Hi Mike,
first at all sorry for my late answer. i was very busy.
yes i want to access a "share" on a server in the same subnet as the x2goserver. but not from my x2goclient machine via ssh reverse tunnel. i just want to access the "share" from within my x2goclient session. this is imho a standard use case for a terminal server environment. i can already do this with sshfs from the x2goserver via password authentication. but if the fileserver does not allow ssh password auth it is impossible. for sure i could create another ssh private key on the x2goserver and put the public key part on the fileserver. but this maybe not wanted if you have one identity (ssl cert/ssh key) for each user which should only be securely stored on a smartcard.
here is how it works:
Agent pid 8086 09:52:47 nb-heikob ~ # ssh -A terminalix-hbslx terminalix-hbslx ~ # dir /tmp/ssh-tHRmT17232/ insgesamt 512 drwx------ 2 root root 80 23. Jun 09:52 . drwxrwxrwt 14 root root 496 23. Jun 09:52 .. srwxr-xr-x 1 root root 0 23. Jun 09:52 agent.17232
terminalix-hbslx ~ # ssh remotix-hbslx remotix-hbslx ~ # logout Connection to remotix-hbslx closed.
if the local ssh agent socket does not exists, login via agent forwarding does not work:
terminalix-hbslx ~ # rm /tmp/ssh-tHRmT17232/ -r
terminalix-hbslx ~ # ssh remotix-hbslx Permission denied (publickey,gssapi-with-mic,keyboard-interactive). terminalix-hbslx ~ #
to get ssh-agent forwarding working with an old x2goclient version (before using libssh2) i've modified sources to start an additional persistent ssh tunnel to the x2goserver. this works for me but i guess it is a ugly hack and it only works with this old version.
hope this clears things up.
regards heiko
On Wed, 01 Jun 2011 11:21:51 +0200, Mike Gabriel <mike.gabriel@das-netzwerkteam.de> wrote:
Hi Heiko,
On Mo 30 Mai 2011 19:12:44 CEST Heiko Baumann wrote:
hi,
if you enable ssh agent forwarding (ssh option -A or ForwardAgent in ssh_config) your agent connection is "forwarded" to the remote host.
this way you can use your ssh-agent (and smartcard in my case) to
login (or mount sshfs) to another host using your private key stored
in you local ssh-agent. this works with a socket created in
/tmp/ssh-<somerandomstring>/agent.<pid> on the ssh server/host.if i use a current x2goclient this socket is not created and so i
cannot mount a directory from another host from within my x2gosession.Is it possible that Alex and you discuss two very separate things?
Alex's topic: By looking at the sources of X2goClient, there obviously is an SSH agent implementation in X2goClient. BUT: that's for session authentication.
Heiko's topic: What you are referrring to in your last sentence is using X2go's reverse SSH port forwarding tunnel to access other server's shares in the X2go client's sub-LAN? This currently is not supported (and probably now wanted, either). Also: if the implementation of such a feature became a future endeavour we would have really to look at it very closely for considerations on security.
Greets, Mike