Hi everyone,
the way I understand the broker-session-autologin feature as described on http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:loadbalancing?s[]=autologin is that a user will not have to type username and password to the x2go server machine he is logging in to.
Therefore we create an SSH key pair on the broker with
x2gobroker-keygen
and then import it on the X2go server with x2gobroker-agent installed using
x2gobroker-pubkeyauthorizer --broker-url http(s)://<broker-server>:<port>/<basepatch>/pubkeys/
It looks like step 1 worked fine:
x2gobroker@x2gobroker:~$ ls -l .ssh total 12 -rw------- 1 x2gobroker x2gobroker 1683 Oct 13 07:26 id_rsa -rw-r--r-- 1 x2gobroker x2gobroker 380 Oct 13 07:26 id_rsa.pub -rw-r--r-- 1 x2gobroker x2gobroker 222 Oct 13 07:34 known_hosts x2gobroker@x2gobroker:~$
On the desktop (x2go server) the key was imported:
root@desktop:~# ls -l /var/lib/x2gobroker/.ssh/ total 4 -rw-r--r-- 1 x2gobroker x2gobroker 422 Okt 13 13:30 authorized_keys root@desktop:~# cat /var/lib/x2gobroker/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBHBNRsjCy80ihzJmKxK7I3Gfn8FMlr+I8MyLbZbMHBdlKhHnAP2qm2AfsWwJa2hP62RgS2Ussxk0d9b7pLe43GfS3xcZR6+/YPSYblFqmTx2NPTV9A8ycG0wGr/RYh6qgWOTBlPoyGbZeFa538iSt/6iNNln+fbFBOwmTDi+UondjVovIhERAC96tFMVLQdRg+4vMViOZkUdmn2+7VVpeYEAmdNPtXd8fluSYYLZo8D8RFPn8IHf3LWr6OXpos/7AOglsxJy2A3EtEkif7boKHV7XyRviKsamahhuNTw1HelbZvr8eAB/TPKWI80giszKPz+1H8PFU4KM2paB8T9f x2gobroker@x2gobroker.*************** root@desktop:~#
With a session of this configuration
[vs55-dev-mathias] setsessiontitle=true krblogin=false pack=16m-jpeg quality=9 speed=2 usesshproxy=true sshproxytype=SSH sshproxyhost=88.198.244.99 sshproxyport=22 sshproxyautologin=false sshproxysamepass=false sshproxysameuser=false width=800 height=600 dpi=96 fullscreen=false maxdim=false multidisp=false xinerama=false usekbd=true sound=false soundtunnel=false defsndport=false soundsystem=none startsoundsystem=false useexports=false useiconv=false iconvform=UTF-8 iconvto=UTF-8 fstunnel=true print=false usemimebox=false mimeboxaction=OPEN autostart=false xdmcpserver=localhost command=XFCE4 published=false sessiontitle=vXLT - vSphere 5.5 Dev host=10.173.20.16 user=student0 name=vSphere 5.5 Dev command=XFCE sshproxyuser=mathias sshproxysameuser=false acl-groups-allow=mathias acl-groups-deny=ALL acl-clients-allow=ALL acl-any-order=deny-allow broker-session-autologin=true
I would assume I did everything as described in the link above but here is what happens:
Now which password?? I didn't set any...
