On 29.06.2016 07:32 PM, Daniel Lo Nigro wrote: > My employer use two-factor authentication via Yubikey. Whenever I SSH to my > development server, I use Kerberos to authenticate, and then it prompts for a > Yubikey or Duo code. If I try to connect via the X2Go client, I get a message > like this: > > Authentication failed. > Check your GSSApi configuration or choose another authentication method. > > Checking the logs on the server, it looks like Kerberos auth is successful, > but > then X2Go is disconnecting once it receives the keyboard-interactive auth > request.
I think it's either Kerberos or nothing. (Or normal keyboard-interactive/2FA.) > I managed to get it working using a super hacky method: I connect to my server > via my regular SSH client, and forward some random port (eg. 1234) to > localhost:22. Then I connect to localhost:1234 in X2Go, essentially tunneling > a > new SSH connection over the existing SSH connection. The server is configured > to > allow local connections to bypass two-factor auth, so this works around the > issue in X2Go. It seems silly to tunnel SSH over SSH though. It kinda is, but that's probably the only way you'll get it to work currently... > Any ideas on how to get this working properly with X2Go? It looks like > Paramiko > supports this configuration: https://github.com/paramiko/paramiko/pull/467 If Paramiko supports it and PyHoca does, too, you'll might give it a try, but I wouldn't count on it. Making this work is not trivial because it requires multiple auth sequences against (potentially) different servers. (Btw.: did we talk on IRC some time back?) Mihai
signature.asc
Description: OpenPGP digital signature
_______________________________________________ x2go-user mailing list [email protected] http://lists.x2go.org/listinfo/x2go-user
