[X2go-Dev] [X2go-dev] x2goclient and ssh-agent

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Wed Jun 29 13:57:20 CEST 2011 

Hi Heiko,

On Do 23 Jun 2011 10:17:45 CEST Heiko Baumann wrote:

> Hi Mike,
>
> first at all sorry for my late answer. i was very busy.
>
> yes i want to access a "share" on a server in the same subnet as the  
> x2goserver. but not from my x2goclient machine via ssh reverse  
> tunnel. i just want to access the "share" from within my x2goclient  
> session. this is imho a standard use case for a terminal server  
> environment. i can already do this with sshfs from the x2goserver  
> via password authentication. but if the fileserver does not allow  
> ssh password auth it is impossible. for sure i could create another  
> ssh private key on the x2goserver and put the public key part on the  
> fileserver. but this maybe not wanted if you have one identity (ssl  
> cert/ssh key) for each user which should only be securely stored on  
> a smartcard.
>
>
> here is how it works:
>
> Agent pid 8086
> 09:52:47 nb-heikob ~ # ssh -A terminalix-hbslx
> terminalix-hbslx ~ # dir /tmp/ssh-tHRmT17232/
> insgesamt 512
> drwx------  2 root root  80 23. Jun 09:52 .
> drwxrwxrwt 14 root root 496 23. Jun 09:52 ..
> srwxr-xr-x  1 root root   0 23. Jun 09:52 agent.17232
>
> terminalix-hbslx ~ # ssh remotix-hbslx
> remotix-hbslx ~ # logout
> Connection to remotix-hbslx closed.
>
>
>
> if the local ssh agent socket does not exists, login via agent  
> forwarding does not work:
>
> terminalix-hbslx ~ # rm /tmp/ssh-tHRmT17232/ -r
>
> terminalix-hbslx ~ # ssh remotix-hbslx
> Permission denied (publickey,gssapi-with-mic,keyboard-interactive).
> terminalix-hbslx ~ #
>
> to get ssh-agent forwarding working with an old x2goclient version  
> (before using libssh2) i've modified sources to start an additional  
> persistent ssh tunnel to the x2goserver. this works for me but i  
> guess it is a ugly hack and it only works with this old version.
>
> hope this clears things up.

Yes it does. I have explicitly Cc:ed Alex to my reply so maybe he can  
take a look... It seems that x2goclient can use ssh-agent as a client,  
but does not pass the agent socket on to the server. This could indeed  
be improved!!!

Greets,
Mike




-- 

DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419

GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20110629/48d376e2/attachment.pgp>

More information about the x2go-dev mailing list