Hello Uli, It's not only about updating the user passwords. This kind interaction could be used for 2-factor authentication and in many other cases. There are many possible cases when server needs to have some additional interaction with user and updating of passwords is only one of them. After user auth is important to figure out if our session is ready and accepting user commands or we need further interaction. I didn't find better solution to find this out than sending an echo command and parse the answer. It's sad, that it's breaking your setup. If I understand it right, it's because your proxy closing connection when user executing something else than ssh. Maybe you can reconfigure your proxy and make "echo LOGIN OK" a valid command, this should solve your problem.
regards
Alex
Am 16.05.19 um 16:49 schrieb Ulrich Sibiller:
>> log looks the same. I think that login check is issuing a command on
>> the proxy to check if the proxy is working ("echo LOGIN OK"). And due
>> to the nature of our gateway (see above) this fails, because it is an
>> invalid command.
>>
>> Unfortunately I don't really see if this assumption is correct because
>> I have no access to the gateway logs and the x2goclient logs do not
>> contain any information _why_ the login check failed. I have tried
>> getting some gateway logs but I have not yet gotten anything.
>>> Is there anything I can do to bypass that login check?
>
> I have now done some tests:
> - this also happens with the x2goclient 4.1.2.2 on Linux
> - I can confirm that my assumption about the LOGIN OK check was
> correct. Inserting "return true;" just before the line " if (
> ssh_channel_request_exec ( channel, "echo \"LOGIN OK\"" ) != SSH_OK )
> " in sshmasterconnection.cpp and thus skipping the whole interactivity
> code makes it work again.
>
> This check was introduced as a result of Bug #592 to enable the user
> changing an expired password interactively but I have not fully
> understood the whole idea of sending echo "LOGIN OK" and then checking
> if is NOT in the buffer. Isn't checking for pty sufficient?
>
> QString inf=QByteArray ( buffer,nbytes );
> x2goDebug<<"LOGIN CHECK:"<<inf;
> if(inf.indexOf("LOGIN OK")!=-1)
> {
> x2goDebug<<"don't have interaction";
> hasInterraction=false;
> break;
> }
>
> @Alex can you please explain?
>
> Uli
>
--
-----------------------------------------------------------
Oleksandr Shneyder | Email: o.shney...@phoca-gmbh.de
phoca GmbH | Tel. : 0911 - 14870374 0
Schleiermacherstr. 2 | Fax. : 0911 - 14870374 9
D-90491 Nürnberg | Mobil: 0163 - 49 64 461
Geschäftsführung: Dipl.-Inf. Oleksandr Shneyder
Amtsgericht München | http://www.phoca-gmbh.de
HRB 196 658 | http://www.x2go.org
USt-IdNr.: DE281977973
-----------------------------------------------------------
signature.asc
Description: OpenPGP digital signature
_______________________________________________ x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev
