Hello,
is there a way to use x2goclient with ssh-agent(1)? i am using ssh-agent with my etoken to login via nxclient on some machines. is this possible with x2goclient? i've started x2goclient from the same shell where a ssh login to the remote server worked with agent auth. but x2goclient seems not to use the running ssh-agent.
thanks for any help. heiko
i havent found a way to make this work.
can anyone help?
regards heiko
On Mon, 18 Jan 2010 23:12:55 +0100, Heiko Baumann <heiko@oss.hboss.de> wrote:
Hello,
is there a way to use x2goclient with ssh-agent(1)? i am using ssh-agent with my etoken to login via nxclient on some machines. is this possible with x2goclient? i've started x2goclient from the same shell where a ssh login to the remote server worked with agent auth. but x2goclient seems not to use the running ssh-agent.
thanks for any help. heiko
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
hi again :)
i just want to ask if someone can help with this issue. is it possible to use a running ssh-agent with x2goclient?
regards heiko
On Tue, 26 Jan 2010 21:53:29 +0100, Heiko Baumann <heiko@oss.hboss.de> wrote:
i havent found a way to make this work.
can anyone help?
regards heiko
On Mon, 18 Jan 2010 23:12:55 +0100, Heiko Baumann <heiko@oss.hboss.de> wrote:
Hello,
is there a way to use x2goclient with ssh-agent(1)? i am using ssh-agent with my etoken to login via nxclient on some machines. is this possible with x2goclient? i've started x2goclient from the same shell where a ssh login to the remote server worked with agent auth. but x2goclient seems not to use the running ssh-agent.
thanks for any help. heiko
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
hmm, nobody else wants to use x2goclient with ssh-agent?
or should it simply work and it is just a problem on my system?
thanks for any reply....
On Tue, 19 Oct 2010 15:39:05 +0200, Heiko Baumann <heiko@oss.hboss.de> wrote:
hi again :)
i just want to ask if someone can help with this issue. is it possible to use a running ssh-agent with x2goclient?
regards heiko
On Tue, 26 Jan 2010 21:53:29 +0100, Heiko Baumann <heiko@oss.hboss.de> wrote:
i havent found a way to make this work.
can anyone help?
regards heiko
On Mon, 18 Jan 2010 23:12:55 +0100, Heiko Baumann <heiko@oss.hboss.de> wrote:
Hello,
is there a way to use x2goclient with ssh-agent(1)? i am using ssh-agent with my etoken to login via nxclient on some machines. is this possible with x2goclient? i've started x2goclient from the same shell where a ssh login to the remote server worked with agent auth. but x2goclient seems not to use the running ssh-agent.
thanks for any help. heiko
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
Hi, sorry for not answering earlier.. i've more or less encountered the same problem and ended up with generating a second, keyless ssh-key for x2go only usage..
/r
-- http://rantanplan.org/~rupi/ || encrypt email || use free software fingerprint = 9639 0ABC AD2F 155F C96C FC78 3CFE 82C0 0AF9 AE3A
IIRC, it simply worked for me. Instead of a password, the passphrase was being asked.
All I had to do was a normal login via SSH previously to get the known_hosts stuff sorted.
Regards,
.''. Philipp Huebner <debalance@debian.org> : :' : pgp fp: 6719 25C5 B8CD E74A 5225 3DF9 E5CA 8C49 25E4 205F . ' HP: http://www.debalance.de, Skype: philipp-huebner
`- ICQ: 235-524-440, Jabber: der_schakal@jabber.org
do you use ssh-agent oder just a ssh key with passphrase? i my case using a ssh key (with or without passphrase) works great but if run something like this:
eval ssh-agent -s
ssh-add
before starting x2goclient from this shell it does not use the running agent. if i do a simple "ssh -l username sshhost" from the same shell it works without asking a password.
it looks like x2goclient does not care about a running ssh-agent!?
using it that way would be a great improvement in security imho and makes single-sign-on possible if you start your ssh-agent at login time.....
greetz heiko
On Thu, 04 Nov 2010 15:53:08 +0100, Philipp Huebner <debalance@debian.org> wrote:
IIRC, it simply worked for me. Instead of a password, the passphrase was being asked.
All I had to do was a normal login via SSH previously to get the known_hosts stuff sorted.
