Re: [X2Go-User] X2Go Windows Client 4.1.2.2 Crashes Upon Connect

2020-04-09 Thread Josh G 
Any Chance there is a work around for this?  Any ideas what is missing from 
this build?  Or why the build isn't handling the issue gracefully?
Thanks,
Josh


On Thursday, March 26, 2020, 5:07:37 PM EDT, Josh G  
wrote: 
The hardening is one of the security profiles that comes with RHEL7.7.  Either 
the USG or the NIST 800-171 profiles.  We use those as a starting point for our 
configuration.  On the specific RHEL7 VMs I am running, I was able fix the 
problem by doing two things (and both needed to be done).  1. Disable fips by 
removing fips=1 from grub.  2. Remove "Ciphers 
aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc" 
from sshd_config.  The RHEL6 machine has neither of those implemented, but it 
is a production machine and I can't play around too much with it.  Going back 
to the RHEL7 machines, it is possible that the updated sshlib lacks some of the 
needed encryption libraries in 4.1.2.2, which 4.1.2.0 has them?  Also, if that 
is the case, it seems like it isn't properly handling that condition.
Thanks,
Josh

On Thursday, March 26, 2020, 12:25:04 PM EDT, Ulrich Sibiller  
wrote: 

Ok, what hardening measures have you taken?

Uli

On Thu, Mar 26, 2020 at 5:17 PM Josh G  wrote:
>
> I am using the gui to configure and I have unchecked "Enable sound support" 
> and "Client side printing support."  There are no shared folders configured, 
> but I didn't see a way to explicitly disable that.  Generally, I have toggled 
> just about any option to see if I can get it to work.  I have tried different 
> authentication methods (password and key).  I have tried MATE, XFCE, and 
> Internet browser.  All work on 4.1.2.0, but not on 4.1.2.2.  I did stand up 
> another VM that is RHEL7 minimal install with just the hardening.  It fails 
> as well clearly has to be something about the hardening.
> Any other ideas else that I should look at?
> Thanks,
> Josh
>
> On Thursday, March 26, 2020, 7:13:28 AM EDT, Ulrich Sibiller  
> wrote:
>
> Does the situation improve if you disable audio, printer and file support?
>
> Uli
>
> On Thu, Mar 26, 2020 at 1:39 AM Josh G  wrote:
> >
> > I stood up some test machines to figure out the issue.  I have the issue on 
> > a clean RHEL7 machine with lots of packages and some security hardening 
> > done on it.  It does not happen on an Ubuntu MATE install or on a RHEL7 
> > minimal install without hardening.  I need to track down the issue to see 
> > if it is something that might be able to be fixed.  I tried simple things 
> > like reverting the sshd_config and setting selinux to permissive.  While 
> > running with --debug and --libssd-debug, there is nothing obvious.  With 
> > --debug, the last statement is a mention that the ssh port is 22 (right 
> > before it calls ssh_connect, I think).  With --debug and --libssh-debug, 
> > the last statement seems like what I would consider benign ssh message 
> > passing.  There is really not much of interest.  The only warning that I 
> > see at all is that /etc/ssh/ssh_known_hosts doesn't exist.
> >
> > Does anyone have any ideas of what I should look at?  It has to be 
> > something that changed in 4.1.2.2 over 4.1.2.0, since the latter still 
> > functions OK.
> >
> > Thanks,
> > Josh
> >
> >
> > On Monday, March 2, 2020, 4:31:46 PM EST, Josh G  
> > wrote:
> >
> > I just installed the Windows client version 4.1.2.2.  It crashes as soon as 
> > it tries to make the SSH connection.  I tried debug and the debug window 
> > closes immediately as well.  Is there a log somewhere?  It was tried on two 
> > different machines that have different OSs and virus protection.  4.1.2.0 
> > works fine.  It doesn't crash when attempting to connect to a computer that 
> > isn't running SSH (just times out).  It does crash when trying to connect 
> > to that same computer by tunneling through another machine that is running 
> > SSH.  If I try to connect to a new machine, it crashes as soon as I accept 
> > the host key.  If you put in a wrong password, it still crashes.  Thus, 
> > there is never a completed SSH connection.  Is there anything I can look at 
> > or do?  I was hoping that 4.1.2.2 would fix some of the annoyances that 
> > prevents me from deploying X2Go to other users.
> > Thanks,
> > Josh
>
> > ___
> > x2go-user mailing list
> > x2go-user@lists.x2go.org
> > https://lists.x2go.org/listinfo/x2go-user
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] Can x2go session be initiated from a server to listening client?

2020-04-09 Thread Stefan Baur 
Am 07.04.20 um 21:16 schrieb Mike Gabriel:
> On  Mo 06 Apr 2020 19:19:58 CEST, Andrew Munn wrote:
> 
>> I'd like to initiate an x2go session from a server behind a firewall to a
>> listening client with port 22 open.  How can that be done?  thanks!
> 
> Run "ssh -R 12345:localhost:22 user@client" on the server (see man page
> of ssh client for correct usage of -R option) and open up a reverse
> tunnel from some port (e.g. 12345) on the client to port 22 on the
> server (to be more precise, localhost:22).
> 
> Then configure X2Go Client on the client to connect to "Host: localhost"
> and "Port: 12345" and you have your X2Go session ready to roll.

That's not what he asked for.  He wants a listening client, like
vncclient in "-listen" mode, and wants the server to initiate the
connection, without any manual interaction on the client side.  The only
way to approximate that behavior is starting x2goclient over the
server-initiated ssh connection, and passing the required parameters for
an autostarted session - see my more detailed reply to him.

-Stefan


-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243



signature.asc
Description: OpenPGP digital signature
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] Printing remotely

2020-04-09 Thread Stefan Baur 
Am 09.04.20 um 05:51 schrieb Michael Pope:
> It does work for 5 out of 6 staff members. The one which printing doesn't
> work is the one where his remote 'spool' directory isn't getting mounted.

In that case, you need to find out why that isn't happening.  X2GoClient
uses sshfs to mount it, so maybe log in and check if the user has no
permissions to start sshfs?  Debian 8 is pretty old - in fact, it might
be so old that you still need to add the user to the "fuse" group there.

Kind Regards,
Stefan Baur

-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user