Am 03.08.20 um 11:19 schrieb christoph.ple...@cs.uni-dortmund.de:
> when using x2gobroker, is it possible to disable the possibility to start a
> session directly on a specific X2Go-Server, so that users are forced to use
> the
> broker?
Not that I would be aware of.
It might work if you're using the temporary SSH key feature of the
broker that's used for autologin after successfully authenticating
against the broker. Do not allow password logins via SSH on your
X2GoServer, enforce the use of keyfiles instead - and tell SSHD to look
for them *only* in a directory that the users don't have write access to
(so they can't place their own, permanent key there). Of course, the
broker will need to know it needs to dump the temporary keys there,
rather than in ~/.ssh/ ...
But, once they're logged in, they can spawn their own instance of ssh on
a "high" port, and when they run this in a screen or tmux session, this
instance will remain running, even after they terminate their original
X2Go connection. So you would need a firewall rule somewhere along the
way that only allows inbound connections on port 22 (or whatever you're
using for SSH).
Kind Regards,
Stefan Baur
--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user
