From egor@biz-club.biz Thu Mar 10 17:55:34 2016 Received: (at submit) by bugs.x2go.org; 10 Mar 2016 16:55:37 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,HTML_MESSAGE,RCVD_IN_DNSWL_BLOCKED,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 6FE0C5DA98 for ; Thu, 10 Mar 2016 17:55:34 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RGYEdZSSiRWb for ; Thu, 10 Mar 2016 17:55:28 +0100 (CET) Received: from mail-wm0-f52.google.com (mail-wm0-f52.google.com [74.125.82.52]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id F28765DA86 for ; Thu, 10 Mar 2016 17:55:27 +0100 (CET) Received: by mail-wm0-f52.google.com with SMTP id l68so36870571wml.0 for ; Thu, 10 Mar 2016 08:55:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ez-by.20150623.gappssmtp.com; s=20150623; h=from:mime-version:thread-index:date:message-id:subject:to; bh=b8h8F8sPmV7zzW6JTAnZiD9NQ04xkoANtiQ8qpgwMWQ=; b=sXHn8FjbVrpkWoI/YTigQqxAjrA9QBCvnwdslSV5lcPSCgnogtomrNWurR2ecWgemB gDqr2udQAQEhYxZzSV5X1mlPCI85GLB2R3Zhq8VXG2fZgJknaoUV8JjsvOOMd6kegz09 Hz411S8OKJHq3U2DPlSewGKnN4V1U1azCqt2EnSqiDpSgC/dD1iLLqVsUQMqF2BfVJEg oaiTRwMcKh5O/ZDiKKIZgLj+0Q6gdOQY3m078AvylgWBrfbp9Np0dpCbltupJDmcopa5 patfzKhW04JZycK5bfWU4OxppPmog1jgm1QbB/+okH9PJBOhLuZ8otLgHzU5wIN4Z7xd jnPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:mime-version:thread-index:date:message-id :subject:to; bh=b8h8F8sPmV7zzW6JTAnZiD9NQ04xkoANtiQ8qpgwMWQ=; b=HP1Yt2OW5zFs+vtqo/SXKwDDgFVYPqHTGkV8kVGQnjPuFc0AE7I7GLPXaFz3uz5VMK 6rmZ1zoda3979yzgFi2MbTb6WRHLn9vSoJIxE5JlBPooPYAyAggdR9L3pxEP6ARNmfvc 4k2/NpjMqPR0t2AquhL0xlkOv857+0BWwmExfqYyfhiureIRuWiWl00mcc5l62fUFU3k lM1kxijBN4MUvLA/LRG6yrqgGFTm7+YOdh/hK8P/3ImPGgTIriE9SVEMRgrjtYb3/h/d GiR7JJY8g5bHFWCESjWpS24whqdCbS3fAmXvne95N70c/9oWsi+cGtxhc9KltE1ftbUz QTCA== X-Gm-Message-State: AD7BkJJu+c927rfO9ufXcGRSh5SGzCaklJXnimzBwymYYyO2tUk/y2K9c+YIdiwn+ImIYcaVk+jIuuzYuK2/gw== X-Received: by 10.194.22.97 with SMTP id c1mr5070786wjf.19.1457628927428; Thu, 10 Mar 2016 08:55:27 -0800 (PST) From: =?UTF-8?B?0JfQsNC70LXRgdGB0LrQuNC5INCV0LPQvtGA?= MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AdF67YhyzlZW+2RCQbOp15QqTQQBaw== Date: Thu, 10 Mar 2016 19:54:38 +0300 Message-ID: <40e1e7122d5beac075373c6e354230be@mail.gmail.com> Subject: x2gomountdirs fails to mount directories when connecting with mswin X2go client To: submit@bugs.x2go.org Content-Type: multipart/alternative; boundary=047d7b5d8d396f27dc052db4ae4d --047d7b5d8d396f27dc052db4ae4d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Package: x2goserver Version: 4.0.1.19-0~1064~ubuntu16.04.1 amd64 First of all, I would like to thank you for your marvelous x2go server. However, I have tried to install it on Ubuntu 14.04, 15.10 and 16.04 and every time I had the same error on mounting local shares from mswin official client: Mar 10 17:53:55 x2go-test /usr/bin/x2gomountdirs[1428]: executing: timeout 30 sshfs -o idmap=3Duser,uid=3D`id -u`,gid=3D`id -g`,default_permissions,ServerAliveInterval=3D300,Cipher=3Dblowfish,Identit= yFile=3D/home/sysop/.x2go/ssh/key.gq4920,UserKnow nHostsFile=3D/home/sysop/.x2go/ssh/key.gq4920.ident "User"@192.168.0.128:"/cygdrive/D/QUAKE2" "/tmp/.x2go-sysop/media/disk/_cygdrive_D_QUAKE2" -p 