[X2Go-Dev] SSH Agent (auth+forwarding) support in Python X2Go / PyHoca-GUI

Thu, 11 Oct 2012 03:10:51 -0700 

Hi all,
during the last couple of days I have added SSH Agent (forwarding+auth) support to Python X2Go (and so to PyHoca-GUI and PyHoca-CLI). 


The feature is already available in the nightly-build (Debian)  
archive. The Ubuntu nightly-built packages should follow soon.



For SSH agent forwarding you need the not-yet-released Paramiko  
version 1.8.0. For Debian I have packaged a Git snapshot and it is  
available with the nightly-build of python-x2go.


Try it out:

  place your SSH pubkey on machine-1 and machine-2 (which can be reached via
  machine-1) into the (for this demo) otherwise empty files:

    user-1@machine-1:~user-1/.ssh/authorized_keys

  and

    user-2@machine-2:~user-2/.ssh/authorized_keys

  Back on your local client:

  $ ssh-add [<priv-keyfile>]
  $ pyhoca-gui

  Enable SSH agent forwarding in connection tab of a session profile for
  machine-1. Use a simple TERMINAL session command.

  Connect to user-1@machine-1 and start a session on machine-1

  $ echo $SSH_AUTH_SOCK
  /tmp/ssh-<hash>/agent.<pid>

  $ ssh <user-2>@<machine-2>
  (should work without password)

  For the authentication from user-1@machine-1 to user-2@machine-2 you use a

  SSH agent connection that is tunneled back through Python X2Go to  
your client
  machine (the machine you run PyHoca-GUI on). So, the SSH agent on  
your client

  machine serves a challenge/response request from SSH client programs within
  X2Go sessions.

  Note: if you try the above with a GNOME desktop (XFCE4 probably as well) the
  gnome-keyring will hijack the SSH agent functionality and ignore forwarded
  SSH agent connections (with x2goserver-xsession package installed).

  Use this command to disable SSH agent feature in gnome-keyring (within the
  X2Go Session):


  $ gconftool-2 -s /apps/gnome-keyring/daemon-components/ssh false   
--type bool


  After you have applied this gconf change, logout and start a new GNOME
  session. Now SSH agent stuff is handled through ssh-agent and it should also
  be aware of SSH agent forwarding connections.

Have fun!
Mike

--

DAS-NETZWERKTEAM
mike gabriel, rothenstein 5, 24214 neudorf-bornstein
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: [email protected], http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb



Attachment:
pgp0qSuJV1Szf.pgp

Description: Digitale PGP-Unterschrift


_______________________________________________
X2Go-Dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/x2go-dev













    











					Reply via email to