[X2Go-Dev] [X2Go-User] Global ssh-agent

Orion Poplawski orion at cora.nwra.com
Thu Dec 3 06:47:58 CET 2015 

On 12/01/2015 12:34 AM, Dmitry Bely wrote:
> Hi Orion,
>
> On Thu, Nov 26, 2015 at 2:11 AM, Orion Poplawski <orion at cora.nwra.com> wrote:
>> On 11/24/2015 05:10 AM, Dmitry Bely wrote:
>>> Hi,
>>>
>>> I would like to use ssh-agent globally for X session (Debian/MATE if
>>> it matters). X session starts it itself and when I login to X locally
>>> it works as expected (SSH_AGENT_PID and SSH_AUTH_SOCK environment
>>> variables are set correctly). But if I connect to the host via x2go,
>>> strange things happen: in any terminal session SSH_AUTH_SOCK points to
>>> non-existing path and SSH_AGENT_PID is not set at all. I tried to work
>>> around this adding to ~/.bashrc:
>>>
>>> if [ ! -S ~/.ssh/ssh_auth_sock ]; then
>>>    eval `ssh-agent -s`
>>>    ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock
>>> fi
>>> export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sock
>>>
>>> This way SSH_AUTH_SOCK is correct but SSH_AGENT_PID is surprisingly
>>> unset somethere. Any idea how to fix that?
>>>
>>
>> I don't quite follow what you mean by "globally".  Are you using
>> desktop-sharing and connecting to an existing X session and want to use that
>> ssh-agent?
>
> I need one ssh-agent per X session that all child processes can access.
>
>> In that case perhaps your x2go ssh connection is forwarding the
>> ssh-agent connection from the client machine and you need to disable the agent
>> forwarding.
>
> Probably you are right. But how to disable it in QT4 x2goclient? If I add
>
> Host *
> ForwardAgent no
>
> to ~/.ssh/config it affects a separate ssh session but not
> x2goclient's one. And I failed to find any command line/GUI x2goclient
> option that is related to ssh agent forwarding.

Hmm, it appears that the code never calls ssh_options_parse_config(), 
whether by intention or not I do not know.  CCing the dev list to get 
their take on it.  But the libssh docs indicate that it should be 
called: 
http://api.libssh.org/master/group__libssh__session.html#ga7a801b85800baa3f4e16f5b47db0a73d

And I can confirm that x2goclient does appear to forward the SSH_AGENT 
at least if using the ssh-agent for authentication to the remote server.

-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA/CoRA Division                    FAX: 303-415-9702
3380 Mitchell Lane                  orion at cora.nwra.com
Boulder, CO 80301              http://www.cora.nwra.com

More information about the x2go-dev mailing list