[X2go-dev] ENHANCEMENT-REQUEST: x2goclient -- option for reverse SSH port
John A. Sullivan III
jsullivan at opensourcedevel.com
Fri Jun 25 22:43:28 CEST 2010
On Fri, 2010-06-25 at 22:11 +0200, Mike Gabriel wrote:
> Hi there,
>
> in the current x2goclient package (3.01-5, Debian, Qt version) there
> is need for an option to configure the reverse SSH port number (i.e.
> the SSH daemon's port on the client side). This option should be a
> client wide config option (not a per-session option).
>
> Printing and file sharing (sshfs/fuse) build up a reverse port
> forwarding tunnel from the x2goserver back to the client. This feature
> is used for x2goprint and x2gomountdirs (if I understand the perl code
> correctly) and could also be used for any other feature that could be
> evoked by a reverse SSH connection...
>
> The linux x2goclient, however, pre-requisites a running ssh daemon on
> the client system. Its standard port is 22. The x2goclient will only
> work if the client's SSH daemon runs on the default port 22. It will
> fail if the port has been set to a custom (high) port.
>
> Consider a client, whose system administrator has set the SSH port to
> a high --- to potential intruders unknown --- port number (e.g.
> 20222). With such an SSH setup, sshfs/fuse will fail...
>
> Reproduce:
>
> o modify /etc/ssh/sshd_config
> o set ,,Port 20222'' (or something else)
> o /etc/init.d/ssh restart
> o start x2goclient as some user and login to a remote x2goserver
> o start a shell within the x2go session on the server
> o type ,,mount | grep sshfs''
>
> Suggestions:
>
> (a)
> add a global SSH port number option to the x2goclient (linux-only).
>
> (b)
> Another way for the x2goclient could be some autodetect code:
> lsof -ni | egrep "^sshd.*root.*IPv4" | awk '{ print $8 }'
>
> (c)
> Another way, similar to the windows client, could be to run a separate
> ssh instance that binds to a random port on the localhost lo-device
> only. That's where the reverse SSH tunnel (server -> client) has its
> endpoint.
>
> sshd -o ListenAddress 127.0.0.1:<someport> -o <someOtherOption>
>
>
> Hope to be of help,
> Mike
>
Hi, Mike, and welcome to a great project. As you suggest, it is a
client and not a session setting hence it does not appear in the session
definitions. If you go to Options / Settings in the client menu, you
will see an option to set the client side port. We do always set this
to a non-standard port for security reasons as you also suggest. Thanks
- John
More information about the x2go-dev
mailing list