Regards,
hi all,
is it still not possible to use x2goclient with a running ssh agent?
regards heiko
On Thu, 04 Nov 2010 16:28:45 +0100, Heiko Baumann <heiko@oss.hboss.de> wrote:
do you use ssh-agent oder just a ssh key with passphrase? i my case using a ssh key (with or without passphrase) works great but if run something like this:
eval
ssh-agent -sssh-addbefore starting x2goclient from this shell it does not use the running agent. if i do a simple "ssh -l username sshhost" from the same shell it works without asking a password.
it looks like x2goclient does not care about a running ssh-agent!?
using it that way would be a great improvement in security imho and makes single-sign-on possible if you start your ssh-agent at login time.....
greetz heiko
On Thu, 04 Nov 2010 15:53:08 +0100, Philipp Huebner <debalance@debian.org> wrote:
IIRC, it simply worked for me. Instead of a password, the passphrase was being asked.
All I had to do was a normal login via SSH previously to get the known_hosts stuff sorted.
Regards,
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
hi,
because no one cared about my request i tried to fix it by myself. attached is a patch which adds an --ssh-agent option to x2goclient. if x2goclient is called with this option it uses a running ssh-agent to connect to the x2goserver.
btw. i dont know anything about coding C++ nor anything about x2goclient development. so maybe this patch does break something else or may be a bad hack. however it works for me.
maybe the x2go devs could include it (or write a better one :)) in one of the next releases? this would be great because i now have SSO with my usb token for all important tools. ssh-agent is started at logon and everything works without entering my passphrase again (ssh/scp, sshfs, nxclient, x2goclient etc.).
regards heiko
On Sat, 09 Apr 2011 14:59:35 +0200, Heiko Baumann <heiko@oss.hboss.de> wrote:
hi all,
is it still not possible to use x2goclient with a running ssh agent?
regards heiko
On Thu, 04 Nov 2010 16:28:45 +0100, Heiko Baumann <heiko@oss.hboss.de> wrote:
do you use ssh-agent oder just a ssh key with passphrase? i my case using a ssh key (with or without passphrase) works great but if run something like this:
eval
ssh-agent -sssh-addbefore starting x2goclient from this shell it does not use the running agent. if i do a simple "ssh -l username sshhost" from the same shell it works without asking a password.
it looks like x2goclient does not care about a running ssh-agent!?
using it that way would be a great improvement in security imho and makes single-sign-on possible if you start your ssh-agent at login time.....
greetz heiko
On Thu, 04 Nov 2010 15:53:08 +0100, Philipp Huebner <debalance@debian.org> wrote:
IIRC, it simply worked for me. Instead of a password, the passphrase was being asked.
All I had to do was a normal login via SSH previously to get the known_hosts stuff sorted.
Regards,
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
Am 22.04.2011 21:30, schrieb Heiko Baumann:
hi,
because no one cared about my request i tried to fix it by myself. attached is a patch which adds an --ssh-agent option to x2goclient. if x2goclient is called with this option it uses a running ssh-agent to connect to the x2goserver.
btw. i dont know anything about coding C++ nor anything about x2goclient development. so maybe this patch does break something else or may be a bad hack. however it works for me.
maybe the x2go devs could include it (or write a better one :)) in one of the next releases? this would be great because i now have SSO with my usb token for all important tools. ssh-agent is started at logon and everything works without entering my passphrase again (ssh/scp, sshfs, nxclient, x2goclient etc.).
regards heiko
Hello Heiko,
there is a "Try auto login (ssh-agent or default ssh key)" option in preferences of a X2Go-session since x2goclient-3.01-14
regards,
Oleksandr Shneyder Dipl. Informatik X2go Core Developer Team
email: oleksandr.shneyder@obviously-nice.de web: www.obviously-nice.de
--> X2go - everywhere@home
Hi Oleksandr,
thanks for the info. i tried the new version and ssh-agent login works great. but i've also hacked my patch yesterday to support agent forwarding. this way i can use sshfs to mount a remote directory without password into my x2gosession.
this does not work with the new version. the changelog shows that you now use libssh. is it possible to add this feature? would be really useful.
thanks heiko
On Wed, 27 Apr 2011 13:51:24 +0200, Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> wrote:
Am 22.04.2011 21:30, schrieb Heiko Baumann:
hi,
because no one cared about my request i tried to fix it by myself. attached is a patch which adds an --ssh-agent option to x2goclient. if x2goclient is called with this option it uses a running ssh-agent to connect to the x2goserver.
