Hi,
some time ago I have successfully set up the x2goclient 4.1.0.0 for
Windows to access some Linux machines via an ssh security gateway. It
worked fine.
Yesterday I wanted to use that connection with x2gclient 4.1.2.0 and
it failed. Today I have tracked this down a bit more and can report
this information:
- it works with 4.1.0.0
- it stops working with 4.1.1.1 or newer
- the session configuration looks like this:
- Server:
- Host: destination host behind the gateway
- Use proxy server for ssh connection
- Proxy:
- Proxy type: ssh
- Proxy host: gateway
- Proxy port: 22
- use same user as for x2go server
- The connection interactively asks for the password of the gateway
and fails directly after entering it.
The gateway is setup like this:
1. ssh <user>@gateway
2. run one of two valid commands. Any other command will immediately
abort the connection to the gateway. The main allowed command is ssh
to a number of defined hosts. The other command is irrelevant here.
Here's some log: (invalid command)
------------------------------------
$ ssh user@gateway
Password: [entering my secure password from password generator]
Last login: Thu May 16 15:30:02 2019 from [CENSORED]
Enter command: echo test
Connection to gateway closed.
------------------------------------
Here's some log: (valid command)
------------------------------------
$ ssh user@gateway
Password: [entering my secure password from password generator]
Last login: Thu May 16 16:08:59 2019 from [CENSORED]
Enter command: ssh desthost
key_from_blob: remaining bytes in key blob 36
ssh-keysign not enabled in /usr/pkg/etc/ssh/ssh_config
ssh_keysign: no reply
key_sign failed
Last login: Tue Apr 30 16:37:30 2019 from CENSORED
[Prompt on desthost] $
------------------------------------
Working debug log (4.1.0.0):
-----------------------------------------------------------
x2go-DEBUG-../src/onmainwindow.cpp:2860> Starting new ssh connection
to server:"desthost":"22" krbLogin: false
x2go-DEBUG-../src/sshmasterconnection.cpp:175> SshMasterConnection,
host "desthost"port 22user "username"useproxy trueproxyserver
"gateway"proxyport 22
x2go-DEBUG-../src/sshmasterconnection.cpp:212> Starting SSH connection
without Kerberos authentication.
x2go-DEBUG-../src/sshmasterconnection.cpp:216> SshMasterConnection,
instance SshMasterConnection(0x318fb40) created.
x2go-DEBUG-../src/sshmasterconnection.cpp:452> SshMasterConnection,
instance SshMasterConnection(0x318fb40) entering thread.
x2go-DEBUG-../src/sshmasterconnection.cpp:456> proxyserver:
"gateway"proxyport: 22proxylogin: "username"
x2go-DEBUG-../src/sshmasterconnection.cpp:175> SshMasterConnection,
host "gateway"port 22user "username"useproxy falseproxyserver
""proxyport 0
x2go-DEBUG-../src/sshmasterconnection.cpp:212> Starting SSH connection
without Kerberos authentication.
x2go-DEBUG-../src/sshmasterconnection.cpp:216> SshMasterConnection,
instance SshMasterConnection(0x318fbf8) created.
x2go-DEBUG-../src/sshmasterconnection.cpp:452> SshMasterConnection,
instance SshMasterConnection(0x318fbf8) entering thread.
x2go-DEBUG-../src/sshmasterconnection.cpp:488> libssh not initialized
yet. Initializing.
x2go-DEBUG-../src/sshmasterconnection.cpp:532> Setting SSH directory
to "C:/Users/xxx/ssh"
x2go-DEBUG-../src/sshmasterconnection.cpp:799> cserverAuth
x2go-DEBUG-../src/sshmasterconnection.cpp:814> state: 1
x2go-DEBUG-../src/sshmasterconnection.cpp:650> Setting SSH directory
to "C:/Users/xxx/ssh"
x2go-DEBUG-../src/sshmasterconnection.cpp:989> Challenge
authentication requested.
x2go-DEBUG-../src/sshmasterconnection.cpp:867> Have prompts: 1
x2go-DEBUG-../src/sshmasterconnection.cpp:873> Prompt[0]: |Password: |
x2go-DEBUG-../src/sshmasterconnection.cpp:879> Password request
x2go-DEBUG-../src/sshmasterconnection.cpp:867> Have prompts: 0
x2go-DEBUG-../src/sshmasterconnection.cpp:950> Challenge authentication OK.
x2go-DEBUG-../src/sshmasterconnection.cpp:664> User authentication OK.
x2go-DEBUG-../src/sshmasterconnection.cpp:224> SSH proxy connected.
