Hi Matteo,

On  Mi 10 Sep 2014 09:45:18 CEST, Matteo Panella wrote:

> Package: python-x2go
> Version: 0.4.0.9
>
> Whenever a host key is registered using pyhoca-cli or pyhoca-gui, the
> $HOME/.ssh/known_hosts file gets clobbered: all keys whose type is not
> either ssh-dss or ssh-rsa (namely, ECDSA and Ed25519 host keys) are removed.
>
> Steps to reproduce:
> 1. register some ECDSA/Ed25519 host keys
> 2. backup .ssh/known_hosts
> 3. define a new profile in pyhoca-gui selecting "Store SSH host keys
> under (unique) X2Go session profile ID"
> 4. connect to the host and accept the host key
> 5. run a diff between the old known_hosts file and the current
> .ssh/known_hosts file
>
> Expected behaviour:
> there should _only_ be an addition for the new ssh host key registered
> by python-x2go and no other modification
>
> Actual result:
> there is an addition for the new host key registered by python-x2go and
> removals for all ecdsa and ed25519 host keys
>
> I suspect this is a problem with paramiko not understanding ECDSA and
> Ed25519 keys in known_hosts and summarily discarding them, nevertheless
> I'm raising the bug here because the x2go PPA for Ubuntu ships a custom
> version of paramiko for precise (also because it should probably be
> noted in the release notes and/or worked around in python-x2go if possible).
>
> Client OS Version: Ubuntu 12.04.5 (amd64)
> Package source: ppa:x2go/stable
> PyHoca-GUI Version: 0.4.0.9 (0.4.0.9-0~1107~ubuntu12.04.1)
> python-x2go Version: 0.4.0.9 (0.4.0.9-0~1122~ubuntu12.04.1)
> python-paramiko Version: 1.11.0-0~664~precise1 (from ppa:x2go/stable)
>
> The server bits are mostly irrelevant since this is purely a client-side
> bug, but it happened with the following server-side configuration:
> Server OS Version: Ubuntu 14.04.1 (amd64)
> Package source: ppa:x2go/stable
> Server x2goserver Version: 4.0.1.15 (4.0.1.15-0~847~ubuntu14.04.1)
> Server x2goserver-xsession Version: 4.0.1.15 (4.0.1.15-0~847~ubuntu14.04.1)
> Server nx-libs Version: 3.5.0.27 (2:3.5.0.27-0~446~ubuntu14.04.1)

This does not happen with python-paramiko 1.15.1 anymore. I will add a  
versioned dependency for that paramiko version to our upstream release  
python-x2go and then see how to fix our archives.

Thanks for notifying us!
Mike

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb