X2Go Bug report logs - #672
SSH-Agent-Forwarding in pyhoca-gui does not survive reconnects

Toggle useless messages

Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Robert Siemer <Robert.Siemer-lists@backsla.sh>

To: submit@bugs.x2go.org

Subject: SSH-Agent-Forwarding in pyhoca-gui does not survive reconnects

Date: Thu, 13 Nov 2014 00:25:14 +0100

Package: x2goserver
Version: 4.0.1.18


Pyhoca-gui supports SSH-agent-forwarding, but that doesn’t survive a 
reconnect with session resumption. As far as I understand the following 
happens:

(-pyhoca is configured to do SSH-agent-forwarding)
-pyhoca connects via SSH to the X2Go server
-the sshd creates a unix domain socket in /tmp/ssh-XXXXXX/agend.PID
-the sshd sets SSH_AUTH_SOCKET containing the name of the socket
-sshd starts whatever is requests by the X2Go client having that environment
-SSH-agent-forwarding works

whenever the SSH-connection dies (proper session suspend with disconnect 
or connection is “cut”) it continues like this:

-SSH is connected again
-unix domain socket and environment is set up, but
-the programs (the X11 clients in a resumed X2Go session) are still 
running in the old environment with outdated SSH_AUTH_SOCKET info
-the programs from before can’t access the SSH-agent
-...unless the new value gets setup in the old environments


possible fix is this:
-X2Go on the server side does not start any new programs in the X2Go 
session or resumes an X2Go session, until:
-an only-session-dependent symbolic link is set up pointing to the 
socket from SSH_AUTH_SOCKET
-SSH_AUTH_SOCKET is set to that symbolic link


Result:
-as the name of symbolic link is fixed for the session, no environment 
variables need to be updated
-the link always points to the socket created by the sshd for this 
connection
-the ssh-agent can be reached

Message #10 received at 672@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

To: 672-submitter@bugs.x2go.org

Cc: control@bugs.x2go.org, 672@bugs.x2go.org

Subject: X2Go issue (in src:x2goserver) has been marked as pending for release

Date: Thu, 13 Nov 2014 12:07:26 +0100 (CET)

tag #672 pending
fixed #672 4.0.1.19
thanks

Hello,

X2Go issue #672 (src:x2goserver) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:

    http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=7fdcc5d

The issue will most likely be fixed in src:x2goserver (4.0.1.19).

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
commit 7fdcc5dd27566bea4171f192a1c99c3e2657ac77
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Thu Nov 13 12:07:22 2014 +0100

    Make SSH agent forwarding work after having reconnected via SSH and having resumed a session. (Fixes: #672). Thanks to Robert Siemer for coming up with that idea.

diff --git a/debian/changelog b/debian/changelog
index 9598c24..2daf624 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -42,6 +42,9 @@ x2goserver (4.0.1.19-0x2go1) UNRELEASED; urgency=medium
     - Also enforce /bin/sh as shell in su command in x2goprint.
     - README.i18n: Add file that explains the translation workflow for
       this package. Thanks to Mark Pedersen-Cook for drafting this file.
+    - Make SSH agent forwarding work after having reconnected via SSH and
+      having resumed a session. (Fixes: #672). Thanks to Robert Siemer for coming
+      up with that idea.
   * debian/control:
     + Add D (x2goserver): libfile-which-perl.
   * debian/x2goserver.docs:

Message #22 received at 672@bugs.x2go.org (full text, mbox, reply):

From: X2Go Release Manager <git-admin@x2go.org>

To: 672-submitter@bugs.x2go.org

Cc: control@bugs.x2go.org, 672@bugs.x2go.org

Subject: X2Go issue (in src:x2goserver) has been marked as closed

Date: Tue, 24 Feb 2015 21:54:10 +0100 (CET)

close #672
thanks

Hello,

we are very hopeful that X2Go issue #672 reported by you
has been resolved in the new release (4.0.1.19) of the
X2Go source project »src:x2goserver«.

You can view the complete changelog entry of src:x2goserver (4.0.1.19)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goserver.

    http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=49c91751e560ad09ab4490cc3bd6687509c05755;hp=724d2eefe399485a71e79c705a0aad125e853230

If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goserver.

