All,

I think I found the problem, but I'm not sure how to fix it.

Note the options that nxagent.bin is running with:

nxagent.bin -extension XFIXES -extension GLX -nolisten tcp -R -auth /home/testuser/.Xauthority -geometry 800x600 -name X2GO-testuser-97-1386279395_stRxterm_dp32 :97

The "-nolisten tcp" option is preventing the Xserver from receiving any connections via TCP, so it doesn't appear to matter what I do with xhost or xauth.

Is there a configuration file I can change to remove this option?

Thanks,
Nick



On Thursday, December 5, 2013 8:59 AM, Mike Gabriel <mike.gabriel@das-netzwerkteam.de> wrote:
Hi Nick,

On  Do 05 Dez 2013 16:46:02 CET, Nick Ingegneri wrote:

> Thanks for suggesting the "ssh -Y".  That works (as done "ssh -X") 
> but unfortunately it doesn't solve my problem. We are trying to drop 
> X2Go into an existing environment as a replacement for a current 
> solution, and can't force a change in how users connect to the 
> remote machines. For X2Go we really need to figure out how to get 
> this working with a simple "xhost +" and "setenv DISPLAY 
> host:display".

Running xhost + on a multi-user host is not a good idea, at all. If 
that is your setup of convenience, change it, as it 100% lacks 
security. People can access each others' clipboards and read+write 
content to/from it. Easily, one can sniff passwords etc. that get 
copied to the clipboard, etc.

> Interestingly, it looks like freenx/opennx work fine in this mode, 
> but we would prefer not to use that solution as it appears to be a 
> dead end.  There must be something different about how freenx/opennx 
> set up security vs X2Go, but I can't find much documentation on 
> configuring security in X2Go.

You probably have to play with the xauth command for making your 
desired setup work. (Though xhost + makes xauth unnecessary, so maybe 
not).

> I'll spend some more time in the man pages, but any other 
> suggestions here would be greatly appreciated.

Greets,
Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31

mail:
mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb