[X2Go-User] x2go Broker GUI selection issue [command = ]
Stefan Baur
X2Go-ML-1 at baur-itcs.de
Thu Jul 16 19:04:09 CEST 2020
Am 16.07.20 um 18:22 schrieb Jyoti Kumar:
> Now I want to login broker server through ssh .pem key, how to do that ? I am using x2go client in Windows 7.
You don't. ;)
X2GoClient on Windows can read OpenSSH Private Key files, and it can
work with pageant.exe, which in turn can read PuTTY-style SSH Private
Key files.
> If I share user id and password of broker server to anyone, he can login through Putty or any Terminal via " ssh 192.168.0.19 " as well as through x2go client. It seems risky .
>
> How to secure it ?
> Is there a way to disable putty or terminal access of ssh and allow only through x2go client.
X2Go is not a security mechanism, X2Go is a remote desktop/remote
application tool. You need to use the standard Linux security
mechanisms to lock down your system. However, I would guess it's near
impossible to lock it down in a way that login via SSH to a shell is
blocked, but X2Go still works.
If you want to increase security against people that are not supposed to
be using your server, that can be done with 2FA (either SSH keyfiles, or
various OTP methods). But blocking a legitimate user from running the
shell, while still allowing X2Go ... no.
A longer explanation why this won't work, and why this is the wrong way
to solve your issue, can be found in this bug report from a while ago:
<https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1465>
-Stefan
--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
More information about the x2go-user
mailing list