GNOME Bugzilla – Bug 322155
Secure X remote connection through gdm
Last modified: 2012-03-06 06:59:45 UTC
At this time, gdm doesn't propose by default any way to set up a secure remote connection to a distant host; the default network based X protocol goes on the clear on the the network, so isn't appropriate in most cases. I've come up with a set of simple scripts to use a remote X connection through ssh as a session type in gdm; it clearly needs some polishing, but I think it would be a useful addition to the default gdm distribution. See the details in my blog at: http://people.w3.org/~dom/archives/2005/09/setting-up-a-secure-remote-x-session-with-gdm/
This looks interesting. It seems like it involves only adding a new script and desktop file. However it would need some work to be added to GDM. I'm not sure this is a good feature to install by default. It might be nice if the configure script had a --enable-secureremote or something that causes the additional files to get installed. Also it depends on zenity so the configure script should check for zenity and only install these new pieces if zenity is on the system. If you provide a patch with the above configure work, I'd add it to GDM CVS.
Created attachment 56855 [details] [review] Configure patch for said feature
Here is the patch for the configure work; but it really only does the configure work i.e. it doesn't include changes in config/Makefile.am to actually install the files; I've had a quick look to doing that, but I'm not quite confident with it... I wonder if anybody else would be interested in doing that.
Thanks for the patch, though more work is needed before this can go in. Doing the Makefile.am work is not too hard. I'd rather you did the work, sorry. I'll step you through the process and help you...and then you'll be better able to work with Makefile.am files in the future. 1) Note in GDM CVS head how when you configure with --with-prefetch it sets the PREFETCH value with the filename to install. Note that in utils/Makefile.am, it installs this only if this is set by having the following lines. The @GDMPREFETCH@ only gets set to a real value if the --with-prefetch is used, so it only will install this if the configure option was used. libexec_PROGRAMS = \ @GDMASKPASS@ \ @GDMOPEN@ \ @GDMPREFETCH@ \ gdmtranslate You can do something similar in config/Makefile.am for this line: DESKTOP_FILES = default.desktop CDE.desktop gnome.desktop If you set up SSHDESKTOP=ssh.desktop in configure.ac (but only when --enable-securemote is set) and then add a @SSHDESKTOP@ to the "DESKTOP_FILES" line in config/Makefile.am, it should install the ssh.desktop file only when the config option is used. You can look at how PREFETCH is managed to see how to only set these values when the configure option is there. Also add the ssh.desktop to the uninstall-hook, much like the other desktop files. 2) Now you need to install ssh-session. Though I'd call it gdm-ssh-session since the naming convention in GDM is to name stuff with the gdm prefix. Since this is a executable that is not intended to be run by the end-user directly, I'd put this script in gdm2/utils (much like GDMPREFETCH) so it gets installed to /usr/lib. Just do it much the same way as GDMPREFETCH does so it only installs this file if --enable-secureremote is included on the configure line. In other words, its pretty much the same work as in step #1 above. At this point you've done all the Makefile.am/configure work to make GDM install the files...but now you need to do the work so that the files get built with the proper stuff inside them. 3) Your desktop file needs to call the gdm-ssh-session script. To make it smart enough so it knows the proper full path of the script, I'd do something like this. I'd put your ssh-desktop file in the config directory with the name ssh-desktop.in and give it the following line: Exec=@GDMSSHSESSIONCMD@ Then in configure.ac, set GDMSSHSESSION=$EXPANDED_LIBDIR/ssh-session only if --enable-secureremote is included on the configure line. I'd do this right around where the prefetch stuff is done since you have to do this after EXPANDED_LIBDIR is set by configure (and prefetch is in the right place to use this). Add config/ssh-deskop to the AC_OUTPUT () macro near the bottom of configure.ac so that configure builds the ssh-session file from the ssh-session.in file. Also add ssh-desktop.in to the "EXTRA_DIST" in config/Makefile.am so this file gets included in distributions. 