[X2Go-User] x2go with SSH two-factor authentication
Daniel Lo Nigro
lists at dan.cx
Wed Jun 29 19:32:21 CEST 2016
Hi!
My employer use two-factor authentication via Yubikey. Whenever I SSH to my
development server, I use Kerberos to authenticate, and then it prompts for
a Yubikey or Duo code. If I try to connect via the X2Go client, I get a
message like this:
Authentication failed.
Check your GSSApi configuration or choose another authentication method.
Checking the logs on the server, it looks like Kerberos auth is successful,
but then X2Go is disconnecting once it receives the keyboard-interactive
auth request.
I managed to get it working using a super hacky method: I connect to my
server via my regular SSH client, and forward some random port (eg. 1234)
to localhost:22. Then I connect to localhost:1234 in X2Go, essentially
tunneling a new SSH connection over the existing SSH connection. The server
is configured to allow local connections to bypass two-factor auth, so this
works around the issue in X2Go. It seems silly to tunnel SSH over SSH
though.
Any ideas on how to get this working properly with X2Go? It looks like
Paramiko supports this configuration:
https://github.com/paramiko/paramiko/pull/467
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20160629/043ebb5e/attachment.html>
More information about the x2go-user
mailing list