hi all, hi esp. devs,
the LinDix company in the Netherlands has asked me to work on another
project in the context of X2go.
A couple of weeks ago we discussed possibilities of approaching the
usage of X2go in SaaS environemts (that is: not ,,Desktop as a
Serice'', but Software as a Service, meaning single, dedicated
applications in this context).
The vision is:
(a) to have a server-side X2goSSH service similar to OpenSSH that can be configured via ACLs so that remote application can be granted/denied to specific users and/or specific groups. Opposed to OpenSSH this X2go service will be able to restrict the execution of remote (server-side) commands very pedantically.
(b) to provider X2go remote apps through the programmes' menu on your local desktop
In this mail I will address vision (a) in detail:
====================
The basic ideas of such an X2goSSH service are:
o instead of using OpenSSH daemon the client connects to X2goSSH daemon o the X2goSSH service will wrap around the standard x2goserver command set o installation of X2goSSH will be optional o the client has to support the usage of the server-side X2goSSH (i.e. there will be a parallel implementation within python-x2go code) o the client has to be able to detect if it is talking to a normal OpenSSH daemon or if it is talking to the restricted X2goSSH service o the X2goSSH service will be implemented with Python-Paramiko/SSH
o behind the X2goSSH service there listens an X2go'ish shell that
guards and wraps around the actual execution of the already known x2go
comands (note again: X2goSSH+X2goSHELL is a wrapper for
x2goserver commands)
o With the help of a guy from LinDix.NL (and others?) I will soon start working on a possible X2goSSH+X2goSHELL command protocol in the X2go wiki
o the proposed project name will be python-x2goserver, it will
contain several
packages/subprojects
python-x2goserver-x2gosshd
python-x2goserver-x2goshell
python-x2goserver-x2goacl
x2gosshd (the actual daemon)Greetings + Request for Comments, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
On 2011-05-12 23:58, Mike Gabriel wrote:
instead of using OpenSSH daemon the client connects to X2goSSH daemon
Don't you rather want a special login shell, as done by gitosis [1] & co.
Cheers Morty
[1] http://eagain.net/gitweb/?p=gitosis.git;a=tree
-- Dipl.-Ing. Moritz 'Morty' Struebe (Wissenschaftlicher Mitarbeiter) Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme) Friedrich-Alexander-Universität Erlangen-Nürnberg Martensstr. 1 91058 Erlangen
Tel : +49 9131 85-25419 Fax : +49 9131 85-28732 eMail : struebe@informatik.uni-erlangen.de WWW : http://www4.informatik.uni-erlangen.de/~morty
Hi Morty,
On Fr 13 Mai 2011 12:22:52 CEST Moritz Struebe wrote:
as writing an SSH server with Parmiko/SSH as dead easy I currently
reckon that it will be easier than including OpenSSH in the
approach... (the data will stay within the Python code...
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
-
Mike Gabriel -
Moritz Struebe