X2Go Bug report logs - #672
SSH-Agent-Forwarding in pyhoca-gui does not survive reconnects

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Robert Siemer <Robert.Siemer-lists@backsla.sh>

Date: Wed, 12 Nov 2014 23:40:01 UTC

Severity: normal

Tags: pending

Found in version

Fixed in version

Done: X2Go Release Manager <git-admin@x2go.org>

Bug is archived. No further changes may be made.

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#672: SSH-Agent-Forwarding in pyhoca-gui does not survive reconnects
Reply-To: Robert Siemer <Robert.Siemer-lists@backsla.sh>, 672@bugs.x2go.org
Resent-From: Robert Siemer <Robert.Siemer-lists@backsla.sh>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Wed, 12 Nov 2014 23:40:01 +0000
Resent-Message-ID: <handler.672.B.141583532327048@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 672
X-X2Go-PR-Package: x2goserver
Received: via spool by submit@bugs.x2go.org id=B.141583532327048
          (code B); Wed, 12 Nov 2014 23:40:01 +0000
Received: (at submit) by bugs.x2go.org; 12 Nov 2014 23:35:23 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=ham
X-Greylist: delayed 586 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Thu, 13 Nov 2014 00:35:18 CET
Received: from miranda.backsla.sh (woi4u.backsla.sh [])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 3B35E5DB35
	for <submit@bugs.x2go.org>; Thu, 13 Nov 2014 00:35:18 +0100 (CET)
Received: from [] (dslb-088-074-175-125.088.074.pools.vodafone-ip.de [])
	by miranda.backsla.sh (Postfix) with ESMTPSA id 1085AD3006D
	for <submit@bugs.x2go.org>; Thu, 13 Nov 2014 00:55:23 +0100 (CET)
Message-ID: <5463EC5A.9000109@backsla.sh>
Date: Thu, 13 Nov 2014 00:25:14 +0100
From: Robert Siemer <Robert.Siemer-lists@backsla.sh>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: submit@bugs.x2go.org
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Package: x2goserver

Pyhoca-gui supports SSH-agent-forwarding, but that doesn’t survive a 
reconnect with session resumption. As far as I understand the following 

(-pyhoca is configured to do SSH-agent-forwarding)
-pyhoca connects via SSH to the X2Go server
-the sshd creates a unix domain socket in /tmp/ssh-XXXXXX/agend.PID
-the sshd sets SSH_AUTH_SOCKET containing the name of the socket
-sshd starts whatever is requests by the X2Go client having that environment
-SSH-agent-forwarding works

whenever the SSH-connection dies (proper session suspend with disconnect 
or connection is “cut”) it continues like this:

-SSH is connected again
-unix domain socket and environment is set up, but
-the programs (the X11 clients in a resumed X2Go session) are still 
running in the old environment with outdated SSH_AUTH_SOCKET info
-the programs from before can’t access the SSH-agent
-...unless the new value gets setup in the old environments

possible fix is this:
-X2Go on the server side does not start any new programs in the X2Go 
session or resumes an X2Go session, until:
-an only-session-dependent symbolic link is set up pointing to the 
socket from SSH_AUTH_SOCKET
-SSH_AUTH_SOCKET is set to that symbolic link

-as the name of symbolic link is fixed for the session, no environment 
variables need to be updated
-the link always points to the socket created by the sshd for this 
-the ssh-agent can be reached

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Sat Jul 13 01:02:30 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.