Hi,
I have a CentOS 7 server set up and running with x2go so that I can access xfce remote desktops via an SSH tunnel. I can log in fine using x2go with a local user account. I've just installed Centrify Express as I want to allow AD users to also log in using x2go. I can ssh in to the server as an AD user without any problem, however, when I try to log in using x2go the session fails. If I debug on the x2go client side I get the following:
Info: Proxy running in client mode with pid '11430'.
Session: Starting session at 'Sun Jul 23 10:11:55 2017'.
Info: Connecting to remote host 'localhost:51231'.
Info: Connection to remote proxy 'localhost:51231' established.
"
x2go-DEBUG-../src/sshprocess.cpp:109> New TCP connection.
x2go-DEBUG-../src/sshprocess.cpp:114> New socket: 19
x2go-DEBUG-../src/sshmasterconnection.cpp:1516> Creating new channel.
x2go-DEBUG-../src/sshmasterconnection.cpp:1520> New channel:0x7fc283e77030
x2go-DEBUG-../src/sshmasterconnection.cpp:1526> Forwarding new channel, local port: 49880
x2go-DEBUG-../src/sshmasterconnection.cpp:1544> New channel forwarded.
x2go-DEBUG-../src/sshmasterconnection.cpp:1703> "channel_write failed." - "Remote channel is closed"
x2go-DEBUG-../src/sshprocess.cpp:463> I/O error: "channel_write failed."" - Remote channel is closed" (2).
x2go-DEBUG-../src/sshmasterconnection.cpp:1746> EOF sent.
x2go-DEBUG-../src/sshmasterconnection.cpp:1750> Channel closed.
x2go-DEBUG-../src/onmainwindow.cpp:6014> Proxy wrote on stderr: "Error: The remote NX proxy cl"
x2go-DEBUG-../src/onmainwindow.cpp:6014> Proxy wrote on stderr: "osed the connection.
Error: Failure negotiating the session in stage '7'.
Error: Wrong version or invalid session authentication cookie.
Session: Terminating session at 'Sun Jul 23 10:11:55 2017'.
Session: Session terminated at 'Sun Jul 23 10:11:55 2017'.
"
x2go-DEBUG-../src/onmainwindow.cpp:5871> Deleting Proxy.
x2go-DEBUG-../src/onmainwindow.cpp:5920> Waiting for proxy to exit.
x2go-DEBUG-../src/onmainwindow.cpp:5940> Checking exit status.
On the server side if I have sshd in debug mode the AD user gets authenticated but then connection to the port that x2go randomly chooses on the server is refused (port 48957 on this occasion).
Jul 23 10:16:51 server-hostname sshd[28472]: debug1: Forked child 16149.
Jul 23 10:16:51 server-hostname sshd[16149]: Set /proc/self/oom_score_adj to 0
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: inetd sockets after dupping: 3, 3
Jul 23 10:16:51 server-hostname sshd[16149]: Connection from <client-ip> port 60287 on <server-ip> port 22
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: Client protocol version 2.0; client software version libssh-0.7.3
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: no match: libssh-0.7.3
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: Enabling compatibility mode for protocol 2.0
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: Local version string SSH-2.0-OpenSSH_6.6.1
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: SELinux support enabled [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: permanently_set_uid: 74/74 [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: SSH2_MSG_KEXINIT received [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: kex: client->server aes256-ctr hmac-sha2-256 none [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: kex: server->client aes256-ctr hmac-sha2-256 none [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32 [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32 [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: KEX done [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: userauth-request for user <AD-username> service ssh-connection method none [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: attempt 0 failures 0 [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: PAM: initializing for "<AD-username>"
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: PAM: setting PAM_RHOST to "<client-ip>"
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: PAM: setting PAM_TTY to "ssh"
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: userauth-request for user <AD-username> service ssh-connection method keyboard-interactive [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: attempt 1 failures 0 [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: keyboard-interactive devs [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: auth2_challenge: user=<AD-username> devs= [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: kbdint_alloc: devices 'pam' [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: auth2_challenge_start: trying authentication method 'pam' [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: Postponed keyboard-interactive for <AD-username> from <client-ip> port 60287 ssh2 [preauth]
Jul 23 10:16:51 server-hostname sshd[16153]: debug1: do_pam_account: called
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: PAM: num PAM env strings 0
Jul 23 10:16:51 server-hostname sshd[16149]: Postponed keyboard-interactive/pam for <AD-username> from <client-ip> port 60287 ssh2 [preauth]
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: do_pam_account: called
Jul 23 10:16:51 server-hostname sshd[16149]: Accepted keyboard-interactive/pam for <AD-username> from <client-ip> port 60287 ssh2
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: monitor_child_preauth: <AD-username> has been authenticated by privileged process
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: monitor_read_log: child log fd closed
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: SELinux support enabled
Jul 23 10:16:51 server-hostname sshd[16149]: debug1: PAM: establishing credentials
Jul 23 10:16:51 server-hostname sshd[16149]: pam_unix(sshd:session): session opened for user <AD-username> by (uid=0)
Jul 23 10:16:51 server-hostname sshd[16149]: User child is on pid 16161
Jul 23 10:16:51 server-hostname sshd[16161]: debug1: PAM: establishing credentials
Jul 23 10:16:51 server-hostname sshd[16161]: debug1: permanently_set_uid: 1619015552/1619015552
Jul 23 10:16:51 server-hostname sshd[16161]: debug1: Entering interactive session for SSH2.
Jul 23 10:16:51 server-hostname sshd[16161]: debug1: server_init_dispatch_20
Jul 23 10:16:51 server-hostname sshd[16161]: debug1: server_input_channel_open: ctype session rchan 43 win 64000 max 32768
Jul 23 10:16:51 server-hostname sshd[16161]: debug1: input_session_request
Jul 23 10:16:51 server-hostname sshd[16161]: debug1: channel 0: new [server-session]
Jul 23 10:16:51 server-hostname sshd[16161]: debug1: session_new: session 0
Jul 23 10:16:51 server-hostname sshd[16161]: debug1: session_open: channel 0
Jul 23 10:16:51 server-hostname sshd[16161]: debug1: session_open: session 0: link with channel 0
Jul 23 10:16:51 server-hostname sshd[16161]: debug1: server_input_channel_open: confirm session
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: server_input_channel_req: channel 0 request exec reply 1
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: session_by_channel: session 0 channel 0
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: session_input_channel_req: session 0 req exec
Jul 23 10:16:52 server-hostname sshd[16161]: Starting session: command for <AD-username> from <client-ip> port 60287
Jul 23 10:16:52 server-hostname sshd[16149]: debug1: session_new: session 0
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: Received SIGCHLD.
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: session_by_pid: pid 16162
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: session_exit_message: session 0 channel 0 pid 16162
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: session_exit_message: release channel 0
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: server_input_channel_open: ctype session rchan 44 win 64000 max 32768
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: input_session_request
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: channel 1: new [server-session]
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: session_new: session 1
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: session_open: channel 1
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: session_open: session 1: link with channel 1
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: server_input_channel_open: confirm session
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: session_by_channel: session 0 channel 0
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: session_close_by_channel: channel 0 child 0
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: session_close: session 0 pid 0
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: channel 0: free: server-session, nchannels 2
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: server_input_channel_req: channel 1 request exec reply 1
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: session_by_channel: session 1 channel 1
Jul 23 10:16:52 server-hostname sshd[16161]: debug1: session_input_channel_req: session 1 req exec
Jul 23 10:16:52 server-hostname sshd[16161]: Starting session: command for <AD-username> from <client-ip> port 60287
Jul 23 10:16:52 server-hostname sshd[16149]: debug1: session_new: session 0
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: Received SIGCHLD.
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: session_by_pid: pid 16241
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: session_exit_message: session 1 channel 1 pid 16241
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: session_exit_message: release channel 1
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: session_by_channel: session 1 channel 1
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: session_close_by_channel: channel 1 child 0
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: session_close: session 1 pid 0
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: channel 1: free: server-session, nchannels 1
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: server_input_channel_open: ctype direct-tcpip rchan 45 win 64000 max 32768
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: server_request_direct_tcpip: originator localhost port 51068, target localhost port 48597
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: connect_next: host localhost ([::1]:48597) in progress, fd=8
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: channel 0: new [direct-tcpip]
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: server_input_channel_open: confirm direct-tcpip
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: channel 0: connection failed: Connection refused
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: connect_next: host localhost ([127.0.0.1]:48597) in progress, fd=9
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: channel 0: connection failed: Connection refused
Jul 23 10:16:57 server-hostname sshd[16161]: error: connect_to localhost port 48597: failed.
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: channel 0: free: direct-tcpip, nchannels 1
Jul 23 10:16:57 server-hostname sshd[16161]: channel_by_id: 0: bad id: channel free
Jul 23 10:16:57 server-hostname sshd[16161]: Disconnecting: Received ieof for nonexistent channel 0.
Jul 23 10:16:57 server-hostname sshd[16161]: debug1: do_cleanup
Jul 23 10:16:57 server-hostname sshd[16149]: debug1: do_cleanup
Jul 23 10:16:57 server-hostname sshd[16149]: debug1: PAM: cleanup
Jul 23 10:16:57 server-hostname sshd[16149]: debug1: PAM: closing session
Jul 23 10:16:57 server-hostname sshd[16149]: pam_unix(sshd:session): session closed for user <AD-username>
Jul 23 10:16:57 server-hostname sshd[16149]: debug1: PAM: deleting credentials
I'm pretty certain this is an issue with my Centrify Express settings because I previously had PBIS Open installed (now completely removed) and it worked with x2go without any issues. Can anyone provide any suggestions as to why the connection might be refused? Many thanks in advance.
All the best
Chris