[X2Go-Dev] X2go, printing, Vserver, PostgreSQL - PS

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Wed Sep 26 09:17:22 CEST 2012 

Hi Ted,

On Di 25 Sep 2012 18:05:08 CEST  wrote:

> ...and given that we cannot get do a manual ssh command line  
> connection from the cups server/Vserver Host (which is this design  
> we assume is the "ssh client") to the x2go server/Vserver Guest  
> (which would then be the "ssh server") that that is probably where  
> the problem lies (which we think is what John is suggesting).

Yes, this is needed.

> FYI  though we cannot ping the Vserver guest from the host or visa  
> versa by domain name (each can resolve to itself if we ping within

Why not??? This is also needed as the X2Go session DB stores  
hostnames, not IPs.

> the respective environments...i.e., in the Vserver host, if we ping  
> "servername.myhost.com" the ip resolves),  we think this is some  
> sort of network protocol/firewall issue (the inability to ping by  
> domain name) and not the source of the problem, but could be wrong.

It is another source of the problem. And it is not a firewall issue.  
Put your hostnames in /etc/hosts of the machines if you cannot set up  
DNS as needed for X2Go.

> Are guessing this is an ssh issue and are working to sort that.  We  
> have some security concerns about have an active ssh between Vserver  
> guests and hosts, but figure we want to get the printing working  
> first and then think about possible security issues.

You can heavily restrict ssh daemon access in /etc/ssh/sshd_config.  
Feel free to narrow SSH access down as much as needed.

> SO...when we first try to connect via ssh commands from the cups  
> server on the vserver host to the x2go server on the Vserver guest  
> with the postgreSQL back end per  
> http://www.x2go.org/doku.php/wiki:advanced:multi-node:x2goserver-printing,  
> we get...
>
> RSA key fingerprint is dd:04:0f:56:5f:23:a8:71:e6:d8:aa:64:4c:91:16:0d.
> Are you sure you want to continue connecting (yes/no)? yesWarning:  
> Permanently added '192.168.1.112' (RSA) to the list of known hosts.
> Permission denied (publickey).

Then your private/public key pair is not working properly.

> We couldn't get the initial "here's how you move the public key from  
> the client to the authorized_keys on the server", so we created  
> /home/x2goprint/.ssh and added the public key info to  
> authorized_keys there by hand....this also may be the source of the  
> problem.  We've tried checking the permissions and ownership on  
> /home/x2goprint and it's .ssh and authorized_keys, as well as the  
> x2go servers sshd_config file but no joy yet.  Interestingly, our  
> attempts do create a know_hosts file so we think some level of  
> connection occurs.

What does ,,getent passwd x2goprint'' tell you about x2goprint's home  
directory. I have no idea why you cling to /home/x2goprint. This is  
_not_ (!!!) the home of the x2goprint user as created on a default  
X2Go server installation.

> What's interesting, is that the print jobs show up in the  
> /var/spool/cups logs on the cups server (Vserver host), so there

No, that is not interesting at all. (Sorry for my sarcasm). This is  
where CUPS (not cups-x2go) puts the spool job files. The fact, that  
the files appear in /var/spool/cups simply means that your CUPS  
installation is working. It does not say anythin about X2Go  
functioning or not.

> seems to be some level of connection....sowe're guessing the the  
> correct ssh connection is "the problem" we need to fix for x2goprint  
> (the script) to work.
>
> Thanks for the input - may write back with questions, or hopefully  
> "this is how we solved this"...

:-)

> Best,

Greets,
Mike


-- 

DAS-NETZWERKTEAM
mike gabriel, rothenstein 5, 24214 neudorf-bornstein
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20120926/164513de/attachment.pgp>

More information about the x2go-dev mailing list