Hi, some time ago I have successfully set up the x2goclient 4.1.0.0 for Windows to access some Linux machines via an ssh security gateway. It worked fine. Yesterday I wanted to use that connection with x2gclient 4.1.2.0 and it failed. Today I have tracked this down a bit more and can report this information: - it works with 4.1.0.0 - it stops working with 4.1.1.1 or newer - the session configuration looks like this: - Server: - Host: destination host behind the gateway - Use proxy server for ssh connection - Proxy: - Proxy type: ssh - Proxy host: gateway - Proxy port: 22 - use same user as for x2go server - The connection interactively asks for the password of the gateway and fails directly after entering it.
The gateway is setup like this: 1. ssh <user>@gateway 2. run one of two valid commands. Any other command will immediately abort the connection to the gateway. The main allowed command is ssh to a number of defined hosts. The other command is irrelevant here. Here's some log: (invalid command) ------------------------------------ $ ssh user@gateway Password: [entering my secure password from password generator] Last login: Thu May 16 15:30:02 2019 from [CENSORED] Enter command: echo test Connection to gateway closed. ------------------------------------ Here's some log: (valid command) ------------------------------------ $ ssh user@gateway Password: [entering my secure password from password generator] Last login: Thu May 16 16:08:59 2019 from [CENSORED] Enter command: ssh desthost key_from_blob: remaining bytes in key blob 36 ssh-keysign not enabled in /usr/pkg/etc/ssh/ssh_config ssh_keysign: no reply key_sign failed Last login: Tue Apr 30 16:37:30 2019 from CENSORED [Prompt on desthost] $ ------------------------------------ Working debug log (4.1.0.0): ----------------------------------------------------------- x2go-DEBUG-../src/onmainwindow.cpp:2860> Starting new ssh connection to server:"desthost":"22" krbLogin: false x2go-DEBUG-../src/sshmasterconnection.cpp:175> SshMasterConnection, host "desthost"port 22user "username"useproxy trueproxyserver "gateway"proxyport 22 x2go-DEBUG-../src/sshmasterconnection.cpp:212> Starting SSH connection without Kerberos authentication. x2go-DEBUG-../src/sshmasterconnection.cpp:216> SshMasterConnection, instance SshMasterConnection(0x318fb40) created. x2go-DEBUG-../src/sshmasterconnection.cpp:452> SshMasterConnection, instance SshMasterConnection(0x318fb40) entering thread. x2go-DEBUG-../src/sshmasterconnection.cpp:456> proxyserver: "gateway"proxyport: 22proxylogin: "username" x2go-DEBUG-../src/sshmasterconnection.cpp:175> SshMasterConnection, host "gateway"port 22user "username"useproxy falseproxyserver ""proxyport 0 x2go-DEBUG-../src/sshmasterconnection.cpp:212> Starting SSH connection without Kerberos authentication. x2go-DEBUG-../src/sshmasterconnection.cpp:216> SshMasterConnection, instance SshMasterConnection(0x318fbf8) created. x2go-DEBUG-../src/sshmasterconnection.cpp:452> SshMasterConnection, instance SshMasterConnection(0x318fbf8) entering thread. x2go-DEBUG-../src/sshmasterconnection.cpp:488> libssh not initialized yet. Initializing. x2go-DEBUG-../src/sshmasterconnection.cpp:532> Setting SSH directory to "C:/Users/xxx/ssh" x2go-DEBUG-../src/sshmasterconnection.cpp:799> cserverAuth x2go-DEBUG-../src/sshmasterconnection.cpp:814> state: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:650> Setting SSH directory to "C:/Users/xxx/ssh" x2go-DEBUG-../src/sshmasterconnection.cpp:989> Challenge authentication requested. x2go-DEBUG-../src/sshmasterconnection.cpp:867> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:873> Prompt[0]: |Password: | x2go-DEBUG-../src/sshmasterconnection.cpp:879> Password request x2go-DEBUG-../src/sshmasterconnection.cpp:867> Have prompts: 0 x2go-DEBUG-../src/sshmasterconnection.cpp:950> Challenge authentication