Giancarlo Razzolini <[email protected]> wrote: > Em 04-06-2014 02:52, Predrag Punosevac escreveu: > > Correct! X2Go servers (30 of them) run on Linux computing nodes which > > are accessible only via OpenBSD ssh gateway. > Figured. > > > > I am going to answer my own question. I have not been able to use > > OpenBSD shell gateway as a proxy from the X2Go client probably due to > > the fact that only root can do forwarding on privileged ports. > > > > However combining > > > > ssh -L 8080:x2goserver.int.mydomain.org:22 shell.mydomain.org > > > > With editing /etc/ssh/sshd_config > > > > GSSAPIAuthentication yes > > AllowAgentForwarding yes > > AllowTcpForwarding yes > > X11Forwarding yes > > > > And pointing x2go client on my local machine to > > > > localhost:8080 > > > > I had no problem running MATLAB on the remote computing node and having > > it GUI displayed locally on my desktop. > In this case, you only need to allow tcp forwarding, since that is the > only thing you're doing when logging into the OpenBSD machine. You might > want to take a look at the chroot functionalities of the openssh server,
I was not able to connect to X2Go server without GSSAPIAuthentication yes I can send you the picture of error from x2go client via private e-mail if you want. > I don't think it's a good idea to allow this many users with > unrestricted shell access in your OpenBSD machine. Also, I believe that > in your case, a VPN would make your life much simpler. Why? This OpenBSD machine serves no other purposes but to be shell gateway. What will happen if it gets hacked? Well then I am already in trouble because probably my computing nodes and my users which I am trying to protect are hacked. As somebody who is maintaining OpenVPN server and 20 or so clients on our LAB remote location I am intimately familiar how "simple" is VPN solution. The Lab exists to serve the needs of people who have access to shell gateway machine no the other way around. Predrag > > Cheers, > > -- > Giancarlo Razzolini > GPG: 4096R/77B981BC
