From unknown Fri Mar 29 11:49:58 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#672: SSH-Agent-Forwarding in pyhoca-gui does not survive reconnects Reply-To: Robert Siemer , 672@bugs.x2go.org Resent-From: Robert Siemer Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Wed, 12 Nov 2014 23:40:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 672 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: Received: via spool by submit@bugs.x2go.org id=B.141583532327048 (code B); Wed, 12 Nov 2014 23:40:01 +0000 Received: (at submit) by bugs.x2go.org; 12 Nov 2014 23:35:23 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=ham version=3.3.2 X-Greylist: delayed 586 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Thu, 13 Nov 2014 00:35:18 CET Received: from miranda.backsla.sh (woi4u.backsla.sh [213.239.218.239]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 3B35E5DB35 for ; Thu, 13 Nov 2014 00:35:18 +0100 (CET) Received: from [192.168.2.107] (dslb-088-074-175-125.088.074.pools.vodafone-ip.de [88.74.175.125]) by miranda.backsla.sh (Postfix) with ESMTPSA id 1085AD3006D for ; Thu, 13 Nov 2014 00:55:23 +0100 (CET) Message-ID: <5463EC5A.9000109@backsla.sh> Date: Thu, 13 Nov 2014 00:25:14 +0100 From: Robert Siemer User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: submit@bugs.x2go.org Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Package: x2goserver Version: 4.0.1.18 Pyhoca-gui supports SSH-agent-forwarding, but that doesn’t survive a reconnect with session resumption. As far as I understand the following happens: (-pyhoca is configured to do SSH-agent-forwarding) -pyhoca connects via SSH to the X2Go server -the sshd creates a unix domain socket in /tmp/ssh-XXXXXX/agend.PID -the sshd sets SSH_AUTH_SOCKET containing the name of the socket -sshd starts whatever is requests by the X2Go client having that environment -SSH-agent-forwarding works whenever the SSH-connection dies (proper session suspend with disconnect or connection is “cut”) it continues like this: -SSH is connected again -unix domain socket and environment is set up, but -the programs (the X11 clients in a resumed X2Go session) are still running in the old environment with outdated SSH_AUTH_SOCKET info -the programs from before can’t access the SSH-agent -...unless the new value gets setup in the old environments possible fix is this: -X2Go on the server side does not start any new programs in the X2Go session or resumes an X2Go session, until: -an only-session-dependent symbolic link is set up pointing to the socket from SSH_AUTH_SOCKET -SSH_AUTH_SOCKET is set to that symbolic link Result: -as the name of symbolic link is fixed for the session, no environment variables need to be updated -the link always points to the socket created by the sshd for this connection -the ssh-agent can be reached