[X2go-dev] ENHANCEMENT-REQUEST: x2goclient -- option for reverse SSH port
Hi there, in the current x2goclient package (3.01-5, Debian, Qt version) there is need for an option to configure the reverse SSH port number (i.e. the SSH daemon's port on the client side). This option should be a client wide config option (not a per-session option). Printing and file sharing (sshfs/fuse) build up a reverse port forwarding tunnel from the x2goserver back to the client. This feature is used for x2goprint and x2gomountdirs (if I understand the perl code correctly) and could also be used for any other feature that could be evoked by a reverse SSH connection... The linux x2goclient, however, pre-requisites a running ssh daemon on the client system. Its standard port is 22. The x2goclient will only work if the client's SSH daemon runs on the default port 22. It will fail if the port has been set to a custom (high) port. Consider a client, whose system administrator has set the SSH port to a high --- to potential intruders unknown --- port number (e.g. 20222). With such an SSH setup, sshfs/fuse will fail... Reproduce: o modify /etc/ssh/sshd_config o set ,,Port 20222'' (or something else) o /etc/init.d/ssh restart o start x2goclient as some user and login to a remote x2goserver o start a shell within the x2go session on the server o type ,,mount | grep sshfs'' Suggestions: (a) add a global SSH port number option to the x2goclient (linux-only). (b) Another way for the x2goclient could be some autodetect code: lsof -ni | egrep ^sshd.*root.*IPv4 | awk '{ print $8 }' (c) Another way, similar to the windows client, could be to run a separate ssh instance that binds to a random port on the localhost lo-device only. That's where the reverse SSH tunnel (server - client) has its endpoint. sshd -o ListenAddress 127.0.0.1:someport -o someOtherOption Hope to be of help, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb ___ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
Re: [X2go-dev] ENHANCEMENT-REQUEST: x2goclient -- option for reverse SSH port
On Fri, 2010-06-25 at 22:11 +0200, Mike Gabriel wrote: Hi there, in the current x2goclient package (3.01-5, Debian, Qt version) there is need for an option to configure the reverse SSH port number (i.e. the SSH daemon's port on the client side). This option should be a client wide config option (not a per-session option). Printing and file sharing (sshfs/fuse) build up a reverse port forwarding tunnel from the x2goserver back to the client. This feature is used for x2goprint and x2gomountdirs (if I understand the perl code correctly) and could also be used for any other feature that could be evoked by a reverse SSH connection... The linux x2goclient, however, pre-requisites a running ssh daemon on the client system. Its standard port is 22. The x2goclient will only work if the client's SSH daemon runs on the default port 22. It will fail if the port has been set to a custom (high) port. Consider a client, whose system administrator has set the SSH port to a high --- to potential intruders unknown --- port number (e.g. 20222). With such an SSH setup, sshfs/fuse will fail... Reproduce: o modify /etc/ssh/sshd_config o set ,,Port 20222'' (or something else) o /etc/init.d/ssh restart o start x2goclient as some user and login to a remote x2goserver o start a shell within the x2go session on the server o type ,,mount | grep sshfs'' Suggestions: (a) add a global SSH port number option to the x2goclient (linux-only). (b) Another way for the x2goclient could be some autodetect code: lsof -ni | egrep ^sshd.*root.*IPv4 | awk '{ print $8 }' (c) Another way, similar to the windows client, could be to run a separate ssh instance that binds to a random port on the localhost lo-device only. That's where the reverse SSH tunnel (server - client) has its endpoint. sshd -o ListenAddress 127.0.0.1:someport -o someOtherOption Hope to be of help, Mike Hi, Mike, and welcome to a great project. As you suggest, it is a client and not a session setting hence it does not appear in the session definitions. If you go to Options / Settings in the client menu, you will see an option to set the client side port. We do always set this to a non-standard port for security reasons as you also suggest. Thanks - John ___ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
Re: [X2go-dev] ENHANCEMENT-REQUEST: x2goclient -- option for reverse SSH port
On Fr 25 Jun 2010 22:43:28 CEST John A. Sullivan III wrote: On Fri, 2010-06-25 at 22:11 +0200, Mike Gabriel wrote: Hi there, in the current x2goclient package (3.01-5, Debian, Qt version) there is need for an option to configure the reverse SSH port number (i.e. the SSH daemon's port on the client side). This option should be a client wide config option (not a per-session option). Hi, Mike, and welcome to a great project. As you suggest, it is a client and not a session setting hence it does not appear in the session definitions. If you go to Options / Settings in the client menu, you will see an option to set the client side port. We do always set this to a non-standard port for security reasons as you also suggest. Thanks - John Ohhh... I got so distracted by all that LDAP stuff, I missed the bottom line... Now I can see it... Thanks a lot, sorry for the verbosity... Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb ___ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev