Hi!
I installed X2goserver one into a Debian Squeeze VM under VMware ESX today. Since we use a LDAP server to central user management I integrated it via libpam-ldap and libnss-ldap manually. We also use NFS for home directory so I added that too. Logging into the server via SSH works as expected.
But I get "can't start SSH tunnel" when trying to open a new X2go session with x2goclient.
When I use a SSH key I get messages like this:
Verbindung fehlgeschlagen intraws.of.teamix.net: Unable to connect: /home/ms/.x2go/ssh/socaskpass-M31562 Unable to connect: /home/ms/.x2go/ssh/socaskpass-M31562 Permission denied, please try again. Unable to connect: /home/ms/.x2go/ssh/socaskpass-M31562 Permission denied, please try again. Unable to connect: /home/ms/.x2go/ssh/socaskpass-M31562 Permission denied (publickey,password).
I guess this has to do with the usage of NFS.
~/.x2go/ssh is 750 and root is squashed to nobody:nogroup. Thus it is neither the user nor the group. Since
chmod 777 ~/.x2go/ssh
fixes key based login for me, it seems that something of x2go server is using root privileges to access files in the home directory of the user.
Could this be changed to use user rights - root can su to any ? This would work with NFS.
Other questions:
Can X2go client be told to use an existing ssh agent which has the right identidy added? A ssh user@intraws works already without asking for the key password, thus if x2goclient uses this ssh-agent it wouldn't need to ask for the passphrase as well.
What steps are necessary to integrate x2go with an *existing* LDAP server? x2goldaptools depends on slapd and samba and since we use NFS with an existing LDAP server I want neither of those. LDAP authentification via PAM works already. I can login with SSH and LDAP password of a user. I thought this would be enough for x2go *when* users that use x2go are in the group x2gousers. They are. But in the local group. What additinional steps are necessary?
Ciao,
Martin Steigerwald - team(ix) GmbH - http://www.teamix.de gpg: 19E3 8D42 896F D004 08AC A0CA 1E10 C593 0399 AE90