X2Go Bug report logs - #405
x2gomountdirs/sshfs hangs indefinitely if

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: "Roger D. Serwy" <roger.serwy@gmail.com>

Date: Tue, 21 Jan 2014 06:45:02 UTC

Severity: grave

Tags: confirmed, pending

Fixed in version

Done: X2Go Release Manager <git-admin@x2go.org>

Bug is archived. No further changes may be made.

Full log

Message #18 received at 405@bugs.x2go.org (full text, mbox, reply):

Received: (at 405) by bugs.x2go.org; 8 Jan 2015 14:02:28 +0000
From mike.gabriel@das-netzwerkteam.de  Thu Jan  8 15:02:26 2015
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED
	autolearn=ham version=3.3.2
Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 251105DB53;
	Thu,  8 Jan 2015 15:02:26 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [])
	by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 9CC6112356;
	Thu,  8 Jan 2015 15:02:25 +0100 (CET)
Received: from localhost (localhost [])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 79E533BAED;
	Thu,  8 Jan 2015 15:02:25 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([])
	by localhost (grimnir.das-netzwerkteam.de []) (amavisd-new, port 10024)
	with ESMTP id OGpnTH2l23lD; Thu,  8 Jan 2015 15:02:24 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (localhost [])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 966F33C8A4;
	Thu,  8 Jan 2015 15:02:24 +0100 (CET)
Received: from bifrost.das-netzwerkteam.de (bifrost.das-netzwerkteam.de
 []) by mail.das-netzwerkteam.de (Horde Framework) with HTTP;
 Thu, 08 Jan 2015 14:02:24 +0000
Date: Thu, 08 Jan 2015 14:02:24 +0000
Message-ID: <20150108140224.Horde.MLAtxVhvtoyFimrbtQjO9Q8@mail.das-netzwerkteam.de>
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 405@bugs.x2go.org
Cc: 405-submitter@bugs.x2go.org
Subject: X2GO Client pollutes .ssh/authorized_keys
User-Agent: Internet Messaging Program (IMP) H5 (6.2.2)
Accept-Language: en,de
X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101
 Firefox/32.0 Iceweasel/32.0
Content-Type: multipart/signed; boundary="=_z5h12zGu__g_kmsJ5J2ySg1";
 protocol="application/pgp-signature"; micalg=pgp-sha1
MIME-Version: 1.0
[Message part 1 (text/plain, inline)]
Control: tag -1 confirmed
Control: reassign -1 x2goserver
Control: retitle -1 x2gomountdirs/sshfs hangs indefinitely if  
client-side sshd is down


I have spent the last 1.5 days with hunting down the cause for #405.

The phenomenon is:

  o client-side is Linux (or maybe Mac OS X)
  o sshd ist not running on the client machine
  o the session profile has printing or client-side folder sharing enabled

If X2Go Client launches a remote session it does the following things:

  o set up a reverse port forwarding tunnel that allows
    <server-side-localhost>:<fsPort> -> <client-side-localhost>:<sshd-Port>
  o if sshd is not running, the above will still work...
  o then x2gomountdirs is evoked...
  o ... which attempts to run sshfs against <server-side-localhost>:<fsPort>
  o however, in X2Go Client this triggers an I/O error because the client-side
    sshd is not listening / not running

I studied the X2Go Client code (sshmasterconnection.cpp and  
sshprocess.cpp) very deeply and added several new debug messages +  
improved the debugging output of existing messages.

In X2Go Client, the mounting of a client-side folder uses two SSH  
channel inside this reverse port forwarding tunnel:

  o one SSH channel for the tunnel itself
  o one SSH channel per x2gomountdirs command call evoked on the server

Furthermore, X2Go Client can detect if failures occur in x2gomountdirs  
this way:

  o something strange happens while executing the command (SSH  
disconnects etc.)
  o the stdOut of the evoked command (x2gomountdirs) is empty while  
stdErr is not

So, (and I did not know this), all X2Go Server side commands  
(/usr/bin/x2go*) should properly write to stderr if things go wrong  
and leave stdOut untouched at the same time.

The problem now is: if x2gomountdirs is not detected as "failing"  
(which it is not), the sshfs pubkey required for client-side folder  
sharing is not removed from the .ssh/authorized_keys file.

Furthermore, X2Go Client detects the I/O errors on the sshfs tunnel  
channel, but cannot relate to that to the x2gomountdirs command evoked  
via the SSH command channel.

My first attempts targetted getting X2Go Client to tidy up the  
authorized_keys file whenever a tunnel failure occurs. X2Go Client  
should be able to detect this, but this would require a partial  
redesign of the complete reverse port forwarding mechanism. I  
disrecommend doing this for the current X2Go Client implementation,  
but we should keep it in the back of our heads for a later redesign.  
It took about 8h to come to this conclusion.

My second approach (and I will commit soon is this):

  o evoke sshfs command with "timeout 30 sshfs <options>"
  o print error messages to STDERR (not to STDOUT)
  o and make sure we unregister the mount point if sshfs fails (with  
fusermount -u)

Wit this approach, X2Go Client tries to call x2gomountdirs,  
x2gomountdirs fails after 30 seconds with error messages printed to  
STDERR. This gets caught by X2Go Client and then the  
post-startX2goMount code is triggered which removes the used pubkey  
from ~/.ssh/authorized_keys.

Commit will come in a minute...



mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Tue Mar 5 03:52:50 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.