Provided by: x2gobroker-ssh_0.0.4.3-4_amd64 bug

NAME
       x2gobroker{,-daemon,-ssh} - Session Broker for X2Go


SYNOPSIS
       x2gobroker [ options ]

       x2gobroker-daemon [ options ]

       x2gobroker-ssh [ options ]


DESCRIPTION
       x2gobroker  (resp. x2gobroker-daemon) is a Python Tornado based implementation of the X2Go Session Broker
       API. x2gobroker-ssh is the same application but designed for usage via SSH (as a command line tool).

       The HTTP(S) implementation of x2gobroker is normally executed either through the host's  init  system  or
       via the WSGI module in your httpd server. The SSH implementation is executed by X2Go clients through SSH.

       See the included README and TODO for further information on x2gobroker.


GENERAL OPTIONS
       x2gobroker{,-daemon,-ssh} accepts the following common options:

       -M, --mode {HTTP|SSH}
              Set  X2Go Session Broker into HTTP or SSH mode. If this option is omitted, then SSH is the default
              mode.  If x2gobroker-daemon is used as executable name, then the default mode is HTTP(S).

       -C, --config FILENAME
              Specify an alternative configuration file name, default is: /etc/x2go/x2gobroker.conf.

       -d, --debug
              Enable debugging code. This also makes http's POST method available as GET method, which then  al‐
              lows it to test the broker API through a normal web browser.

       -h, --help
              Display a help with all available command line options and exit.


SSH MODE COMMAND LINE OPTIONS
       x2gobroker-ssh,  i.e.,  when  run from the command line or via SSH, accepts/requires these additional op‐
       tions:

       --task {listsessions, selectsession, setpass, testcon}
              Specify the either of the known broker tasks (listsessions, selectsession, setpass, testcon). This
              parameter is compulsory, the command execution will fail if it is omitted.

       --user USERNAME
              If x2gobroker is run by the `magic' user (the x2gobroker account by default), then the  x2gobroker
              is allowed to change its user context and do queries on behalf of the user specified with this pa‐
              rameter.

       --auth-cookie, --auth-id AUTHENTICATION_COOKIE
              It  is  possible  to enforce a stronger authentication via an additional pre-shared authentication
              cookie. This authentication cookie must be stored in a client-side file so that  X2Go  Client  can
              access  it  and  then  pass  it  on to the X2Go Session Broker (via the X2Go Client option --auth-
              id=<fullpath-to-file>) while authenticating against the broker.

              The server-side cookie hash can be set in /etc/x2go/x2gobroker.conf (option: my-cookie). You  have
              to  set  the  option require-cookie-auth to true to enable the additional cookie comparison in the
              X2Go Session Broker.

       --profile-id, --sid SESSION_PROFILE_ID
              For the selectsession task the session profile ID has to be given as an additional parameter.

       --backend BACKEND_NAME
              Query another than the default broker backend.


HTTP(S) DAEMON OPTIONS
       x2gobroker-daemon in standalone HTTP(S) daemon mode accepts these additional options:

       -b, --bind ADDRESS:PORT
              The [address:]port that the Tornado http-engine will bind to (default: 127.0.0.1:8080).

       -D, --daemonize
              Fork this application to background and detach from the running terminal.

       -P, --pidfile
              Custom PID file location when daemonizing (default: <RUNDIR>/x2gobroker/x2gobroker-daemon.pid).

       -L, --logdir
              Directory where stdout/stderr will be redirected after having daemonized (default: /var/log/x2gob‐
              roker/).

       -D, --drop-privileges
              If started as root, drop privileges to uid X2GO_DAEMON_USER and gid X2GO_DAEMON_GROUP (as  config‐
              ured  in  /etc/x2go/broker/defaults.conf  on systemd systems or /etc/defaults/python-x2gobroker on
              SystemV systems).


SECURITY NOTICE / DISCLAIMER
       Users are advised to not misinterpret X2Go Session Broker's capabilities as a security feature. Even when
       using X2Go Session Broker, it is still possible for users to locally configure an X2Go  Client  with  any
       settings they want, and use that to connect. So if you're trying to keep users from running a certain ap‐
       plication  on  the  host,  using  X2Go Session Broker to "lock" the configuration is the *wrong* way. The
       users will still be able to run that application by creating their own, local configuration file and  us‐
       ing that.

       To  keep  users  from running an application on the server, you have to use filesystem permissions on the
       X2Go Server. In the simplest case, this means setting chmod 750 or 550 on the particular  application  on
       the  host,  and  making  sure  the users in question are not the owner and also not a member of the group
       specified for the application.


FILES
       /etc/x2go/x2gobroker.conf, /etc/x2go/broker/* (configuration files)

       /etc/default/python-x2gobroker, /etc/default/x2gobroker-daemon (environment for X2Go Session Broker  when
       run as a standalone daemon via SystemV or upstart)

       /var/log/x2gobroker/* (log files of X2Go Session Broker)


SEE ALSO
       /usr/share/doc/x2gobroker


AUTHOR
       This manual has been written for the X2Go project by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>.

Version 0.0.4.x                                     Apr 2020                                       x2gobroker(1)