4) One issue I have is that in the ssh-session file you have on your website it has the following command: SSH_ASKPASS=/etc/alternative/ssh-askpass /usr/bin/ssh -A -X -T -n "$TARGETHOST" /usr/bin/x-session-manager On my machine I don't have an /etc/alternative directory, nor do I have a /usr/bin/x-session-manager. You might use the X_SERVER value in configure.ac to fill in the /usr/bin/x-session-manager value. This means that you need the gdm-ssh-session script to do something like in step #3 above where the file is called gdm-ssh-session.in and has something like this: SSH_ASKPASS=/etc/alternative/ssh-askpass /usr/bin/ssh -A -X -T -n "$TARGETHOST" @X_SERVER@ This means you integrate your file into the utils directory as gdm-ssh-session.in, you add gdm-ssh-session to AC_OUTPUT in configure.ac and add gdm-ssh-session.in to EXTRA_DIST in the utils/Makefile.am However, I'm not sure what to do about /etc/alternative/ssh-askpass. That doesn't look right to me. Or is it expected that the sysadmin has to create this file before this will really work? If so, would it make sense for GDM to build this file? Not sure. 5) I will not accept a patch that does not update docs/C/gdm.xml with documentation explaining how to use this feature, especially if it requires additional setup (like creating the /etc/alternative/ssh-askpass file, if necessary). After doing all this work, you should be able to run configure --with-secureremote and the files should get installed to the right places and the values like @GDMSSHSESSIONCMD@ should all be properly expanded. You should also verify that running "make uninstall" removes the files. It's also good to test running configure without the --with-secureremote option and verify that it doesn't bother installing the files when the option is not included. Also verify running "make uninstall" in this case doesn't complain.
*** Bug 167848 has been marked as a duplicate of this bug. ***
Created attachment 57283 [details] [review] Patch including suggested modifications Thanks for all the helpful direction; here is a new patch which does most of what you requested (hopefully). A few comments on your comments: * re 4) /etc/alternatives/ssh-askpass and /usr/bin/x-session-manager are Debian-isms; I've changed the login script to use what should be sane defaults, i.e. nothing for ssh-askpass (since some version of it should be invoked automatically by the ssh call when there is no open terminal), and /etc/X11/Xsession for x-session-manager. I hope this make it generic enough for most distributions. * re 5), I've added a quick paragraph on the new command in EXPANDED_LIBEXECDIR; I hope you didn't need more than that
BTW, there is a (hopefully temporary) problem with the patch; the session appears under the name "foo" instead of "Secure Remote connection"; I assume this is because there is no translation yet for the _Name text in the desktop file.
This change is checked in. You made it just in time to make it for the 2.14 API freeze. I made a few modifications to the config/Makefile.am so that it only installs the ssh.desktop file if --enable-secureremote is turned on. I believe the reason for "foo" is because you named the keys in the ssh.desktop file _Name and _Comment instead of just Name and Comment. I fixed this so it should work. Could you build the code out of CVS head using the --enable-secureremote configuration option and verify it works for me. Lastly, I think that this feature should be better documented in the docs/C/gdm.xml file. Note in the "Introduction" section that there is a section that describes XDMCP. There should probably be a secution for "Secure Remote" that explains how it works, why you would want to use it, how to turn it on via configure, etc. Could you write a few paragraphs and provide a patch for the docs? Thanks.
Created attachment 57503 [details] [review] Patch for documentation Here is an additional patch for the documentation; please note that English is not my primary language, and I haven't contributed to any gnome documentation in the past, so my style/approach may not be a very good fit...
I did compile the version from CVS without problem, and the resulting gdm has the remote secure session, so it all works for me.
Thanks for the docs update. I've commited to CVS head and will mark this bug as fixed. I added you to the AUTHORS file for GDM2 as well.
(In reply to comment #11) > Thanks for the docs update. I've commited to CVS head and will mark this bug > as fixed. I added you to the AUTHORS file for GDM2 as well. As it is still not working on my rhel 6.2. the gdm version is GDM 2.30.4, Could you told me which reversion this solution is released on ? Thanks.