7022 Mar 10 17:53:55 x2go-test /usr/bin/x2gomountdirs[1428]: WARNING: mounting of /cygdrive/D/QUAKE2 failed I have tested it on several Windows PC=E2=80=99s, still no luck. I have the= remote access to linux desktop (ssh connection to Linux works fine), but backward ssh connection fails. I have found the following bugs and solutions: 1. sshd on cygwin offers ssh-dss keys, but modern ssh-client on Ubuntu fails to accept this (deprecated?) type of a key. The problem is worked-around by adding HostKeyAlgorithms=3D+ssh-dss to /etc/ssh/ssh_config OR The problem can be solved on the whole by generating a better type of a key on windows-side. C:\Program Files (x86)\x2goclient\ssh-keygen -b 2048 -t rsa And simply replacing c:\Users\User\.x2go\etc\ ssh_host_dsa_key and c:\Users\User\.x2go\etc\ ssh_host_dsa_key.pub with generated files. Ssh-keygen supports RSA keys or even ecdsa. Of course, It would be great to do it when installing mswin x2go client 2. /usr/bin/x2gomountdirs line 312 starts sshfs connection this way: if (system("timeout 30 sshfs $code_conv -o idmap=3Duser,uid=3D`id -u`,gid= =3D`id -g`,$umaskstr,ServerAliveInterval=3D300,Cipher=3Dblowfish,IdentityFile=3D$k= ey,UserKnownHostsFile=3D$key.ident \"$user\"\@$host:\"@dirs[$i]\" \"$mntpath\" -p $port 1>>$sessiondir/sshfs-mounts.log 2>&1")=3D=3D0) BUT! =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Changes since OpenSSH 6.6 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Potentially-incompatible changes * sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default. So to make it work you just delete Cipher=3Dblowfish, out of the line like that: if (system("timeout 30 sshfs $code_conv -o idmap=3Duser,uid=3D`id -u`,gid= =3D`id -g`,$umaskstr,ServerAliveInterval=3D300,IdentityFile=3D$key,UserKnownHostsF= ile=3D$key.ident \"$user\"\@$host:\"@dirs[$i]\" \"$mntpath\" -p $port 1>>$sessiondir/sshfs-mounts.log 2>&1")=3D=3D0) Actually this bug makes impossible shares mounting for all clients (not only windows) since November 2014. It means, since then folder mounting fails for anyone, who installs updates from time to time. o_O 3. Windows 8 clients have a cygwin bug that prevent them from starting sshd properly, thus preventing them from mounting local folders: Permissions 660 for '...' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. As it is the only key, sshd fails to start at all. It is not a problem of x2go. But still, you can add to a wiki the following= : To test for this kind of error, you need to install mswin client with Debug Build and run it with debug shortcut. If you see the error stated above, you simply set the following permissions to c:\Users\\.x2go\etc folder: 1. OWNER =E2=80=93 GROUP(!!!) Users (in fact, any group your user is in = =E2=80=93 Everyone, Administrators) 2. Disable rights inheriting 3. Delete all user rights 4. Add only one rule to the rights =E2=80=93 the group, that you have set = the owner to =E2=80=93 read and write. It should not throw this error anymore. Best regards, Yahor Zaleski Doctor Server, LLC, Minsk --047d7b5d8d396f27dc052db4ae4d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Package: x2goserver

