Hi Mike,
first at all sorry for my late answer. i was very busy.
yes i want to access a "share" on a server in the same subnet as the
x2goserver. but not from my x2goclient machine via ssh reverse tunnel. i
just want to access the "share" from within my x2goclient session. this
is imho a standard use case for a terminal server environment. i can
already do this with sshfs from the x2goserver via password
authentication. but if the fileserver does not allow ssh password auth
it is impossible. for sure i could create another ssh private key on the
x2goserver and put the public key part on the fileserver. but this maybe
not wanted if you have one identity (ssl cert/ssh key) for each user
which should only be securely stored on a smartcard.
here is how it works:
Agent pid 8086
09:52:47 nb-heikob ~ # ssh -A terminalix-hbslx
terminalix-hbslx ~ # dir /tmp/ssh-tHRmT17232/
insgesamt 512
drwx------ 2 root root 80 23. Jun 09:52 .
drwxrwxrwt 14 root root 496 23. Jun 09:52 ..
srwxr-xr-x 1 root root 0 23. Jun 09:52 agent.17232
terminalix-hbslx ~ # ssh remotix-hbslx
remotix-hbslx ~ # logout
Connection to remotix-hbslx closed.
if the local ssh agent socket does not exists, login via agent
forwarding does not work:
terminalix-hbslx ~ # rm /tmp/ssh-tHRmT17232/ -r
terminalix-hbslx ~ # ssh remotix-hbslx
Permission denied (publickey,gssapi-with-mic,keyboard-interactive).
terminalix-hbslx ~ #
to get ssh-agent forwarding working with an old x2goclient version
(before using libssh2) i've modified sources to start an additional
persistent ssh tunnel to the x2goserver. this works for me but i guess
it is a ugly hack and it only works with this old version.
hope this clears things up.
regards
heiko
On Wed, 01 Jun 2011 11:21:51 +0200, Mike Gabriel
<[email protected]> wrote:
Hi Heiko,
On Mo 30 Mai 2011 19:12:44 CEST Heiko Baumann wrote:
hi,
if you enable ssh agent forwarding (ssh option -A or ForwardAgent in
ssh_config) your agent connection is "forwarded" to the remote host.
this way you can use your ssh-agent (and smartcard in my case) to
login (or mount sshfs) to another host using your private key stored
in you local ssh-agent. this works with a socket created in
/tmp/ssh-<somerandomstring>/agent.<pid> on the ssh server/host.
if i use a current x2goclient this socket is not created and so i
cannot mount a directory from another host from within my x2gosession.
Is it possible that Alex and you discuss two very separate things?
Alex's topic: By looking at the sources of X2goClient, there
obviously is an SSH agent implementation in X2goClient. BUT: that's
for session authentication.
Heiko's topic: What you are referrring to in your last sentence is
using X2go's reverse SSH port forwarding tunnel to access other
server's shares in the X2go client's sub-LAN? This currently is not
supported (and probably now wanted, either). Also: if the
implementation of such a feature became a future endeavour we would
have really to look at it very closely for considerations on
security.
Greets,
Mike
_______________________________________________
X2go-Dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/x2go-dev
