Hello Everyone,

I am trying to figure out a way to have X2Go work without giving the user ssh access to the server.

The approach I have taken is to use XDMCP. I have created a new 'switcher' user on the server, who connects with ssh keys and launches XDMCP where the real user can authenticate.

However, I have problems restricting the access of this initiating 'switcher' user. I thought it would be enough to allow him to run x2gostartagent with the ssh key, i.e. command="/usr/bin/x2gostartagent ${SSH_ORIGINAL_COMMAND#* }" ssh-rsa...

However, on closer inspection with acct I have noticed that there are several commands run before x2gostartagent, apparently including several instances of bash.

Is bash used directly, or would restricting ssh commands to x2gopath, x2gosyslog, x2gostartagent, (...?) work?

Or would it be possible to put 'switcher' in a chroot jail, and then have the XDMCP-authenticated user outside of it?

From what I can see, NX3.5 approached this by encapsulating everything in nxserver, which was then set in /etc/passwd as the shell of the nx user.

The goal is to prevent the user from executing arbitrary commands, in particular initiating data transfers.

Any ideas or comments most appreciated

Many thanks, Kris