The remote proxy closed the connection while negotiating the session. This may be due to the wrong authentication credentials passed to the server.
x2goserver 运行在Ubuntu 12.04.5 LTS上
安装好后x2go客户端连接不上,报如下错误:
The remote proxy closed the connection while negotiating the session. This may be due to the wrong authentication credentials passed to the server.
截图如下:
首先查看x2goserver 服务器端的日志 /var/log/syslog 并无异常,截取部分结果如下:
May 24 13:16:44 ubuntu /usr/sbin/x2gocleansessions[29064]: user-51-1464067003_stDGNOME_dp32: state file for this session does not exist: /tmp/.x2go-user/C-user-51-1464067003_stDGNOME_dp32/state (this can be ignored during session startups)
May 24 13:16:45 ubuntu /usr/bin/x2gostartagent: successfully started X2Go agent session with ID user-51-1464067003_stDGNOME_dp32
接着多次用x2go客户端连接x2goserver并在服务器端用netstat -tuplen | grep x2go* 查看结果,发现x2goserver除了使用ssh端口外还在监听某个tcp端口(大于30000),某次grep结果如下
于是先在iptables中加入如下规则,开启30013端口
sudo iptables -I INPUT 1 -p tcp --dport 30013 -j ACCEPT
用x2go 客户端重新连接,成功!
但是x2goserver的这个监听端口并不固定,所以这个解决方法不是一劳永逸的而且危险。通过google大量查找终于找到了靠谱的解决方法,大意就是x2goserver使用了nxclient的库文件,需要某种本地ssh代理,并且要在30001端口监听,因此需要在防火墙上打开这个端口。具体如下:
# x2go -A INPUT -p tcp -m tcp -s 127.0.0.1/32 --dport 30001 -j ACCEPT -A INPUT -p tcp -m tcp -s 127.0.0.1/32 --dport 30002 -j ACCEPT -A INPUT -p tcp -m tcp -s 127.0.0.1/32 --dport 30003 -j ACCEPT
而上面的截图中端口明显大于30003,所以我干脆把30001~30099的本地tcp端口全部打开
命令如下:
iptables -I INPUT 1 -p tcp -m tcp -s 127.0.0.1/32 --dport 30001:30099 -j ACCEPT
用x2go客户端连接,成功 :)