btw. i dont know anything about coding C++ nor anything about x2goclient development. so maybe this patch does break something else or may be a bad hack. however it works for me.
maybe the x2go devs could include it (or write a better one :)) in one of the next releases? this would be great because i now have SSO with my usb token for all important tools. ssh-agent is started at logon and everything works without entering my passphrase again (ssh/scp, sshfs, nxclient, x2goclient etc.).
regards heiko
Hello Heiko,
there is a "Try auto login (ssh-agent or default ssh key)" option in preferences of a X2Go-session since x2goclient-3.01-14
regards,
hi,
are there any plans to support ssh-agent forwarding?
regards heiko
On Wed, 27 Apr 2011 23:31:07 +0200, Heiko Baumann <heiko@oss.hboss.de> wrote:
Hi Oleksandr,
thanks for the info. i tried the new version and ssh-agent login works great. but i've also hacked my patch yesterday to support agent forwarding. this way i can use sshfs to mount a remote directory without password into my x2gosession.
this does not work with the new version. the changelog shows that you now use libssh. is it possible to add this feature? would be really useful.
thanks heiko
On Wed, 27 Apr 2011 13:51:24 +0200, Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> wrote:
Am 22.04.2011 21:30, schrieb Heiko Baumann:
hi,
because no one cared about my request i tried to fix it by myself. attached is a patch which adds an --ssh-agent option to x2goclient. if x2goclient is called with this option it uses a running ssh-agent to connect to the x2goserver.
btw. i dont know anything about coding C++ nor anything about x2goclient development. so maybe this patch does break something else or may be a bad hack. however it works for me.
maybe the x2go devs could include it (or write a better one :)) in one of the next releases? this would be great because i now have SSO with my usb token for all important tools. ssh-agent is started at logon and everything works without entering my passphrase again (ssh/scp, sshfs, nxclient, x2goclient etc.).
regards heiko
Hello Heiko,
there is a "Try auto login (ssh-agent or default ssh key)" option in preferences of a X2Go-session since x2goclient-3.01-14
regards,
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
Am 16.05.2011 11:50, schrieb Heiko Baumann: Hello Heiko,
I don't understand what do you mean with "ssh-agent forwarding". X2Go Client supports login using ssh-agent and you can mount sshfs-directories from client into your X2Go session using X2Go Client. Can you make it clear to me?
hi,
are there any plans to support ssh-agent forwarding?
regards heiko
On Wed, 27 Apr 2011 23:31:07 +0200, Heiko Baumann <heiko@oss.hboss.de> wrote:
Hi Oleksandr,
thanks for the info. i tried the new version and ssh-agent login works great. but i've also hacked my patch yesterday to support agent forwarding. this way i can use sshfs to mount a remote directory without password into my x2gosession.
this does not work with the new version. the changelog shows that you now use libssh. is it possible to add this feature? would be really useful.
thanks heiko
On Wed, 27 Apr 2011 13:51:24 +0200, Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> wrote:
Am 22.04.2011 21:30, schrieb Heiko Baumann:
hi,
because no one cared about my request i tried to fix it by myself. attached is a patch which adds an --ssh-agent option to x2goclient. if x2goclient is called with this option it uses a running ssh-agent to connect to the x2goserver.
btw. i dont know anything about coding C++ nor anything about x2goclient development. so maybe this patch does break something else or may be a bad hack. however it works for me.
maybe the x2go devs could include it (or write a better one :)) in one of the next releases? this would be great because i now have SSO with my usb token for all important tools. ssh-agent is started at logon and everything works without entering my passphrase again (ssh/scp, sshfs, nxclient, x2goclient etc.).
regards heiko
Hello Heiko,
there is a "Try auto login (ssh-agent or default ssh key)" option in preferences of a X2Go-session since x2goclient-3.01-14
regards,
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
-- Oleksandr Shneyder Dipl. Informatik X2go Core Developer Team
email: oleksandr.shneyder@obviously-nice.de web: www.obviously-nice.de
--> X2go - everywhere@home
hi,
if you enable ssh agent forwarding (ssh option -A or ForwardAgent in ssh_config) your agent connection is "forwarded" to the remote host. this way you can use your ssh-agent (and smartcard in my case) to login (or mount sshfs) to another host using your private key stored in you local ssh-agent. this works with a socket created in /tmp/ssh-<somerandomstring>/agent.<pid> on the ssh server/host.
