Hi Heiko,
On Do 23 Jun 2011 10:17:45 CEST Heiko Baumann wrote:
Hi Mike,
first at all sorry for my late answer. i was very busy.
yes i want to access a "share" on a server in the same subnet as the
x2goserver. but not from my x2goclient machine via ssh reverse
tunnel. i just want to access the "share" from within my x2goclient
session. this is imho a standard use case for a terminal server
environment. i can already do this with sshfs from the x2goserver
via password authentication. but if the fileserver does not allow
ssh password auth it is impossible. for sure i could create another
ssh private key on the x2goserver and put the public key part on the
fileserver. but this maybe not wanted if you have one identity (ssl
cert/ssh key) for each user which should only be securely stored on
a smartcard.here is how it works:
Agent pid 8086 09:52:47 nb-heikob ~ # ssh -A terminalix-hbslx terminalix-hbslx ~ # dir /tmp/ssh-tHRmT17232/ insgesamt 512 drwx------ 2 root root 80 23. Jun 09:52 . drwxrwxrwt 14 root root 496 23. Jun 09:52 .. srwxr-xr-x 1 root root 0 23. Jun 09:52 agent.17232
terminalix-hbslx ~ # ssh remotix-hbslx remotix-hbslx ~ # logout Connection to remotix-hbslx closed.
if the local ssh agent socket does not exists, login via agent
forwarding does not work:terminalix-hbslx ~ # rm /tmp/ssh-tHRmT17232/ -r
terminalix-hbslx ~ # ssh remotix-hbslx Permission denied (publickey,gssapi-with-mic,keyboard-interactive). terminalix-hbslx ~ #
to get ssh-agent forwarding working with an old x2goclient version
(before using libssh2) i've modified sources to start an additional
persistent ssh tunnel to the x2goserver. this works for me but i
guess it is a ugly hack and it only works with this old version.hope this clears things up.
Yes it does. I have explicitly Cc:ed Alex to my reply so maybe he can
take a look... It seems that x2goclient can use ssh-agent as a client,
but does not pass the agent socket on to the server. This could indeed
be improved!!!
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...