Can't get x2go client to login "normally"

I’ve built a new server with Leap 42.3 & installed x2go server ( with agent ( & broker ( from the RemoteDesktop x2go repo. Desktop is LXDE.

Client is on Leap 42.2 (yes, I know it’s nearly end of life).

I want to login to sessions using ssh key auth & without password, using an ‘administrator’ user rather than root.

I have it set up so I can ssh to the box using the key & without password. keychain loads ssh-agent etc OK when I login to the client machine. All good.

But … I can’t use x2go client to get into the server - it prompts for key password (shouldn’t happen), then password (shouldn’t happen), then key password again, then I get an on-screen notification (in x2go client) that the session terminated.

I can login using the same key, but using a user of root (nasty) and root’s password. It does the same 3 prompts (key password, user password, key password) then pops up the box on the client, saying running, then up comes the desktop.

If I change sshd_config to have PermitRootLogin without-password instead of PermitRootLogin yes (default as installed), and put the appropriate stuff into authorized_keys (hardlinked to authorizes_keys2), then I can login passwordless as root using the key, but x2go won’t give me a desktop (same as administrator).

I would like at least one of (in order of preference):

  1. get desktop using key login (passwordless) as administrator
  2. get desktop using password login as administrator
  3. get desktop using key login, as root, with sshd having PermitRootLogin without-password

and, preferably, with x2go client using the ssh-agent key passwords / auth, or prompting at most once for the key.

Any advice for when to look for the defect, or what evidence / information will help you to locate the fault?


For clarity:

in the x2go client session config, I have the key identified explicitly and also have Try auto login (via SSH Agent or default SSH key) ticked.

Which DM?

openbox (which is default for Leap 42.3 LXDE install).

The server is set to start to rather than graphical target. Would this make a difference?

OK. Lots more fiddling.

Now have administrator logging in using password, and have changed sshd’s PermitRootLogin to without-password, so that now won’t connect through x2go.

Basically, removing all the keys and ticks for SSH agent gets me in with only 1 prompt for a password. And I can get in securely everywhere using ssh with keys as needed.

Not ideal, but working.

That said, I’m still looking for any advice on how to get x2go to talk properly to ssh-agent started by keychain on openSUSE.

Found the problem. For anyone who does something similar:

I had set no-agent-forwarding,no-port-forwarding,no-X11-forwarding in authorised_keys (which I do as standard on all entries) and that was stopping x2go from using the tunnel.