-----------------------------------------------------------
Non-working debug log (4.1.1.1):
-----------------------------------------------------------
x2go-DEBUG-../src/sshmasterconnection.cpp:175> SshMasterConnection,
host "desthost"; port 22; user "username"; useproxy true; proxyserver
"gateway"; proxyport 22
x2go-DEBUG-../src/sshmasterconnection.cpp:248> Starting SSH connection
without Kerberos authentication.
x2go-DEBUG-../src/sshmasterconnection.cpp:252> SshMasterConnection,
instance SshMasterConnection(0x35aed70) created.
x2go-DEBUG-../src/sshmasterconnection.cpp:520> SshMasterConnection,
instance SshMasterConnection(0x35aed70) entering thread.
x2go-DEBUG-../src/sshmasterconnection.cpp:524> proxyserver: "gateway";
proxyport: 22; proxylogin: "username"
x2go-DEBUG-../src/sshmasterconnection.cpp:175> SshMasterConnection,
host "gateway"; port 22; user "username"; useproxy false; proxyserver
""; proxyport 0
x2go-DEBUG-../src/sshmasterconnection.cpp:248> Starting SSH connection
without Kerberos authentication.
x2go-DEBUG-../src/sshmasterconnection.cpp:252> SshMasterConnection,
instance SshMasterConnection(0x3543230) created.
x2go-DEBUG-../src/sshmasterconnection.cpp:520> SshMasterConnection,
instance SshMasterConnection(0x3543230) entering thread.
x2go-DEBUG-../src/sshmasterconnection.cpp:592> Setting SSH directory
to C:/Users/xxx/ssh
x2go-DEBUG-../src/sshmasterconnection.cpp:840> Session port before
config file parse: 22
x2go-DEBUG-../src/sshmasterconnection.cpp:850> Session port after
config file parse: 22
x2go-DEBUG-../src/sshmasterconnection.cpp:915> Session port before
config file parse (part 2): 22
x2go-DEBUG-../src/sshmasterconnection.cpp:925> Session port after
config file parse (part 2): 22
x2go-DEBUG-../src/sshmasterconnection.cpp:950> cserverAuth
x2go-DEBUG-../src/sshmasterconnection.cpp:991> state: 1
x2go-DEBUG-../src/sshmasterconnection.cpp:711> Setting SSH directory
to C:/Users/xxx/ssh
x2go-DEBUG-../src/sshmasterconnection.cpp:1263> Challenge
authentication requested.
x2go-DEBUG-../src/sshmasterconnection.cpp:1132> Have prompts: 1
x2go-DEBUG-../src/sshmasterconnection.cpp:1138> Prompt[0]: |Password: |
x2go-DEBUG-../src/sshmasterconnection.cpp:1144> Password request
x2go-DEBUG-../src/sshmasterconnection.cpp:1132> Have prompts: 0
x2go-DEBUG-../src/sshmasterconnection.cpp:1226> Challenge authentication OK.
x2go-DEBUG-../src/sshmasterconnection.cpp:726> User authentication OK.
x2go-DEBUG-../src/sshmasterconnection.cpp:740> Login Check - Failed
x2go-DEBUG-../src/sshmasterconnection.cpp:459> SSH proxy interaction finished
x2go-DEBUG-../src/sshmasterconnection.cpp:802> SshMasterConnection,
instance SshMasterConnection(0x35aed70) waiting for thread to finish.
x2go-DEBUG-../src/sshmasterconnection.cpp:806> SshMasterConnection,
instance SshMasterConnection(0x35aed70) thread finished.
x2go-DEBUG-../src/sshmasterconnection.cpp:813> SshMasterConnection,
instance SshMasterConnection(0x35aed70) finished destructor.
-----------------------------------------------------------
In the non-working case we see "Login Check - Failed", the rest of the
log looks the same. I think that login check is issuing a command on
the proxy to check if the proxy is working ("echo LOGIN OK"). And due
to the nature of our gateway (see above) this fails, because it is an
invalid command.
Unfortunately I don't really see if this assumption is correct because
I have no access to the gateway logs and the x2goclient logs do not
contain any information _why_ the login check failed. I have tried
getting some gateway logs but I have not yet gotten anything.
Is there anything I can do to bypass that login check?
Uli
_______________________________________________
x2go-dev mailing list
x2go-dev@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-dev
