you can implement your own X2Go Session Broker by meeting some basic demands. - - This documentation explains a minimal broker implementation along the code of a Perl script. - - In this example, the X2Go Session Broker consists of two components: - - - ''x2gobroker.pm'' (a Perl module, the broker backend) - - the broker frontend (either of the below): - - ''x2gobroker.cgi'' (a CGI script written in Perl -> HTTP based broker) - - ''x2gobroker'' (a command line script written in Perl -> SSH based broker) - - ===== X2Go Session Broker: The Backend ==== - - The package ''x2gobroker.pm'' can be considered as the broker backend. It has to implement two functions at minimal (names are arbitrary): - - * listProfiles - * selectProfile - - If you want to use authentication with your session broker, the broker backend also has to provide a function called - - * checkAccess - - A very small and simple broker backend can look like this: - - <code> - package x2gobroker; - use strict; - use base 'Exporter'; - our @EXPORT = ('checkAccess', 'listSessions', 'selectSession'); - - #we have two sessions - sub selectSession - { - my ($user, $sid)=@_; - if($sid eq "123456789") - { - print "SERVER:x2goserver.org:22\n"; - } - if($sid eq "abcdefg") - { - print "SERVER:x2gotest.org:22\n"; - } - } - #do not check authentication data, - #return true on any - #combination of username/password - sub checkAccess - { - return 1; - } - #configuration for two sessions - sub listSessions - { - my $user=shift; - print "START_USER_SESSIONS - [123456789] - name=X2Go Session - command=KDE - host=x2goserver.org - user=$user - [abcdefg] - name= Test X2Go Session 2 - command=startxfce4 - host=x2gotest.org - user=test - END_USER_SESSIONS "; - } - - 1; - </code> - - - ==== CLient side ==== - - FIXME -> TODO - - X2Go client can access a broker module using one of two broker methods. - Via HTTP(S) or SSH. - HTTP(S) broker is usually CGI script, which can look like: - <code> - #!/usr/bin/perl - - use strict; - use CGI; - use CGI::Carp qw(fatalsToBrowser); - use lib "/usr/lib/x2go"; - use x2gobroker; - my $cgi = new CGI; - - my @formValues = $cgi->param(); - - print $cgi->header(-type =>'text/html', - -expires =>'+1h'), - $cgi->start_html( -title =>'X2Go Broker', - -author =>'team(a)obviously-nice.de', - -base =>'true', - -meta =>{'keywords' =>'x2go', - 'description'=>'X2Go Broker'}); - - if (!checkAccess($cgi->param('user'), $cgi->param('password'), - $cgi->param('authid')) == 1) - { - printNoAccess(); - print $cgi->end_html(); - exit (0); - } - - print $cgi->start_form(), - $cgi->strong('Access granted'); - - if ($cgi->param('task') eq 'listsessions') - { - listSessions($cgi->param('user')); - } - - if ($cgi->param('task') eq 'selectsession') - { - selectSession($cgi->param('user'), $cgi->param('sid')); - } - $cgi->hr(), - $cgi->end_form(); - print $cgi->end_html(); - - sub printNoAccess - { - print $cgi->start_form(), - $cgi->hr(), - $cgi->strong('Access denied'), - $cgi->end_form(); - } - </code> - - SSH broker can be a simple Perl script, which can look like: - <code> - #!/usr/bin/perl - use strict; - use lib "/usr/lib/x2go"; - use x2gobroker; - use Getopt::Long; - - my $user=getlogin(); - my $authid; - my $task; - my $sid; - - #you don't need to check password on ssh brocker. - #But possible you steel want to check auth id - #if (!checkAccess($user, $authid) == 1) - #{ - # printNoAccess(); - # exit (0); - #} - print "Access granted\n"; - GetOptions('task=s' => \$task, - 'sid=s' => \$sid); - if(! $task) - { - die "parameter --task is required"; - } - if ($task eq 'listsessions') - { - listSessions($user); - } - elsif ($task eq 'selectsession') - { - if(! $sid) - { - die "parameter --sid is required"; - } - selectSession($user, $sid); - } - else - { - die "task \"".$task."\" not implemented on broker\n"; - } - sub printNoAccess - { - die 'Access denied'; - } - </code> - - 2. How X2Go broker work - - 2.1. Authentication - - The X2Go client can use different methods of authentication. On HTTP(S) - broker it could be username and password. On SSH broker a SSH key - authentication can also be used. With both types of broker you can - verify additional parameter "authid". It is a user defined string which - is saved in file. Path to file can be specified as X2Go Client command - line option "--auth-id". You can configure your broker not to check user - data as it shown in example above. In such case function checkAccess - should always return 1. In example of SSH-Broker this function is not - called at all. The broker just print "Access granted" to let X2Go Client - know, that authentication is successful. In some setups can make sense - to give access to broker without authentication. For example in LAN if - broker only serve as load balancer for X2Go Servers. - - 2.2. List of predefined X2Go sessions - - After successful authentication on broker, X2Go Client will request list - of predefined X2Go Sessions. This list look just the same as session - file of X2Go Client. The function, that send X2Go sessions to Client - look like: - <code> - sub listSessions - { - print "START_USER_SESSIONS - [ <session 1> ] - option1=value1 - .... - optionN=valueN - [ <session 2> ] - option1=value1 - .... - optionN=valueN - END_USER_SESSIONS "; - } - </code> - The options are the same as in X2Go Client configuration file. There is - only a difference in parameters "host" and "key". And there are two - parameters which are not supported in configuration file "status" and - "usebrokerpass". - The "host" parameter it is not necessary a hostname of X2Go server. The - actual address of a server will be provided after session selection. It - can make sense in a case of load balancing. The best server will be - chosen after selection and sent to client. - The "key" parameter is also ignored. Key can be provided to client after - selection of session too. However, you can set this parameter with some - value to inform the Client, that passwordless authentication should be - tried, for example: "key=will be provided later". - Parameter "usebrokerpass" say, that a user password for this session - should not be asked, but broker password should be used instead. It can - be useful if the broker and X2Go Server using same authentication server - and there is no need to ask the same password twice. It is not - recommended to use such authentication with HTTP Broker without SSL - encryption. - Parameter "status" can be one of two values "S" or "R". It can be used - to say X2Go Client that an instance (or instances) of this session - already running or are suspended on server. X2Go Client will display the - status on the Session button. - - 2.3. Selecting a session - - When predefined sessions are listed in X2Go Client, user can choose a - session from sessions list. The id of chosen session will be sent to - broker and broker send a connection data back to client. It is - responsibility of function "selectSession": - <code> - sub selectSession - { - my ($user, $sid)=@_; - if($sid eq "123456789") - { - print "SERVER:x2goserver.org:22\n"; - } - } - </code> - - This function send a server address and SSH port for X2Go connection. If - no other data are specified a new X2Go session will be created. - Broker can also send to Client information, that suspended session - should be resumed. In this case broker should also send a session data - to Client: - <code> - sub selectSession - { - my ($user, $sid)=@_; - if($sid eq "123456789") - { - print "SERVER:phoca:22\n"; - print - "SESSION_INFO:12542|ncryer-53-1348753256_stDstartxfce4_dp24|53|debian|S|2012-09-27T06:40:57|7db77095d8a782f479d509d96f2e3261|188.195.168.12|30004|30005|2012-09-27T06:41:28|ncryer|285|30006|\n"; - } - </code> - Broker can get this data from session database or by executing - "x2golistsessions $user" on X2Go server. If X2Go Client running in - broker mode, it will not verify if there are existing sessions on X2Go - server. It is a responsibility of X2Go Broker. Broker should also - suspend session before providing session data to client if session is - running. - - The broker can also provide a SSH Key to client: - <code> - sub selectSession - { - my ($user, $sid)=@_; - if($sid eq "123456789") - { - print "SERVER:phoca:22\n"; - print "-----BEGIN DSA PRIVATE KEY----- - Proc-Type: 4,ENCRYPTED - DEK-Info: AES-128-CBC,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - yX7XLwCszCLM1FCYpdIGmM98vuHVcpNlVUBVgNcTxE1XCCnPZPjUXiNnUZPk1lme - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - o1q7Q1YmH43qI18lifjUhGZUTYWKQSsj2Am9bnjqaveV2aMEWymC8J9aJOYLpVZG - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - G1DwWnSRgyJaxRm4Ik0/kh78ioUfkVerXaCf2OKCMyiZBWcsNfvQwDa9MBrZ4rYW - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - VR60OGB7dHy+7ozqkjzuX+uB04GIqPJwG797i26Bo4v7uhbALjMa5qsObqXIPM1S - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - XXXXXXXXXXXXXXXX== - -----END DSA PRIVATE KEY-----"; - } - } - </code> - It can be useful in some cases. It is recommended to transfer such keys - only over encrypted channels. It is also recommended to transfer only - temporary keys, which should be removed from known_hosts after - authorization on X2Go server. - - 3. Configuring X2Go client for connection to broker - - There are several command line parameters to configure X2Go Client for - use with broker: - - --broker-name=<name> - Name of broker to display in X2Go client. This parameter is optional - - --broker-url=<protocol>://[username@]<host>[:port]/path - URL of broker. Protocol is "http", "https" or "ssh". You can specify an - username in URL. In this case it will be pasted in authorization dialog - of X2Go Client. Examples of URL: - --broker-url=https://x2gobroker.org/cgi-bin/x2gobroker.cgi - --broker-url=ssh://user@x2gobroker.org:22/usr/lib/x2go/x2gobroker.pl - - --broker-ssh-key=<path to key> - Path to SSH key to use for authorization on broker. This parameter is - valid only for SSH broker. - - --broker-autologin - Use default SSH key or SSH agent for authorization on broker. This - parameter is valid only for SSH broker. - - --broker-noauth - Do not ask for user credentials for broker authorizations. This can be - useful if you using HTTP(S) broker without authentication. Username will - be sent to broker if it specified in broker URL. This option is valid - only for HTTP(S) broker. - - - -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

← Newer
1
...
8
9
10
11
12
13
14
...
103
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

x2go-commits March 2013