OK. x2go-DEBUG-../src/sshmasterconnection.cpp:664> User authentication OK. x2go-DEBUG-../src/sshmasterconnection.cpp:224> SSH proxy connected. ----------------------------------------------------------- Non-working debug log (4.1.1.1): ----------------------------------------------------------- x2go-DEBUG-../src/sshmasterconnection.cpp:175> SshMasterConnection, host "desthost"; port 22; user "username"; useproxy true; proxyserver "gateway"; proxyport 22 x2go-DEBUG-../src/sshmasterconnection.cpp:248> Starting SSH connection without Kerberos authentication. x2go-DEBUG-../src/sshmasterconnection.cpp:252> SshMasterConnection, instance SshMasterConnection(0x35aed70) created. x2go-DEBUG-../src/sshmasterconnection.cpp:520> SshMasterConnection, instance SshMasterConnection(0x35aed70) entering thread. x2go-DEBUG-../src/sshmasterconnection.cpp:524> proxyserver: "gateway"; proxyport: 22; proxylogin: "username" x2go-DEBUG-../src/sshmasterconnection.cpp:175> SshMasterConnection, host "gateway"; port 22; user "username"; useproxy false; proxyserver ""; proxyport 0 x2go-DEBUG-../src/sshmasterconnection.cpp:248> Starting SSH connection without Kerberos authentication. x2go-DEBUG-../src/sshmasterconnection.cpp:252> SshMasterConnection, instance SshMasterConnection(0x3543230) created. x2go-DEBUG-../src/sshmasterconnection.cpp:520> SshMasterConnection, instance SshMasterConnection(0x3543230) entering thread. x2go-DEBUG-../src/sshmasterconnection.cpp:592> Setting SSH directory to C:/Users/xxx/ssh x2go-DEBUG-../src/sshmasterconnection.cpp:840> Session port before config file parse: 22 x2go-DEBUG-../src/sshmasterconnection.cpp:850> Session port after config file parse: 22 x2go-DEBUG-../src/sshmasterconnection.cpp:915> Session port before config file parse (part 2): 22 x2go-DEBUG-../src/sshmasterconnection.cpp:925> Session port after config file parse (part 2): 22 x2go-DEBUG-../src/sshmasterconnection.cpp:950> cserverAuth x2go-DEBUG-../src/sshmasterconnection.cpp:991> state: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:711> Setting SSH directory to C:/Users/xxx/ssh x2go-DEBUG-../src/sshmasterconnection.cpp:1263> Challenge authentication requested. x2go-DEBUG-../src/sshmasterconnection.cpp:1132> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1138> Prompt[0]: |Password: | x2go-DEBUG-../src/sshmasterconnection.cpp:1144> Password request x2go-DEBUG-../src/sshmasterconnection.cpp:1132> Have prompts: 0 x2go-DEBUG-../src/sshmasterconnection.cpp:1226> Challenge authentication OK. x2go-DEBUG-../src/sshmasterconnection.cpp:726> User authentication OK. x2go-DEBUG-../src/sshmasterconnection.cpp:740> Login Check - Failed x2go-DEBUG-../src/sshmasterconnection.cpp:459> SSH proxy interaction finished x2go-DEBUG-../src/sshmasterconnection.cpp:802> SshMasterConnection, instance SshMasterConnection(0x35aed70) waiting for thread to finish. x2go-DEBUG-../src/sshmasterconnection.cpp:806> SshMasterConnection, instance SshMasterConnection(0x35aed70) thread finished. x2go-DEBUG-../src/sshmasterconnection.cpp:813> SshMasterConnection, instance SshMasterConnection(0x35aed70) finished destructor. ----------------------------------------------------------- In the non-working case we see "Login Check - Failed", the rest of the log looks the same. I think that login check is issuing a command on the proxy to check if the proxy is working ("echo LOGIN OK"). And due to the nature of our gateway (see above) this fails, because it is an invalid command. Unfortunately I don't really see if this assumption is correct because I have no access to the gateway logs and the x2goclient logs do not contain any information _why_ the login check failed. I have tried getting some gateway logs but I have not yet gotten anything. Is there anything I can do to bypass that login check? Uli _______________________________________________ x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev