[X2go-dev] ENHANCEMENT-REQUEST: x2goclient -- option for reverse SSH port
Hi there,
in the current x2goclient package (3.01-5, Debian, Qt version) there
is need for an option to configure the reverse SSH port number (i.e.
the SSH daemon's port on the client side). This option should be a
client wide config option (not a per-session option).
Printing and file sharing (sshfs/fuse) build up a reverse port
forwarding tunnel from the x2goserver back to the client. This feature
is used for x2goprint and x2gomountdirs (if I understand the perl code
correctly) and could also be used for any other feature that could be
evoked by a reverse SSH connection...
The linux x2goclient, however, pre-requisites a running ssh daemon on
the client system. Its standard port is 22. The x2goclient will only
work if the client's SSH daemon runs on the default port 22. It will
fail if the port has been set to a custom (high) port.
Consider a client, whose system administrator has set the SSH port to
a high --- to potential intruders unknown --- port number (e.g.
20222). With such an SSH setup, sshfs/fuse will fail...
Reproduce:
o modify /etc/ssh/sshd_config
o set ,,Port 20222'' (or something else)
o /etc/init.d/ssh restart
o start x2goclient as some user and login to a remote x2goserver
o start a shell within the x2go session on the server
o type ,,mount | grep sshfs''
Suggestions:
(a)
add a global SSH port number option to the x2goclient (linux-only).
(b)
Another way for the x2goclient could be some autodetect code:
lsof -ni | egrep ^sshd.*root.*IPv4 | awk '{ print $8 }'
(c)
Another way, similar to the windows client, could be to run a separate
ssh instance that binds to a random port on the localhost lo-device
only. That's where the reverse SSH tunnel (server - client) has its
endpoint.
sshd -o ListenAddress 127.0.0.1:someport -o someOtherOption
Hope to be of help,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419
eMail-LeseSchreibStunde: wochentags 8h-10h
mail: m.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
___
X2go-dev mailing list
X2go-dev@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/x2go-dev
Re: [X2go-dev] ENHANCEMENT-REQUEST: x2goclient -- option for reverse SSH port
On Fri, 2010-06-25 at 22:11 +0200, Mike Gabriel wrote:
Hi there,
in the current x2goclient package (3.01-5, Debian, Qt version) there
is need for an option to configure the reverse SSH port number (i.e.
the SSH daemon's port on the client side). This option should be a
client wide config option (not a per-session option).
Printing and file sharing (sshfs/fuse) build up a reverse port
forwarding tunnel from the x2goserver back to the client. This feature
is used for x2goprint and x2gomountdirs (if I understand the perl code
correctly) and could also be used for any other feature that could be
evoked by a reverse SSH connection...
The linux x2goclient, however, pre-requisites a running ssh daemon on
the client system. Its standard port is 22. The x2goclient will only
work if the client's SSH daemon runs on the default port 22. It will
fail if the port has been set to a custom (high) port.
Consider a client, whose system administrator has set the SSH port to
a high --- to potential intruders unknown --- port number (e.g.
20222). With such an SSH setup, sshfs/fuse will fail...
Reproduce:
o modify /etc/ssh/sshd_config
o set ,,Port 20222'' (or something else)
o /etc/init.d/ssh restart
o start x2goclient as some user and login to a remote x2goserver
o start a shell within the x2go session on the server
o type ,,mount | grep sshfs''
Suggestions:
(a)
add a global SSH port number option to the x2goclient (linux-only).
(b)
Another way for the x2goclient could be some autodetect code:
lsof -ni | egrep ^sshd.*root.*IPv4 | awk '{ print $8 }'
(c)
Another way, similar to the windows client, could be to run a separate
ssh instance that binds to a random port on the localhost lo-device
only. That's where the reverse SSH tunnel (server - client) has its
endpoint.
sshd -o ListenAddress 127.0.0.1:someport -o someOtherOption
Hope to be of help,
Mike
Hi, Mike, and welcome to a great project. As you suggest, it is a
client and not a session setting hence it does not appear in the session
definitions. If you go to Options / Settings in the client menu, you
will see an option to set the client side port. We do always set this
to a non-standard port for security reasons as you also suggest. Thanks
- John
___
X2go-dev mailing list
X2go-dev@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/x2go-dev
Re: [X2go-dev] ENHANCEMENT-REQUEST: x2goclient -- option for reverse SSH port
On Fr 25 Jun 2010 22:43:28 CEST John A. Sullivan III wrote: On Fri, 2010-06-25 at 22:11 +0200, Mike Gabriel wrote: Hi there, in the current x2goclient package (3.01-5, Debian, Qt version) there is need for an option to configure the reverse SSH port number (i.e. the SSH daemon's port on the client side). This option should be a client wide config option (not a per-session option). Hi, Mike, and welcome to a great project. As you suggest, it is a client and not a session setting hence it does not appear in the session definitions. If you go to Options / Settings in the client menu, you will see an option to set the client side port. We do always set this to a non-standard port for security reasons as you also suggest. Thanks - John Ohhh... I got so distracted by all that LDAP stuff, I missed the bottom line... Now I can see it... Thanks a lot, sorry for the verbosity... Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb ___ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