if i use a current x2goclient this socket is not created and so i cannot mount a directory from another host from within my x2gosession.
regards heiko
On Mon, 16 May 2011 12:05:41 +0200, Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> wrote:
Am 16.05.2011 11:50, schrieb Heiko Baumann: Hello Heiko,
I don't understand what do you mean with "ssh-agent forwarding". X2Go Client supports login using ssh-agent and you can mount sshfs-directories from client into your X2Go session using X2Go Client. Can you make it clear to me?
hi,
are there any plans to support ssh-agent forwarding?
regards heiko
On Wed, 27 Apr 2011 23:31:07 +0200, Heiko Baumann <heiko@oss.hboss.de> wrote:
Hi Oleksandr,
thanks for the info. i tried the new version and ssh-agent login works great. but i've also hacked my patch yesterday to support agent forwarding. this way i can use sshfs to mount a remote directory without password into my x2gosession.
this does not work with the new version. the changelog shows that you now use libssh. is it possible to add this feature? would be really useful.
thanks heiko
On Wed, 27 Apr 2011 13:51:24 +0200, Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> wrote:
Am 22.04.2011 21:30, schrieb Heiko Baumann:
hi,
because no one cared about my request i tried to fix it by myself. attached is a patch which adds an --ssh-agent option to x2goclient. if x2goclient is called with this option it uses a running ssh-agent to connect to the x2goserver.
btw. i dont know anything about coding C++ nor anything about x2goclient development. so maybe this patch does break something else or may be a bad hack. however it works for me.
maybe the x2go devs could include it (or write a better one :)) in one of the next releases? this would be great because i now have SSO with my usb token for all important tools. ssh-agent is started at logon and everything works without entering my passphrase again (ssh/scp, sshfs, nxclient, x2goclient etc.).
regards heiko
Hello Heiko,
there is a "Try auto login (ssh-agent or default ssh key)" option in preferences of a X2Go-session since x2goclient-3.01-14
regards,
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
Hi Heiko,
On Mo 30 Mai 2011 19:12:44 CEST Heiko Baumann wrote:
hi,
if you enable ssh agent forwarding (ssh option -A or ForwardAgent in
ssh_config) your agent connection is "forwarded" to the remote host.
this way you can use your ssh-agent (and smartcard in my case) to
login (or mount sshfs) to another host using your private key stored
in you local ssh-agent. this works with a socket created in
/tmp/ssh-<somerandomstring>/agent.<pid> on the ssh server/host.if i use a current x2goclient this socket is not created and so i
cannot mount a directory from another host from within my x2gosession.
Is it possible that Alex and you discuss two very separate things?
Alex's topic: By looking at the sources of X2goClient, there obviously
is an SSH agent implementation in X2goClient. BUT: that's for session
authentication.
Heiko's topic: What you are referrring to in your last sentence is
using X2go's reverse SSH port forwarding tunnel to access other
server's shares in the X2go client's sub-LAN? This currently is not
supported (and probably now wanted, either). Also: if the
implementation of such a feature became a future endeavour we would
have really to look at it very closely for considerations on security.
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
Hi Mike,
first at all sorry for my late answer. i was very busy.
yes i want to access a "share" on a server in the same subnet as the x2goserver. but not from my x2goclient machine via ssh reverse tunnel. i just want to access the "share" from within my x2goclient session. this is imho a standard use case for a terminal server environment. i can already do this with sshfs from the x2goserver via password authentication. but if the fileserver does not allow ssh password auth it is impossible. for sure i could create another ssh private key on the x2goserver and put the public key part on the fileserver. but this maybe not wanted if you have one identity (ssl cert/ssh key) for each user which should only be securely stored on a smartcard.
here is how it works:
Agent pid 8086 09:52:47 nb-heikob ~ # ssh -A terminalix-hbslx terminalix-hbslx ~ # dir /tmp/ssh-tHRmT17232/ insgesamt 512 drwx------ 2 root root 80 23. Jun 09:52 . drwxrwxrwt 14 root root 496 23. Jun 09:52 .. srwxr-xr-x 1 root root 0 23. Jun 09:52 agent.17232
terminalix-hbslx ~ # ssh remotix-hbslx remotix-hbslx ~ # logout Connection to remotix-hbslx closed.
if the local ssh agent socket does not exists, login via agent forwarding does not work:
terminalix-hbslx ~ # rm /tmp/ssh-tHRmT17232/ -r
terminalix-hbslx ~ # ssh remotix-hbslx Permission denied (publickey,gssapi-with-mic,keyboard-interactive). terminalix-hbslx ~ #
to get ssh-agent forwarding working with an old x2goclient version (before using libssh2) i've modified sources to start an additional persistent ssh tunnel to the x2goserver. this works for me but i guess it is a ugly hack and it only works with this old version.
hope this clears things up.
regards heiko
On Wed, 01 Jun 2011 11:21:51 +0200, Mike Gabriel <mike.gabriel@das-netzwerkteam.de> wrote:
Hi Heiko,
On Mo 30 Mai 2011 19:12:44 CEST Heiko Baumann wrote:
hi,
if you enable ssh agent forwarding (ssh option -A or ForwardAgent in ssh_config) your agent connection is "forwarded" to the remote host.
this way you can use your ssh-agent (and smartcard in my case) to
login (or mount sshfs) to another host using your private key stored
in you local ssh-agent. this works with a socket created in
/tmp/ssh-<somerandomstring>/agent.<pid> on the ssh server/host.if i use a current x2goclient this socket is not created and so i
cannot mount a directory from another host from within my x2gosession.Is it possible that Alex and you discuss two very separate things?
Alex's topic: By looking at the sources of X2goClient, there obviously is an SSH agent implementation in X2goClient. BUT: that's for session authentication.
Heiko's topic: What you are referrring to in your last sentence is using X2go's reverse SSH port forwarding tunnel to access other server's shares in the X2go client's sub-LAN? This currently is not supported (and probably now wanted, either). Also: if the implementation of such a feature became a future endeavour we would have really to look at it very closely for considerations on security.
Greets, Mike
Hi Heiko,
On Do 23 Jun 2011 10:17:45 CEST Heiko Baumann wrote:
Hi Mike,
first at all sorry for my late answer. i was very busy.
yes i want to access a "share" on a server in the same subnet as the
x2goserver. but not from my x2goclient machine via ssh reverse
tunnel. i just want to access the "share" from within my x2goclient
session. this is imho a standard use case for a terminal server
environment. i can already do this with sshfs from the x2goserver
via password authentication. but if the fileserver does not allow
ssh password auth it is impossible. for sure i could create another
ssh private key on the x2goserver and put the public key part on the
fileserver. but this maybe not wanted if you have one identity (ssl
cert/ssh key) for each user which should only be securely stored on
a smartcard.here is how it works:
Agent pid 8086 09:52:47 nb-heikob ~ # ssh -A terminalix-hbslx terminalix-hbslx ~ # dir /tmp/ssh-tHRmT17232/ insgesamt 512 drwx------ 2 root root 80 23. Jun 09:52 . drwxrwxrwt 14 root root 496 23. Jun 09:52 .. srwxr-xr-x 1 root root 0 23. Jun 09:52 agent.17232
terminalix-hbslx ~ # ssh remotix-hbslx remotix-hbslx ~ # logout Connection to remotix-hbslx closed.
if the local ssh agent socket does not exists, login via agent
forwarding does not work:terminalix-hbslx ~ # rm /tmp/ssh-tHRmT17232/ -r
terminalix-hbslx ~ # ssh remotix-hbslx Permission denied (publickey,gssapi-with-mic,keyboard-interactive). terminalix-hbslx ~ #
to get ssh-agent forwarding working with an old x2goclient version
(before using libssh2) i've modified sources to start an additional
persistent ssh tunnel to the x2goserver. this works for me but i
guess it is a ugly hack and it only works with this old version.hope this clears things up.
Yes it does. I have explicitly Cc:ed Alex to my reply so maybe he can
take a look... It seems that x2goclient can use ssh-agent as a client,
but does not pass the agent socket on to the server. This could indeed
be improved!!!
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
On Tue, 2010-10-19 at 15:39 +0200, Heiko Baumann wrote:
hi again :)
i just want to ask if someone can help with this issue. is it possible to use a running ssh-agent with x2goclient?
<snip> I'm afraid I've never used it that way :( - John
-
Heiko Baumann -
John A. Sullivan III -
Mike Gabriel -
Oleksandr Shneyder -
Philipp Huebner -
rupi