Giancarlo Razzolini <[email protected]> wrote: > Em 03-06-2014 18:45, Predrag Punosevac escreveu: > > I am trying to configure our OpenBSD shell gateway as a proxy for X2Go > > clients. Obviously by default port forwarding on privileged ports as > > well as X11 forwarding is disabled. I read through man pages for > > sshd_config but I am still not clear how should I edit them to enable > > that a regular can use their LDAP account to log into shell gateway > > which will proxy ssh connection to one of internal computing nodes. > > The idea is to let people use X2Go clients with shell gateway as a > > proxy to log into internal computing nodes and being able to run > > MATLAB with GUI. > > > > Predrag > > > Your e-mail was a little confusing. Since x2go runs on top of ssh > itself, and OpenBSD do not have a port of it, I'm presuming you have a > x2go server running linux, behind your internet exposed OpenBSD gateway.
Correct! X2Go servers (30 of them) run on Linux computing nodes which are accessible only via OpenBSD ssh gateway. > Your life might be a lot easier if your clients login directly to your > x2go server. All you need is to do is use pf and rdr your clients to the > internal machine. If you have more than one x2go server, you might want > to take a look at the relayd(8) daemon. It has functionality for doing > ssh forwarding, with failover and round-robin capabilities. > I do not want to mess with relayd and more advanced capabilities you are talking about. Namely most users ssh to shell gateway with the intent of sshing to one of computing nodes and running some scripts. They usually select computing node by checking status page of my lab first which displays current loads (CPU, memory etc) of all computing nodes. Only in exceptional circumstances they use X2Go client and gateway as a proxy to X2Go servers when they want to do some visualization in MATLAB for example or in R/Python. I have to compute diff of sshd_config files from OpenBSD and Red Hat because their sshd_config allows the set up I am talking about out of box as many other things which pose high security risk. Predrag > Cheers, > > -- > Giancarlo Razzolini > GPG: 4096R/77B981BC
