[X2Go-User] Help need with Linux-Linux Kerberos Authentication

rubens.zanatta at grad.ufsc.br rubens.zanatta at grad.ufsc.br
Mon Jan 21 14:46:27 CET 2019


Hello there. 

We're trying to use X2Go in our campus as a user friendly Linux-Linux
remote desktop solution. We would also like a SingleSingOn approach, so
we chose to use kerberos authentication between the Linux clients and
the X2Go server. 

We already have a working KDC that authenticates a SSH server, as a
test. On the client I have the Kerberos 5 Auth. option checked, but when
I attempt the connection, the screen remains blank and never connects.
The log shows this socket error but the authentication seems to be
working.

> x2go-INFO-8> "Starting connection to server: newhost.com:22"
> x2go-DEBUG-../src/onmainwindow.cpp:3007> Starting new ssh connection to server:"newhost.com":"22" krbLogin: true
> x2go-DEBUG-../src/sshmasterconnection.cpp:175> SshMasterConnection, host "newhost.com"; port 22; user "remoto"; useproxy false; proxyserver ""; proxyport 22
> x2go-DEBUG-../src/sshmasterconnection.cpp:244> Starting SSH connection with Kerberos authentication.
> x2go-DEBUG-../src/sshmasterconnection.cpp:252> SshMasterConnection, instance SshMasterConnection(0x55e041b1c730) created.
> x2go-DEBUG-../src/sshmasterconnection.cpp:520> SshMasterConnection, instance SshMasterConnection(0x55e041b1c730) entering thread.
> x2go-DEBUG-../src/sshmasterconnection.cpp:834> Session port before config file parse: 22
> x2go-DEBUG-../src/sshmasterconnection.cpp:844> Session port after config file parse: 22
> x2go-DEBUG-../src/sshmasterconnection.cpp:909> Session port before config file parse (part 2): 22
> x2go-DEBUG-../src/sshmasterconnection.cpp:919> Session port after config file parse (part 2): 22
> x2go-DEBUG-../src/sshmasterconnection.cpp:944> cserverAuth
> x2go-DEBUG-../src/sshmasterconnection.cpp:985> state: 1
> 
> x2go-DEBUG-../src/sshmasterconnection.cpp:1633> Starting ssh:"ssh" "-o GSSApiAuthentication=yes -o PasswordAuthentication=no -o PubkeyAuthentication=no -p 22 -l remoto newhost.com bash -l -c 'echo \"X2GODATABEGIN:eb840c04-8bb1-44b2-b29f-e29332c0354e\"; export TERM=\"dumb\"; whoami; echo \"X2GODATAEND:eb840c04-8bb1-44b2-b29f-e29332c0354e\";'"
> 
> x2go-DEBUG-../src/sshmasterconnection.cpp:1661> SSH exited.
> x2go-DEBUG-../src/sshmasterconnection.cpp:1662> stdout: "X2GODATABEGIN:eb840c04-8bb1-44b2-b29f-e29332c0354e\nremoto\nX2GODATAEND:eb840c04-8bb1-44b2-b29f-e29332c0354e\n"
> 
> x2go-DEBUG-../src/sshmasterconnection.cpp:1663> stderr: ""
> 
> x2go-DEBUG-../src/sshmasterconnection.cpp:1664> Exit code: 0; status: QProcess::ExitStatus(NormalExit)
> 
> X2GO-DEBUG-../SRC/SSHMASTERCONNECTION.CPP:726> USER AUTHENTICATION OK.
> X2GO-DEBUG-../SRC/SSHMASTERCONNECTION.CPP:1727> "SSH_CHANNEL_OPEN_SESSION FAILED": "SOCKET ERROR: DISCONNECTED"
> 
> x2go-DEBUG-../src/sshmasterconnection.cpp:735> Login Check - Failed
> x2go-DEBUG-../src/onmainwindow.cpp:3167> Closed SSH Session interaction

The documentation on the wiki is blank when it comes to the advanced
section and kerberos authentication methods, and I could not find past
use cases regarding this approach on the mailing lists (I could've
missed it though). 

Are there any additional configurations needed on the server side or any
insights regarding this connection error? Any help towards this setup is
appreciated. 

Regards,
Rubens Zanatta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20190121/ce53415e/attachment.html>


More information about the x2go-user mailing list