[X2Go-Commits] [[X2Go Wiki]] page added: doc:howto:ssh-agent-workaround
wiki-admin at x2go.org
wiki-admin at x2go.org
Sun Jan 8 13:55:13 CET 2017
A page in your DokuWiki was added or changed. Here are the details:
Date : 2017/01/08 12:55
Browser : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
IP-Address : 78.43.90.159
Hostname : HSI-KBW-078-043-090-159.hsi4.kabel-badenwuerttemberg.de
Old Revision: ---
New Revision: http://wiki.x2go.org/doku.php/doc:howto:ssh-agent-workaround
Edit Summary: created
User : stefanbaur
====== Workaround to use SSH Agent Forwarding in an X2Go Session ======
X2GoClient uses ''libssh'' and thus is unable to forward SSH Agent credentials by default.
However, there is a workaround:
Put this at the end of ''/etc/bash.bashrc'' on your X2Go **Server**:
<code>
# --- BEGIN X2Go SSH forwarding workaround ---
# Part that runs in regular SSH session
# check we have an agent socket and
# check we have an ~/.x2goclient directory
if [ -n "$SSH_AUTH_SOCK" ] && \
[ -d ~/.x2goclient ] ; then
# touch the output file and set permissions
# (as
tight as possible)
touch ~/.x2goclient/agentsocket
chmod 600 ~/.x2goclient/agentsocket
chown $USER ~/.x2goclient/agentsocket
# write file name of agent socket into file
echo $SSH_AUTH_SOCK >~/.x2goclient/agentsocket
fi
# Part that runs in X2Go session
# check we're on an X2GoServer (x2golistsessions is in path),
# check we have a DISPLAY set, and
# check our client DISPLAY and SSH client IP correspond to
# a running X2Go session and
# check ~/.x2goclient/agent is a regular file
if which x2golistsessions >/dev/null && \
[ -n "$DISPLAY" ] && \
[ -n "$(x2golistsessions | \
awk -F '|' '":"$3 == "'$DISPLAY'" && \
$5 == "R" && \
$8 == "'$(echo $SSH_CLIENT | \
awk '{print $1}')'" { print $3 }')" ] && \
[ -f ~/.x2goclient/agentsocket ] ; then
# all checks passed, read content of file
# (might still contain stale agent socket or garbage
MIGHTBEOURAGENT=$(cat ~/.x2goclient/agentsocket)
# check if it corresponds to an existing socket
if [ -S "$MIGHTBEOURAGENT" ]; then
# export path to agent socket
export SSH_AUTH_SOCK=$MIGHTBEOURAGENT
fi
fi
# ---- END X2Go SSH forwarding workaround ----
</file>
Now, start a **regular** SSH session with Agent Forwarding enabled **first**, and leave that session running in the background.
After that, start X2GoClient and connect to your session.
You should now be able to use the Agent Forwarding created with your regular SSH session from inside your X2Go session.
Inherent problems:
- Once you close the SSH session, you will be unable to use the SSH Agent Forwarding for new connections within the X2Go session (existing connections will not be terminated, however).
- If you create a new SSH session to the same server after starting the X2Go session, it will overwrite the setting. Again, existing connections will not be
affected, but new connections will use the SSH Agent Forwarding set by the latest SSH connection you made, and once you close the latest SSH session, connections will fail.
- If you share /home (e.g. via NFS) across different X2Go Servers, this workaround will not work reliably.
There's hope that future versions of X2Go will support SSH Agent Forwarding natively, as a patch to add SSH Agent Forwarding has been submitted to the libssh maintainers in March 2016 - but we will have to wait until that patch makes it into all the major distributions.
--
This mail was generated by DokuWiki at
http://wiki.x2go.org/
More information about the x2go-commits
mailing list