X2Go Bug report logs - #1003
x2goclient sshd (for folder sharing) weak host key

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Florian Wicke - Hetzner Online GmbH <florian.wicke@hetzner.de>

Date: Thu, 25 Feb 2016 15:20:01 UTC

Severity: normal

Tags: pending

Fixed in version 4.0.5.2

Done: X2Go Release Manager <git-admin@x2go.org>

Bug is archived. No further changes may be made.

Full log


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

Received: (at submit) by bugs.x2go.org; 25 Feb 2016 15:17:30 +0000
From florian.wicke@hetzner.de  Thu Feb 25 16:17:28 2016
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,URIBL_BLOCKED
	autolearn=ham version=3.3.2
Received: from localhost (localhost [127.0.0.1])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 7CF8C5DA97
	for <submit@bugs.x2go.org>; Thu, 25 Feb 2016 16:17:28 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id uKUzuZJuYCT1 for <submit@bugs.x2go.org>;
	Thu, 25 Feb 2016 16:17:22 +0100 (CET)
X-Greylist: delayed 2305 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Thu, 25 Feb 2016 16:17:22 CET
Received: from mail.hetzner.company (mail.hetzner.company [213.133.106.242])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 6AE405DA82
	for <submit@bugs.x2go.org>; Thu, 25 Feb 2016 16:17:22 +0100 (CET)
Received: from [78.46.134.130] (helo=[10.200.1.57])
	by mail.hetzner.company with esmtpsa (TLSv1.2:DHE-RSA-AES256-SHA:256)
	(Exim 4.80)
	(envelope-from <florian.wicke@hetzner.de>)
	id 1aYx5N-0002GT-Uq
	for submit@bugs.x2go.org; Thu, 25 Feb 2016 15:40:10 +0100
To: submit@bugs.x2go.org
From: Florian Wicke - Hetzner Online GmbH <florian.wicke@hetzner.de>
Subject: x2goclient sshd (for folder sharing) weak host key
Message-ID: <56CF1213.9080407@hetzner.de>
Date: Thu, 25 Feb 2016 15:39:15 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="DAtn2Men3F7ADcJ4kiIHPiKc6EQvfef1d"
X-Authenticated-Sender: florian.wicke@hetzner.de
[Message part 1 (text/plain, inline)]
Package: x2goclient

The sshd (sshd.exe) spawned by x2goclient for things like the folder
sharing is creating a DSA HostKey.

Even if this sshd is only listening on localhost and is accessed through
the ssh tunnel from the X2Go server this might lead to connections
errors if the ssh_config of the server is configured to not allow
connections to these weak (1024 bit) DSA HostKeys.

I would advice increasing this to at least 2048 bit RSA host keys or
even elliptic curve host keys if available.



Best regards,

 Florian Wicke

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Tel: +49 9831 505-187
Fax: +49 9831 505-387
florian.wicke@hetzner.de
www.hetzner.de

Registergericht Ansbach, HRB 6089
Geschäftsführer: Martin Hetzner

[signature.asc (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sun Nov 24 08:14:13 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.