Provided by: x2gobroker-ssh_0.0.4.1-1_amd64 bug

NAME
       x2gobroker{,-daemon,-ssh} - Session Broker for X2Go


SYNOPSIS
       x2gobroker [ options ]

       x2gobroker-daemon [ options ]

       x2gobroker-ssh [ options ]


DESCRIPTION
       x2gobroker  (resp. x2gobroker-daemon) is a Python Tornado based implementation of the X2Go Session Broker
       API. x2gobroker-ssh is the same application but designed for usage via SSH (as a command line tool).

       The HTTP(S) implementation of x2gobroker is normally executed either through the host's  init  system  or
       via the WSGI module in your httpd server. The SSH implementation is executed by X2Go clients through SSH.

       See the included README and TODO for further information on x2gobroker.


GENERAL OPTIONS
       x2gobroker{,-daemon,-ssh} accepts the following common options:

       -M, --mode {HTTP|SSH}
              Set  X2Go Session Broker into HTTP or SSH mode. If this option is omitted, then SSH is the default
              mode.  If x2gobroker-daemon is used as executable name, then the default mode is HTTP(S).

       -C, --config FILENAME
              Specify an alternative configuration file name, default is: /etc/x2go/x2gobroker.conf.

       -d, --debug
              Enable debugging code. This also makes http´s POST method available  as  GET  method,  which  then
              allows it to test the broker API through a normal web browser.

       -h, --help
              Display a help with all available command line options and exit.


SSH MODE COMMAND LINE OPTIONS
       x2gobroker-ssh,  i.e.,  when  run  from  the  command  line or via SSH, accepts/requires these additional
       options:

       --task {listsessions, selectsession, setpass, testcon}
              Specify the either of the known broker tasks (listsessions, selectsession, setpass, testcon). This
              parameter is compulsory, the command execution will fail if it is omitted.

       --user USERNAME
              If  x2gobroker is run by the `magic' user (the x2gobroker account by default), then the x2gobroker
              is allowed to change its user context and do queries on behalf of the  user  specified  with  this
              parameter.

       --auth-cookie, --auth-id AUTHENTICATION_COOKIE
              It  is  possible  to enforce a stronger authentication via an additional pre-shared authentication
              cookie. This authentication cookie must be stored in a client-side file so that  X2Go  Client  can
              access  it  and  then  pass  it  on to the X2Go Session Broker (via the X2Go Client option --auth-
              id=<fullpath-to-file>) while authenticating against the broker.

              The server-side cookie hash can be set in /etc/x2go/x2gobroker.conf (option: my-cookie). You  have
              to  set  the  option require-cookie-auth to true to enable the additional cookie comparison in the
              X2Go Session Broker.

       --profile-id, --sid SESSION_PROFILE_ID
              For the selectsession task the session profile ID has to be given as an additional parameter.

       --backend BACKEND_NAME
              Query another than the default broker backend.


HTTP(S) DAEMON OPTIONS
       x2gobroker-daemon in standalone HTTP(S) daemon mode accepts these additional options:

       -b, --bind ADDRESS:PORT
              The [address:]port that the Tornado http-engine will bind to (default: 127.0.0.1:8080).

       -D, --daemonize
              Fork this application to background and detach from the running terminal.

       -P, --pidfile
              Custom PID file location when daemonizing (default: <RUNDIR>/x2gobroker/x2gobroker-daemon.pid).

       -L, --logdir
              Directory  where  stdout/stderr   will   be   redirected   after   having   daemonized   (default:
              /var/log/x2gobroker/).

       -D, --drop-privileges
              If  started  as  root,  drop  privileges  to  uid  X2GO_DAEMON_USER  and gid X2GO_DAEMON_GROUP (as
              configured in /etc/x2go/broker/defaults.conf on systemd systems or /etc/defaults/python-x2gobroker
              on SystemV systems).


SECURITY NOTICE / DISCLAIMER
       Users are advised to not misinterpret X2Go Session Broker's capabilities as a security feature. Even when
       using X2Go Session Broker, it is still possible for users to locally configure an X2Go  Client  with  any
       settings  they  want,  and  use that to connect. So if you're trying to keep users from running a certain
       application on the host, using X2Go Session Broker to "lock" the configuration is the  *wrong*  way.  The
       users  will  still  be  able  to run that application by creating their own, local configuration file and
       using that.

       To keep users from running an application on the server, you have to use filesystem  permissions  on  the
       X2Go  Server.  In the simplest case, this means setting chmod 750 or 550 on the particular application on
       the host, and making sure the users in question are not the owner and also not  a  member  of  the  group
       specified for the application.


FILES
       /etc/x2go/x2gobroker.conf, /etc/x2go/broker/* (configuration files)

       /etc/default/python-x2gobroker,  /etc/default/x2gobroker-daemon (environment for X2Go Session Broker when
       run as a standalone daemon via SystemV or upstart)

       /var/log/x2gobroker/* (log files of X2Go Session Broker)


SEE ALSO
       /usr/share/doc/x2gobroker


AUTHOR
       This manual has been written for the X2Go project by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>.