In the meantime, x2goclient logs this:
x2go-DEBUG-../onmainwindow.cpp:2160> Reading 3 sessions from config file. x2go-DEBUG-../onmainwindow.cpp:2757> Starting session with key. x2go-DEBUG-../httpbrokerclient.cpp:459> cmd request answer: "Access granted SERVER:10.173.20.16:22" x2go-DEBUG-../httpbrokerclient.cpp:441> parsing "Access granted SERVER:10.173.20.16:22" x2go-DEBUG-../httpbrokerclient.cpp:480> starting parser x2go-DEBUG-../httpbrokerclient.cpp:499> server IP: "10.173.20.16" x2go-DEBUG-../httpbrokerclient.cpp:500> server port: "22" x2go-DEBUG-../httpbrokerclient.cpp:507> parsing has finished x2go-DEBUG-../onmainwindow.cpp:1165> Removing apps from tray x2go-DEBUG-../onmainwindow.cpp:3307> Server: "10.173.20.16" x2go-INFO-8> "Starting connection to server: 10.173.20.16:22" x2go-DEBUG-../onmainwindow.cpp:2796> Start new ssh connection to server:"10.173.20.16":"22" krbLogin: false x2go-DEBUG-../httpbrokerclient.cpp:518> sslError ,code:"The host name did not match any of the valid hosts for this certificate": x2go-DEBUG-../httpbrokerclient.cpp:518> sslError ,code:"The certificate is self-signed, and untrusted": x2go-DEBUG-../httpbrokerclient.cpp:459> cmd request answer: "Access granted SERVER:10.173.20.16:22" x2go-DEBUG-../httpbrokerclient.cpp:441> parsing "Access granted SERVER:10.173.20.16:22" x2go-DEBUG-../httpbrokerclient.cpp:480> starting parser x2go-DEBUG-../httpbrokerclient.cpp:499> server IP: "10.173.20.16" x2go-DEBUG-../httpbrokerclient.cpp:500> server port: "22" x2go-DEBUG-../httpbrokerclient.cpp:507> parsing has finished x2go-DEBUG-../onmainwindow.cpp:1165> Removing apps from tray x2go-DEBUG-../onmainwindow.cpp:3307> Server: "10.173.20.16" x2go-INFO-8> "Starting connection to server: 10.173.20.16:22" x2go-DEBUG-../onmainwindow.cpp:2796> Start new ssh connection to server:"10.173.20.16":"22" krbLogin: false x2go-DEBUG-../onmainwindow.cpp:2891> SSH connection established. x2go-DEBUG-../onmainwindow.cpp:3117> Continue normal x2go session x2go-DEBUG-../onmainwindow.cpp:3497> "Session data: " x2go-DEBUG-../onmainwindow.cpp:3500> Starting new managed session. x2go-DEBUG-../onmainwindow.cpp:1165> Removing apps from tray x2go-DEBUG-../onmainwindow.cpp:3940> Executing remote command: "x2gostartagent 800x600 adsl 16m-jpeg-9 unix-kde-depth_24 us auto 1 D XFCE" x2go-DEBUG-../onmainwindow.cpp:1423> Close event received. x2go-INFO-6> "Closing x2goclient..." x2go-DEBUG-../onmainwindow.cpp:1276> Saving settings... x2go-DEBUG-../onmainwindow.cpp:1285> Saved settings. x2go-DEBUG-../onmainwindow.cpp:1307> Waiting for the SSH connection to finish... x2go-DEBUG-../onmainwindow.cpp:1309> Waited for the SSH connection to finish. x2go-INFO-7> "Closed x2goclient."
