[X2go-dev] ENHANCEMENT-REQUEST: x2goclient -- option for reverse SSH port
Hi there,
in the current x2goclient package (3.01-5, Debian, Qt version) there
is need for an option to configure the reverse SSH port number (i.e.
the SSH daemon's port on the client side). This option should be a
client wide config option (not a per-session option).
Printing and file sharing (sshfs/fuse) build up a reverse port
forwarding tunnel from the x2goserver back to the client. This feature
is used for x2goprint and x2gomountdirs (if I understand the perl code
correctly) and could also be used for any other feature that could be
evoked by a reverse SSH connection...
The linux x2goclient, however, pre-requisites a running ssh daemon on
the client system. Its standard port is 22. The x2goclient will only
work if the client's SSH daemon runs on the default port 22. It will
fail if the port has been set to a custom (high) port.
Consider a client, whose system administrator has set the SSH port to
a high --- to potential intruders unknown --- port number (e.g.
20222). With such an SSH setup, sshfs/fuse will fail...
Reproduce:
o modify /etc/ssh/sshd_config
o set ,,Port 20222'' (or something else)
o /etc/init.d/ssh restart
o start x2goclient as some user and login to a remote x2goserver
o start a shell within the x2go session on the server
o type ,,mount | grep sshfs''
Suggestions:
(a)
add a global SSH port number option to the x2goclient (linux-only).
(b)
Another way for the x2goclient could be some autodetect code:
lsof -ni | egrep ^sshd.*root.*IPv4 | awk '{ print $8 }'
(c)
Another way, similar to the windows client, could be to run a separate
ssh instance that binds to a random port on the localhost lo-device
only. That's where the reverse SSH tunnel (server - client) has its
endpoint.
sshd -o ListenAddress 127.0.0.1:someport -o someOtherOption
Hope to be of help,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419
eMail-LeseSchreibStunde: wochentags 8h-10h
mail: m.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
___
X2go-dev mailing list
X2go-dev@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/x2go-dev
[X2go-dev] FEATURE-REQUESTS: increase log/debug output
Hi, I find debugging of the x2go server side script a bit difficult. IMHO there could/should be more verbosity explaining processings and failures in the x2goserver logs. Of course, this should be configurable --- i.e. it needs a switch to be turned on or off... If there is a concept on how to log events in the x2goserver, please let me know and I would love to add debug verbosity. Best, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb ___ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
[X2go-dev] BUG-REPORT: login by non-x2gousers account increase server load
Hi there, here is a little --- what seems to me like a --- bug report... SERVER (Ubuntu Lucid) x2goserver-home: 3.0.1-1 x2goserver-one: 3.0.1-1 x2goserver: 3.0.1-5 CLIENT (Debian Lenny; Ubuntu Karmic/Lucid) x2goclient: 3.0.1-5 When logging in to the x2goserver with an account that is not in the x2gousers group on the x2goserver, I see hundreds of sudo errors in the auth.log file on the server (about 50-60, every 5 seconds): quote Jun 23 13:12:46 hostname sudo: uid : no tty present and no askpass program specified ; TTY=unknown ; PWD=homedir ; USER=root ; COMMAND=/usr/bin/x2gopgwrapper insertsession pid fqdn.hostname session-id /quote To my understanding, the x2goserver should just say: ,,NO, you are not supposed to login, as you are not in the x2gousers group on this server... Goodbye and Farewell...'' Instead the x2goclient waits endlessly for a login... BTW: once you add a user to the x2gousers group the login from the x2goclient proceeds as normal... greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb ___ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
Re: [X2go-dev] ENHANCEMENT-REQUEST: x2goclient -- option for reverse SSH port
On Fri, 2010-06-25 at 22:11 +0200, Mike Gabriel wrote:
Hi there,
in the current x2goclient package (3.01-5, Debian, Qt version) there
is need for an option to configure the reverse SSH port number (i.e.
the SSH daemon's port on the client side). This option should be a
client wide config option (not a per-session option).
Printing and file sharing (sshfs/fuse) build up a reverse port
forwarding tunnel from the x2goserver back to the client. This feature
is used for x2goprint and x2gomountdirs (if I understand the perl code
correctly) and could also be used for any other feature that could be
evoked by a reverse SSH connection...
The linux x2goclient, however, pre-requisites a running ssh daemon on
the client system. Its standard port is 22. The x2goclient will only
work if the client's SSH daemon runs on the default port 22. It will
fail if the port has been set to a custom (high) port.
Consider a client, whose system administrator has set the SSH port to
a high --- to potential intruders unknown --- port number (e.g.
20222). With such an SSH setup, sshfs/fuse will fail...
Reproduce:
o modify /etc/ssh/sshd_config
o set ,,Port 20222'' (or something else)
o /etc/init.d/ssh restart
o start x2goclient as some user and login to a remote x2goserver
o start a shell within the x2go session on the server
o type ,,mount | grep sshfs''
Suggestions:
(a)
add a global SSH port number option to the x2goclient (linux-only).
(b)
Another way for the x2goclient could be some autodetect code:
lsof -ni | egrep ^sshd.*root.*IPv4 | awk '{ print $8 }'
(c)
Another way, similar to the windows client, could be to run a separate
ssh instance that binds to a random port on the localhost lo-device
only. That's where the reverse SSH tunnel (server - client) has its
endpoint.
sshd -o ListenAddress 127.0.0.1:someport -o someOtherOption
Hope to be of help,
Mike
Hi, Mike, and welcome to a great project. As you suggest, it is a
client and not a session setting hence it does not appear in the session
definitions. If you go to Options / Settings in the client menu, you
will see an option to set the client side port. We do always set this
to a non-standard port for security reasons as you also suggest. Thanks
- John
___
X2go-dev mailing list
X2go-dev@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/x2go-dev
[X2go-dev] BUG-REPORT: x2goclient (Windows): pulseaudio missing pa_stream_proplist_update patch
Hi there, pulseaudio in x2goclient (Windows, 3.0.1-5) is probably missing a patch that was introduced on 2009/05/18. http://launchpadlibrarian.net/26903656/lp-348540-pulsesink.patch When connecting from Windows to Ubuntu Lucid, pulseaudio crashes once you start totem to play an mp3 or other file. A pop up error appears, stating: Es ist ein Fehler aufgetreten pa_stream_proplist_update() failed: Nicht untersützt Best, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb ___ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
Re: [X2go-dev] ENHANCEMENT-REQUEST: x2goclient -- option for reverse SSH port
On Fr 25 Jun 2010 22:43:28 CEST John A. Sullivan III wrote: On Fri, 2010-06-25 at 22:11 +0200, Mike Gabriel wrote: Hi there, in the current x2goclient package (3.01-5, Debian, Qt version) there is need for an option to configure the reverse SSH port number (i.e. the SSH daemon's port on the client side). This option should be a client wide config option (not a per-session option). Hi, Mike, and welcome to a great project. As you suggest, it is a client and not a session setting hence it does not appear in the session definitions. If you go to Options / Settings in the client menu, you will see an option to set the client side port. We do always set this to a non-standard port for security reasons as you also suggest. Thanks - John Ohhh... I got so distracted by all that LDAP stuff, I missed the bottom line... Now I can see it... Thanks a lot, sorry for the verbosity... Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb ___ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