Thanks a lot for contributing to X2Go!!!

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
X2Go Component: src:x2goserver
Version: 4.0.1.19-0x2go1
Status: RELEASE
Date: Tue, 24 Feb 2015 21:49:22 +0100
Fixes: 405 632 633 638 644 664 668 671 672 675 676 678 697 698 700 712 715 727 728 770
Changes: 
 x2goserver (4.0.1.19-0x2go1) RELEASED; urgency=medium
 .
   [ Mike Gabriel ]
   * New upstream version (4.0.1.19):
     - Use File::Which to detect if sshfs command is available
       before trying to mount a client-side folder.
     - Be a bit more tolerant when trying to detect if a
       desktop icon is to be removed (using regexp, not
       eq).
     - Xsession script: Prevent bash failures when sourcing external bash
       scripts beyond our scope. (Fixes: #632, #675).
     - x2gogetapps: Support scanning of sub-directories when searching for
       .desktop files. We allow to dive down one level into subdirs, we on
       purpose do not recursively dive into the complete subtree. (Fixes: #633).
     - Make man2html an optional tool. Don't fail if it is missing on the
       build system (required for openSUSE/SLES builds).
     - Fix x2goserver-xsession/Makefile on SUSE. Detect SUSE distro and create
       Xsession related directory symlinks (xinitrc.d and Xclients.d).
     - Hack for x2goserver-xsession/Makefile during SUSE builds. If
       directoy /usr/share/doc/packages/brp-check-suse is present, the build env
       is also considered to be a SUSE system.
     - Trigger Xsession code for SUSE systems (look for /etc/SUSE-brand or
       /etc/SuSE-release for SUSE system recognition). (Fixes: #671).
     - x2gosqlitewrapper.c: Fix rpmlint error: no-return-in-nonvoid-function.
       Return the exitcode of execve().
     - Fix gramma in error message (in x2goresume-session).
     - x2gocleansessions: Call x2gormforward also on terminated sessions. This
       will make sure that re-assigned ports are really available on new session
       startup.
     - x2golistsessions(_root): Only update session state in session DB if
       x2goagent's state file really exists. This addresses a problem that occurs
       when x2golistsessions gets called via an x2gobroker-agent. The
       x2golistsessions script may show session states (--all-servers) of
       sessions on other servers that have session states files on their remote
       /tmp dirs. These files are not accessible for that x2golistsessions script
       and should simply be ignored. (Fixes: #638).
     - Provide pam_namespace support for has_agent_state_file() function.
     - Fix missing session list output if state file does not exist on the
       machine that runs x2golistsessions(_root).
     - Accept more verbose "DENY" output from x2godesktopsharing.
     - Make sure that all "su"-to-user-contexts use /bin/sh for wrapping around
       the executed command (in x2gocleansessions and x2golistsessions_root).
     - Also enforce /bin/sh as shell in su command in x2goprint.
     - README.i18n: Add file that explains the translation workflow for
       this package. Thanks to Mark Pedersen-Cook for drafting this file.
     - Make SSH agent forwarding work after having reconnected via SSH and
       having resumed a session. (Fixes: #672). Thanks to Robert Siemer for
       coming up with that idea.
     - Fix cross-user X2Go Desktop Sharing after being broken by implementing
       clipboard mode feature (and probably other code changes).
     - Document session startup / resumption failures (and their reasons) in
       server-side log output.
     - Handle AD domain users gracefully when X2Go is used with SQLite DB
       backend. (Fixes: #664).
     - Improve sanitizer, use 'x2gosid' sanitizer for session IDs everywhere.
       Drop unused 'pnixusername' sanitizer in 4.0.1.x release of X2Go Server.
     - Allow usernames in session IDs of length 48 chars.
     - Start sshfs with a timeout of 30 seconds (because it never finishes if
       something is wrong with the client-side TCP socket). Also remove/unmount
       mountpoints erroneously registered sshfs mountpoints if sshfs command
