On 08/30/2017 09:09 PM, J. M. van Bilsen wrote: > > Package: x2goclient > Version: 4.0.5.1-1 First off: I will likely close this issue report, since there's nothing we could do about this. More about that later. > $ cat /etc/lsb-release > DISTRIB_ID=LinuxMint > DISTRIB_RELEASE=18.1 > DISTRIB_CODENAME=serena > DISTRIB_DESCRIPTION="Linux Mint 18.1 Serena" So you're using Linux Mint 18.1. Am I correct to assume this is the Ubuntu-based version? > $ dpkg --list | grep x2goclient > ii x2goclient 4.0.5.1 > -1 amd64 X2Go Client > application (Qt4) Where is this package coming from? It doesn't seem to be from any of our repositories, so the report is bogus at best and should have been reported upstream. I'm not saying this to be mean, but merely because we have no control over this repository and what it contains. What would be more relevant in this situation is information about the libssh (note: *not* libssh2) package. > WARNING my assumption is this problem will be on all x2goclient > programs. It is and it is not. It highly depends on the libssh version x2goclient was built against and uses at run time (though strictly speaking, as long as the soversion is compatible, these two things can differ.) Generally, and as I've explained countless times on mailing lists already, the algorithms "supported" by X2Go Client boils down to what the underlying libssh software supports. Sadly, this differs highly between versions. Older versions (0.5.x and below) typically do not support a wide range of algorithms, may that be MAC or even key algorithms. Support for these SHA2-based type MAC algorithms, according to https://www.libssh.org/features/, is available, but typically only in versions 0.7.x and higher. I'd have to look up the actual version number that brought the changes, but chances are that your libssh version is just too old. > After change of the security settings on sshd we cannot connect using > x2go. > Using portforwarding ssh -L 9999:localhost:22 someremotehost then > letting x2goclient connect to localhost port 9999 works. > > Settings in sshd_config > > MACs hmac-sha2-256,hmac-sha2-512 Yeah, you disabled SHA1-based MACs. No wonder you see this problem... > kex error : no match for method mac algo client->server: server [hmac- > sha2-256,hmac-sha2-512], client [hmac-sha1] > > My assumption is client is configured using hmac-sha1 as default Actual explanation is above. If SHA2-based MACs were supported by your libssh version, it would have worked. > Problem does not surface using ssh or ssh port forwarding. > > Problem can be easy reproduced using raspberry with mathe and MACs > hmac-sha2-256,hmac-sha2-512 in sshd_config > > Problem surface also with different ssh proxy servers having the MACs > setting. As stated before normal connection on ssh or using port > forwarding no problem. And that's for another reason - OpenSSH is a completely different implementation of the SSH protocol. Since X2Go Client is not using OpenSSH, but libssh, that test sadly isn't too meaningful. Mihai