Discussion:
[X2Go-Dev] [X2GO] SSH agent forwarding
Antoine Tran
2018-03-13 12:26:16 UTC
Permalink
Dear all,

Regarding https://wiki.x2go.org/doku.php/doc:howto:ssh-agent-workaround,
what is the current status? I tried latest 4.1.1.1 and this issue is
still not solved, even though there might be some improvement. I can see
export
declare -x SSH_AGENT_PID="16945"
declare -x SSH_AUTH_SOCK="/tmp/ssh-CAjx51laLmty/agent.16903"
declare -x SSH_CLIENT="10.0.1.81 33414 22"
declare -x SSH_CONNECTION="10.0.1.81 33414 172.17.0.2 22"
  ps aufx|grep 16945
trana    16945  0.0  0.0  52916   584 ?        Ss   12:16 0:00     
\_ /usr/bin/ssh-agent /bin/bash -c exec -l "/bin/bash" -c
"/usr/bin/env
LD_LIBRARY_PATH=/usr/lib64/nx/X11/Xinerama:/usr/lib64/nx/X11 startkde"
ll $SSH_AUTH_SOCK
srw------- 1 trana trana 0 Mar 13 12:16
/tmp/ssh-CAjx51laLmty/agent.16903

But the ssh from a a console in Kde, that has these variable, does not
use ssh agent. I can see that in ssh -vvvvvvvv

Thanks.
--
My THALES email is ***@thales-services.fr.
+33 (0)5 62 88 84 40
Thales Services, Toulouse, France
Mike Gabriel
2018-03-19 12:09:56 UTC
Permalink
Hi,
Post by Antoine Tran
Dear all,
Regarding
https://wiki.x2go.org/doku.php/doc:howto:ssh-agent-workaround, what
is the current status? I tried latest 4.1.1.1 and this issue is
still not solved, even though there might be some improvement. I can
export
declare -x SSH_AGENT_PID="16945"
declare -x SSH_AUTH_SOCK="/tmp/ssh-CAjx51laLmty/agent.16903"
declare -x SSH_CLIENT="10.0.1.81 33414 22"
declare -x SSH_CONNECTION="10.0.1.81 33414 172.17.0.2 22"
  ps aufx|grep 16945
trana    16945  0.0  0.0  52916   584 ?        Ss   12:16 0:00     
\_ /usr/bin/ssh-agent /bin/bash -c exec -l "/bin/bash" -c
"/usr/bin/env
LD_LIBRARY_PATH=/usr/lib64/nx/X11/Xinerama:/usr/lib64/nx/X11 startkde"
ll $SSH_AUTH_SOCK
srw------- 1 trana trana 0 Mar 13 12:16
/tmp/ssh-CAjx51laLmty/agent.16903
But the ssh from a a console in Kde, that has these variable, does
not use ssh agent. I can see that in ssh -vvvvvvvv
Thanks.
still not being worked on afaik.

PyHoca-GUI / Python X2Go has ssh-agent forwarding for ages. However,
with recent Debian / Ubuntu, I see various breakages regarding the
newly uploaded Paramiko version (SSH client implementation in Python
utilitzed by Python X2Go).

I need to take some time and get PyHoca-GUI and -CLI up to speed
(Python 3, bug fixes, etc.).

Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: ***@das-netzwerkteam.de, http://das-netzwerkteam.de
Antoine Tran
2018-03-19 14:19:00 UTC
Permalink
Thank you for your answer.  We use
https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.1.1-2018.03.01/
and not python GUI, as this implementation is very old (from 2015) and
in my test, it didn't work well and was less convenient (than x2goclient).
Post by Mike Gabriel
Hi,
Post by Antoine Tran
Dear all,
Regarding
https://wiki.x2go.org/doku.php/doc:howto:ssh-agent-workaround, what
is the current status? I tried latest 4.1.1.1 and this issue is still
not solved, even though there might be some improvement. I can see
    > export
   declare -x SSH_AGENT_PID="16945"
   declare -x SSH_AUTH_SOCK="/tmp/ssh-CAjx51laLmty/agent.16903"
   declare -x SSH_CLIENT="10.0.1.81 33414 22"
   declare -x SSH_CONNECTION="10.0.1.81 33414 172.17.0.2 22"
    >  ps aufx|grep 16945
   trana    16945  0.0  0.0  52916   584 ?        Ss   12:16 0:00
   \_ /usr/bin/ssh-agent /bin/bash -c exec -l "/bin/bash" -c
   "/usr/bin/env
   LD_LIBRARY_PATH=/usr/lib64/nx/X11/Xinerama:/usr/lib64/nx/X11
startkde"
    > ll $SSH_AUTH_SOCK
   srw------- 1 trana trana 0 Mar 13 12:16
   /tmp/ssh-CAjx51laLmty/agent.16903
But the ssh from a a console in Kde, that has these variable, does
not use ssh agent. I can see that in ssh -vvvvvvvv
Thanks.
still not being worked on afaik.
PyHoca-GUI / Python X2Go has ssh-agent forwarding for ages. However,
with recent Debian / Ubuntu, I see various breakages regarding the
newly uploaded Paramiko version (SSH client implementation in Python
utilitzed by Python X2Go).
I need to take some time and get PyHoca-GUI and -CLI up to speed
(Python 3, bug fixes, etc.).
Mike
--
My THALES email is ***@thales-services.fr.
+33 (0)5 62 88 84 40
Thales Services, Toulouse, France
Stefan Baur
2018-03-19 17:39:07 UTC
Permalink
Post by Mike Gabriel
Hi,
Post by Antoine Tran
Dear all,
Regarding
https://wiki.x2go.org/doku.php/doc:howto:ssh-agent-workaround, what is
the current status? I tried latest 4.1.1.1 and this issue is still not
solved, even though there might be some improvement. I can see now in
    > export
   declare -x SSH_AGENT_PID="16945"
   declare -x SSH_AUTH_SOCK="/tmp/ssh-CAjx51laLmty/agent.16903"
   declare -x SSH_CLIENT="10.0.1.81 33414 22"
   declare -x SSH_CONNECTION="10.0.1.81 33414 172.17.0.2 22"
    >  ps aufx|grep 16945
   trana    16945  0.0  0.0  52916   584 ?        Ss   12:16 0:00     
   \_ /usr/bin/ssh-agent /bin/bash -c exec -l "/bin/bash" -c
   "/usr/bin/env
   LD_LIBRARY_PATH=/usr/lib64/nx/X11/Xinerama:/usr/lib64/nx/X11 startkde"
    > ll $SSH_AUTH_SOCK
   srw------- 1 trana trana 0 Mar 13 12:16
   /tmp/ssh-CAjx51laLmty/agent.16903
But the ssh from a a console in Kde, that has these variable, does not
use ssh agent. I can see that in ssh -vvvvvvvv
Thanks.
still not being worked on afaik.
Mihai, please correct me if I'm wrong, but I think the situation is more
like this: The earlier libssh version we used didn't support agent
forwarding, the newer one does, but it doesn't work with X2GoClient yet,
at least not in all cases. That's why you're suddenly seeing an
SSH_AUTH_SOCK variable set, but e.g. pointing to a non-existent file.

So yes, there's still work to do, but the new libssh should make it at
least easier.

Sponsors, anyone? ;-)

Kind Regards,
Stefan Baur
--
BAUR-ITCS UG (haftungsbeschrÀnkt)
GeschÀftsfÌhrer: Stefan Baur
EichenÀckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
Loading...