       times out. Furthermore, print errors to STDERR (not STDOUT). (Fixes:
       #405).
     - Handle execution of ss command from Perl script x2golistdesktops in a way
       that not only works on Debian, but also on Fedora et al. (Fixes: #727).
     - Provide legacy support for old File::Path packages in x2godbadmin.
       (Fixes: #715).
     - Fix wrong evocation of x2gosyslog ("error" -> "err").
     - Use "undef $dbh" instead of "$dbh->disconnect()". Fixes SQLite3 issues on
       SLE 11.x.
     - Only call $dbh->sqlite_busy_timeout() if the $dbh object is capable of
       that. Works around a too-old DBD::SQLite package on SLE 11.x.
     - Legacy for applications (and X2Go scripts) that expect $SSH_CLIENT to be
       set in the X2Go session's environment. (Fixes: #644).
     - Add man page for x2gogetapps. Weave into that a security / disclaimer
       message as proposed by Stefan Baur. (Fixes: #728).
   * debian/control:
     + Add D (x2goserver): libfile-which-perl.
     + Add C (x2goserver: x2godesktopsharing (<< 3.1.1.2-0~). (Fixes: #700).
     + Bump Standards: to 3.9.6. No changes needed.
     + Don't depend on libdb-pg-perl for armhf builds. (Fixes: #712). Thanks to
       Heinrich Schuchardt for providing information on this.
     + Upgrade to D again (bin:package x2goserver): xfonts-base (Fixes: #770).
   * debian/x2goserver.docs:
     + Install README.i18n file into bin:package x2goserver.
   * x2goserver.spec:
     + Add to R: perl(File::Which).
     + Additionally adapt to building on openSUSE/SLES.
     + No shell expansion possible in obs-build, detect perl version only for
       non-SUSE builds.
     + Add to R: x2goserver-xsession.
     + Don't mention /etc/x2go/x2gosql/sql twice (directly and with wildcard).
     + No %{_sysconfdir}/x2go/Xclients.d on SUSE systems.
     + Use %{_localstatedir} instead of %{_sharedstatedir}.
     + Use proper if... then... clauses.
     + For SUSE builds: Add to R: shadow (useradd, groupadd).
     + Replace historical "egrep" with "grep -E".
     + Systemd support for SUSE >= 12.10.
     + Set %defattr macro for every bin:package.
     + SUSE and Fedora/RHEL have different package group names.
     + Add x2goserver-rpmlintrc file to handle some rpmlint errors and warnings.
     + SUSE has openssh, but no openssh-server.
     + Add to R (x2goserver): perl-X2Go-Server.
     + Add to R (diverse): perl(Config::Simple), perl(Switch) and
       perl(Capture::Tiny).
     + Add to R (x2goserver): perl(File::BaseDir).
     + Don't hard-code /var/lib/ in $HOME path of to-be-created user
       "x2gouser".
     + Add to BR: findutils.
     + For Fedora-like systems, don't make x2goserver bin:package authoritative
       for non-X2Go directories. (Fixes: #676).
     + Remove macro call %systemd_pre for Fedora/EPEL-7 builds. No such macro in
       Fedora/RHEL7. (Fixes: 698).
     + Create system user x2gouser with $HOME in /var/lib/x2go. (Fixes: #697).
     + Always set BuildRoot: parameter.
     + BuildRequires: SUSE <= 11.3 has xorg-x11, not xinit.
     + Requires (x2goserver-xsession): SUSE <= 11.3 has xorg-x11, not xinit.
     + No Bashisms in scriptlets.
     + rpmlint requires shared-mime-info at build time on SLE <= 11.3.
     + "%set_permissions" / "%verify_permissions" macros are not know in SLE <=
       11.3. Using "%run permissions" and "%verify permissions" instead.
     + On SUSE, add permissions.d/x2goserver.
     + Fix SQLite wrapper permissions (02775 -> 02755)
     + Use if then clauses for creating user/group x2goprint.
 .
   [ Matthew L. Dailey ]
   * New upstream version (4.0.1.19):
     - x2gocleansessions: Redirect stdin, stdout and stderr to /dev/null, test
       for the existence of the file descriptor before issuing the close,
       only capture the file descriptor backreference in the regex and
       send any close failures to syslog. (Fixes: #678).
 .
   [ Lars Wendler ]
   * New upstream version (4.0.1.19):
     - Use "printf" instead of "echo -n". (Fixes: #668).

Send a report that this bug log contains spam.