x2gobroker shows this in the logs:
root@x2gobroker:~# tail -n 0 -f /var/log/x2gobroker/* ==> /var/log/x2gobroker/access.log <==
==> /var/log/x2gobroker/access.log.1 <==
==> /var/log/x2gobroker/access.log.2.gz <==
==> /var/log/x2gobroker/authservice.log <==
==> /var/log/x2gobroker/authservice.log.1 <==
==> /var/log/x2gobroker/authservice.log.2.gz <==
==> /var/log/x2gobroker/broker.log <==
==> /var/log/x2gobroker/broker.log.1 <==
==> /var/log/x2gobroker/broker.log.2.gz <==
==> /var/log/x2gobroker/error.log <==
==> /var/log/x2gobroker/error.log.1 <==
==> /var/log/x2gobroker/wsgi.log <==
==> /var/log/x2gobroker/wsgi.log.2013-10-10_06 <==
==> /var/log/x2gobroker/wsgi.log.2013-10-13_06 <==
==> /var/log/x2gobroker/broker.log <== 2013-10-13 09:41:25,008 - broker - INFO - client address is 87.151.248.112 2013-10-13 09:41:25,008 - broker - DEBUG - username: mathias, password: XXXXX, task: listsessions, profile_id: , cookie: 2013-10-13 09:41:25,009 - broker - DEBUG - base_broker.X2GoBroker.get_authentication_mechanism(): found default-auth-mech in global config section: pam 2013-10-13 09:41:25,010 - broker - DEBUG - base_broker.X2GoBroker._do_authenticate(): authenticating user=mathias with password=<hidden> against backend=inifile. 2013-10-13 09:41:25,010 - broker - DEBUG - connecting to authentication service socket /run/x2gobroker/x2gobroker-authservice.socket 2013-10-13 09:41:25,011 - broker - DEBUG - sending username=mathias, password=<hidden>, service=x2gobroker to authentication service 2013-10-13 09:41:25,026 - broker - INFO - authentication against PAM service »x2gobroker« succeeded for user »mathias« 2013-10-13 09:41:25,027 - broker - DEBUG - base_broker.X2GoBroker.check_access(): result of authentication check is: True 2013-10-13 09:41:25,034 - broker - DEBUG - base_broker.X2GoBroker.get_session_autologin(): found default-session-autologin in global config section: False 2013-10-13 09:41:25,087 - broker - DEBUG - base_broker.X2GoBroker.get_agent_query_mode(): found default-agent-query-mode in global config section: none 2013-10-13 09:41:25,094 - broker - DEBUG - base_broker.X2GoBroker.get_session_autologin(): found broker-session-autologin in session profile with ID vs55-dev-mathias: true. This one has precendence over the default value. 2013-10-13 09:41:25,144 - broker - DEBUG - base_broker.X2GoBroker.get_agent_query_mode(): found default-agent-query-mode in global config section: none 2013-10-13 09:41:25,151 - broker - DEBUG - base_broker.X2GoBroker.get_session_autologin(): found default-session-autologin in global config section: False 2013-10-13 09:41:25,206 - broker - DEBUG - base_broker.X2GoBroker.get_session_autologin(): found default-session-autologin in global config section: False 2013-10-13 09:41:25,259 - broker - DEBUG - base_broker.X2GoBroker.get_agent_query_mode(): found default-agent-query-mode in global config section: none 2013-10-13 09:41:31,634 - broker - INFO - client address is 87.151.248.112 2013-10-13 09:41:31,635 - broker - DEBUG - username: mathias, password: XXXXX, task: selectsession, profile_id: vs55-dev-mathias, cookie: 2013-10-13 09:41:31,636 - broker - DEBUG - base_broker.X2GoBroker.get_authentication_mechanism(): found default-auth-mech in global config section: pam 2013-10-13 09:41:31,636 - broker - DEBUG - base_broker.X2GoBroker._do_authenticate(): authenticating user=mathias with password=<hidden> against backend=inifile. 2013-10-13 09:41:31,636 - broker - DEBUG - connecting to authentication service socket /run/x2gobroker/x2gobroker-authservice.socket 2013-10-13 09:41:31,637 - broker - DEBUG - sending username=mathias, password=<hidden>, service=x2gobroker to authentication service 2013-10-13 09:41:31,652 - broker - INFO - authentication against PAM service »x2gobroker« succeeded for user »mathias« 2013-10-13 09:41:31,652 - broker - DEBUG - base_broker.X2GoBroker.check_access(): result of authentication check is: True 2013-10-13 09:41:31,659 - broker - DEBUG - base_broker.X2GoBroker.get_agent_query_mode(): found default-agent-query-mode in global config section: none
I am not sure how the mechanism works so that the client can log in using pub key as a user for whom no ssh public key was installed, so I need your help.
cheers Mathias