Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: X2Go dev team <git-admin-P0WSJaAXTow <at> public.gmane.org>
Subject: pyhoca-gui.git - master (branch) updated: 0.2.0.4-43-g3f005b6
Newsgroups: gmane.linux.terminal-server.x2go.scm
Date: Friday 12th October 2012 08:32:37 UTC (over 4 years ago)
The branch, master has been updated
       via  3f005b653426eb5cf92c8c909a12f245f2fa0899 (commit)
       via  04aeddee31eb27ca15346f585b6b550f757b2e3f (commit)
      from  d92c83a10d806f60fc797a06f6584445e6b16a2f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3f005b653426eb5cf92c8c909a12f245f2fa0899
Author: Mike Gabriel

Date:   Fri Oct 12 10:32:35 2012 +0200

    /debian/pyhoca-gui.docs: Install README.i18n into package.

commit 04aeddee31eb27ca15346f585b6b550f757b2e3f
Author: Mike Gabriel

Date:   Fri Oct 12 10:31:55 2012 +0200

    Add SSH agent README.

-----------------------------------------------------------------------

Summary of changes:
 README.ssh-agent       |  110
++++++++++++++++++++++++++++++++++++++++++++++++
 debian/changelog       |    3 ++
 debian/pyhoca-gui.docs |    2 +
 3 files changed, 115 insertions(+)
 create mode 100644 README.ssh-agent

The diff of changes is:
diff --git a/README.ssh-agent b/README.ssh-agent
new file mode 100644
index 0000000..5b0cf63
--- /dev/null
+++ b/README.ssh-agent
@@ -0,0 +1,110 @@
+SSH Agent support in PyHoca-GUI / Python X2Go
+=============================================
+
+Quotation from the ssh-agent man page:
+
+"""
+[...]
+
+The agent will never send a private key over its request channel.
+Instead, operations that require a private key will be performed
+by the agent, and the result will be returned to the requester.
+This way, private keys are not exposed to clients using the agent.
+
+A UNIX-domain socket is created and the name of this socket is stored
+in the SSH_AUTH_SOCK environment variable.  The socket is made
+accessible only to the current user.  This method is easily abused by
+root or another instance of the same user.
+
+[...]
+"""
+
+So the benefit of SSH agent support is: no need to have private SSH keys
+on remote systems anymore. You can keep your private ID files locally
+and use SSH agent to handle authentication requests, even if you have
+a chain of systems that you log in to:
+
+  local-machine -> machine-1 -> machine-2 -> machine-3 ...
+
+The requirement for SSH agent usage: the system administrators of the
+remote hosts must be trustworthy. They cannot obtain your private keys,
+but they can use the SSH agent socket and log into systems in your
+login chain under your identity. So, BEWARE!!!
+
+
+1. AUTHENTICATION AGAINST SSH AGENT
+-----------------------------------
+
+This feature has been added to Python X2Go 0.2.1.0.
+
+PyHoca-GUI / Python X2Go is aware of local SSH agents and can
authenticated
+against those. Use this feature with the following session profile options
+set:
+
+  [x] Discover SSH keys or use SSH agent for X2Go authentication
+
+  autologin = true (or 1)
+
+  [x] Discover SSH keys or use SSH agent for proxy authentication
+
+  sshproxyautologin = true (or 1)
+
+Do not forget to run ssh-add (see the man page for more info).
+
+2. AUTHENTICATION REQUEST FORWARDING TO YOUR LOCAL SSH AGENT
+------------------------------------------------------------
+
+This feature has been added to Python X2Go 0.2.1.0 and requires Python
Paramiko
+1.8.0.
+
+PyHoca-GUI / Python X2Go supports forwarding of SSH agent authentication
request.
+Basically, you could say that the -A command line switch of the OpenSSH
client
+is now also available with X2Go. Please read the ssh man page for more
+info on this.
+
+With this little howto, you can test SSH agent authentication request
forwarding:
+
+  Place your SSH pubkey on machine-1 and machine-2 (which can be reached
via
+  machine-1) into the (for this demo) otherwise empty files:
+
+    [email protected]:~user-1/.ssh/authorized_keys
+
+  and
+
+    [email protected]:~user-2/.ssh/authorized_keys
+
+  Return to your local client:
+
+  $ ssh-add []
+  $ pyhoca-gui
+
+  Enable SSH agent forwarding in connection tab of a session profile for
+  machine-1. Use a simple TERMINAL session command.
+
+  Connect to [email protected] and start a session on machine-1
+
+  $ echo $SSH_AUTH_SOCK
+  /tmp/ssh-/agent.
+
+  $ ssh @
+  (should work without password)
+
+  For the authentication from [email protected] to [email protected] you use
an
+  SSH agent connection that is tunneled back through Python X2Go to your
client
+  machine (the machine you run PyHoca-GUI on). So, the SSH agent on your
client
+  machine serves a challenge/response request from SSH client programs
within
+  X2Go sessions.
+
+  Note: if you try the above with a GNOME desktop (XFCE4 probably as well)
the
+  gnome-keyring will hijack the SSH agent functionality and ignore
forwarded
+  SSH agent connections. (This normally happens with the
x2goserver-xsession
+  bin:package installed.)
+
+  Use the below command to disable the SSH agent feature in gnome-keyring
(within the
+  X2Go Session):
+
+  $ gconftool-2 -s /apps/gnome-keyring/daemon-components/ssh false  --type
bool
+
+  After you have applied this gconf change, logout and re-start a new
GNOME (or XFCE4)
+  session. Now SSH agent stuff is handled properly through ssh-agent and
the ssh-agent
+  should also be aware of SSH agent forwarding connections.
diff --git a/debian/changelog b/debian/changelog
index c4c9400..ded867b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -33,6 +33,7 @@ pyhoca-gui (0.2.1.0-0~x2go1) UNRELEASED; urgency=low
       issue: #13.
     - Implement SSH agent, automatic key discovery, and SSH agent
authentication
       request forwarding in session profile manager.
+    - Add SSH agent README.
   * /debian/control:
     + Maintainer change in package: X2Go Developers
       .
@@ -42,6 +43,8 @@ pyhoca-gui (0.2.1.0-0~x2go1) UNRELEASED; urgency=low
       10.04.
   * /debian/rules:
     + Allow package build on systems with missing dh_python2.
+  * /debian/pyhoca-gui.docs:
+    + Install README.i18n into package.
 
   [ Oleksandr Shneyder ]
   * New upstream version (0.2.1.0):
diff --git a/debian/pyhoca-gui.docs b/debian/pyhoca-gui.docs
index 4a27220..bd5d7f2 100644
--- a/debian/pyhoca-gui.docs
+++ b/debian/pyhoca-gui.docs
@@ -1,3 +1,5 @@
 README
 README.Unity
+README.i18n
+README.ssh-agent
 TODO


hooks/post-receive
 
CD: 3ms