From mike.gabriel@das-netzwerkteam.de Mon Mar 30 06:24:49 2015 Received: (at submit) by bugs.x2go.org; 30 Mar 2015 04:24:52 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id AA4105DAC6 for ; Mon, 30 Mar 2015 06:24:49 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 51F1FA78 for ; Mon, 30 Mar 2015 06:24:49 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 08CB33C0D0 for ; Mon, 30 Mar 2015 06:24:49 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YeQj5Dz96H2N for ; Mon, 30 Mar 2015 06:24:48 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 7F59E3C0CF for ; Mon, 30 Mar 2015 06:24:48 +0200 (CEST) Received: from bifrost.das-netzwerkteam.de (bifrost.das-netzwerkteam.de [178.62.101.154]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Mon, 30 Mar 2015 04:24:48 +0000 Date: Mon, 30 Mar 2015 04:24:48 +0000 Message-ID: <20150330042448.Horde.SsNKfg44NrZurgLK4NxaXA1@mail.das-netzwerkteam.de> From: Mike Gabriel To: submit@bugs.x2go.org Subject: handle autologin failures via broker gracefully User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: de,en Organization: DAS-NETZWERKTEAM X-Originating-IP: 178.62.101.154 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_hcFH1o3fepNhI36sfXahqw9"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_hcFH1o3fepNhI36sfXahqw9 Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: x2goclient Version: 4.0.4.0 Severity: minor With brokerage enabled, the broker can mediate an autologin mechanism=20=20 from=20X2Go Client to a given (brokeraged) server. The mechanism is this: o broker deploys a public key in ~/.x2go/authorized_keys on X2Go Server o X2Go Client receives the corresponding private key o (the above is already flawed, no private keys should be sent over networks, I will file another bug for that) o in SSHd, the ~/.x2go/authorized_keys must be configured as potential place for authorized_keys file If the last step is forgotten, SSH authentication with X2Go Client=20=20 against=20the X2Go Server fails. If that fails, my expectation would be a fall-back to username /=20=20 password=20authentication. But what happens, is: X2Go Client "gets stuck" in the session startup=20=20 procedure=20(it's not a real freeze), it does not return to the login=20=20 dialog=20widget anymore. Options remaining: closing X2Go Client and=20=20 reopening. I=20stumbled over this because of a configuration in SSH daemon on one=20= =20 of=20my test boxes. Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_hcFH1o3fepNhI36sfXahqw9 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJVGNAQAAoJEJr0azAldxsxAm4QALSZdZZ+ehmk02+ZKvKyFsxZ Duk0ZUMQRkm8Vu5pk6MbUCnrIpesfRYG9Flb9s6A9mCSwzFGc6Dm6WOnOomqA35t zTT6JXdGK4qnyd0lIUcPTQwi/T2agyB0ClKLwOL9S08WpGCsotiYXhCXLGegdofW WJ3VSNnwGbEGEkFPtthszDzltciTQFYYn8WDfa3iIOi+Uk82oFiIFFY0TIUyXPwz eADd1ADg47+CVdObpRdecXSJucA1JUKQxxTFuXeTdIO23gCUN4XLjcIxX58nXT3w H3TfOeCwzf3AG6nGb9hSZi58pQj0fDdhC2RLiS4b6XcWdcsGsqzPPo03yoUf8NTs ruNr1qOCQFwIzNF8mXoKoyjfz+1lFZY+ovmX5buZOGAeX8W7oN4XPehtRDYA5/pe xFJR08eB48shNOpRMoreBtizFlSPuhnaXZIrbwQbmETEki7JrfTnIsRaCDUehp0J 3lVVa7TB6JQvXth7+S8V48kNnd6O5/TnMG/7irS1Cd83SQfjF+T+nJxyP1fT+8FB cneqhd7fnHtV4UWj3C2rxrVL5CYtrp754PSfqppOMIDtJoQaXlTWfI4OlVaQ7IXL HDlhY90RYVFr49Xrmk/t+B+NTNYvVSSRN6CovieHFd+o7Gsd0gNX6u/S5GSu9FsU oDtSuX5YucCWKz7lYkHG =c3zJ -----END PGP SIGNATURE----- --=_hcFH1o3fepNhI36sfXahqw9--