Am 02.04.20 um 01:56 schrieb Richard Beare:
> Apologies - accidentally sent before completing
> Hi,
> I have a working installation of x2go, but there is some ugliness about the 
> setup that I'd like to reduce. Any advice welcome.
> 
> Here's how it looks at the moment.
> 
> 1) vpn connection to the institute.
> 2) ssh tunnel to the workstation from the laptop
> 3) x2go connected to the local tunnel port
> 
> This works, but we now have 3 layers of encyption.
> 
> The reason for not pointing x2go directly at the w orkstation is the use of 
> PaloAltoNetworking appliances within the institution. These do a 
> man-in-the-middle break of ssh connections and lead to the following error 
> from x2go:
> 
> kex error : no match for method kex algos: server 
> [diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1], 
> client 
> [curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
> 
> A direct ssh login works, but always falls back to a password.
> 
> 
> Is there any configuration option possible to have x2go/libssh handle the 
> setup in the same way that regular ssh does?

Yes.  That's what the "Use Proxy Server for SSH Connection" checkbox in
the session configuration is for.

Though I'm not quite sure why you're getting the kex error one way, but
not the other.  That's the actual issue you should be trying to fix.
You probably need a line "KexAlgorithms" in your server's
/etc/ssh/sshd_config, where "KexAlgorithms" is followed by at least one
of the algorithm names listed after "client" in your error message above.

After changing that, you need to restart sshd - note that running
sessions will not be killed by the usual restart methods, but, if you're
trying to change this via a ssh connection, be sure to have several SSH
sessions open, so you have a spare session to fix things if you make a
typo or other mistake.

Also, since your signature says:

> Team Leader (Computational Methods Group)
> Developmental Imaging

I would like to add our usual disclaimer/warning:

X2Go does have options for image compression, like using JPG and/or PNG.
Not all image compression algorithms are lossless, and thus there may be
artifacts in the images (i.e. the image displayed through X2Go may look
slightly different than what it would look like on a regular X-Server
screen), depending on which algorithm and which compression level you
choose.

If you're using fMRI/X-Ray/Mammography/… images or similar medical
imaging displayed through X2Go for clinical purposes (deciding whether a
certain patient requires a surgery etc.), you should absolutely make
sure that you're using a lossless compression or no compression at all,
or else you might be seeing things that aren't actually there, or
missing things that are there.

Kind Regards,
Stefan Baur

-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
_______________________________________________
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Reply via email to