=C2=A0 Version: 4.0.1.19-0~1064~ubuntu16.04.1 amd64

=C2=A0

First of all, I would like to thank you for your marvelous x2go server.

=C2=A0

However, I have tried to install it on Ubuntu 14.04, 15.10 and 16.04 and every time = I had the same error on mounting local shares from mswin official client:

Mar 10 17:53:55 x2go-test /usr/bin/x2gomountdirs[1428]: executing: timeout 30 sshfs=C2=A0 -o idmap=3Duser,uid=3D`id -u`,gid=3D`id -g`,default_permissions= ,ServerAliveInterval=3D300,Cipher=3Dblowfish,IdentityFile=3D/home/sysop/.x2= go/ssh/key.gq4920,UserKnow

nHostsFile=3D/home/sysop/.x2go/ssh/key.gq49= 20.ident "User"@192.168.0.128:"/= cygdrive/D/QUAKE2" "/tmp/.x2go-sysop/media/disk/_cygdrive_D_QUAKE2" -p 7022

Mar 10 17:53:55 x2go-test /usr/bin/x2gomountdirs[1428]: WARNING: mounting of /cygdrive/D/QUAKE2 failed

=C2=A0

I have tested it on several Windows PC=E2=80=99s, still no luck. I have the r= emote access to linux desktop (ssh connection to Linux works fine), but backward = ssh connection fails.

=C2=A0

I have found the following bugs and solutions:

1.=C2=A0 sshd o= n cygwin offers ssh-dss keys, but modern ssh-client on Ubuntu fails to accept this (deprecated?) type of a key.

The problem is= worked-around by adding HostKeyAlgorithms=3D+ssh-dss to /etc/ssh/ssh_config

OR

The problem ca= n be solved on the whole by generating a better type of a key on windows-side.

C:\Program Fil= es (x86)\x2goclient\ssh-keygen -b 2048 -t rsa

And simply rep= lacing c:\Users\User\.x2go\etc\ ssh_host_dsa_key and c:\Users\User\.x2go\etc\ s= sh_host_dsa_key.pub with generated files.

Ssh-keygen sup= ports RSA keys or even ecdsa.

=C2=A0<= /p>

Of course, It = would be great to do it when installing mswin x2go client

=C2=A0<= /p>

2.=C2=A0 /usr/b= in/x2gomountdirs line 312 starts sshfs connection this way:

if (system(&qu= ot;timeout 30 sshfs $code_conv -o idmap=3Duser,uid=3D`id -u`,gid=3D`id -g`,$umaskstr,ServerAliveInterval=3D300,Cipher=3Dblowfish,IdentityFile=3D$k= ey,UserKnownHostsFile=3D$key.ident \"$user\"\@$host:\"@dirs[$i]\" \"$mntpath\" -= p $port 1>>$sessiondir/sshfs-mounts.log 2>&1")=3D=3D0)

=C2=A0<= /p>

BUT!

=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Changes since = OpenSSH 6.6

=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

=C2=A0<= /p>

Potentially-in= compatible changes

=C2=A0<= /p>

* sshd(8): The= default set of ciphers and MACs has been altered to

=C2=A0=C2=A0 r= emove unsafe algorithms. In particular, CBC ciphers and arcfour*

=C2=A0=C2=A0 a= re disabled by default.

=C2=A0<= /p>

So to make it = work you just delete Cipher=3Dblowfish, out of the line like that:

if (system(&qu= ot;timeout 30 sshfs $code_conv -o idmap=3Duser,uid=3D`id -u`,gid=3D`id -g`,$umaskstr,ServerAliveInterval=3D300,IdentityFile=3D$key,UserKnownHostsF= ile=3D$key.ident \"$user\"\@$host:\"@dirs[$i]\" \"$mntpath\" -= p $port 1>>$sessiondir/sshfs-mounts.log 2>&1")=3D=3D0)

=C2=A0<= /p>

Actually this = bug makes impossible shares mounting for all clients (not only windows) since Novembe= r 2014. It means, since then folder mounting fails for anyone, who installs updates= from time to time. o_O

=C2=A0<= /p>

3.=C2=A0 Window= s 8 clients have a cygwin bug that prevent them from starting sshd properly, thus preventing them from mounting local folders:

Permissions 660 for '...' are too o=
pen.
It is recommended t=
hat your private key files are NOT accessible by others.
This private key will be ignored.
=C2=A0
<=
code>As it is the only key, sshd fails to start at all=
.
=C2=A0
It is not a problem of x2go. But still,=
 you can add to a wiki the following:
=C2=A0
To =
test for this kind of error, you need to install mswin client with Debug Bu=
ild and run it with debug shortcut.
If you see the error stated above, you simply set the following=
 permissions to c:\Users\<Username>\.x2go\etc folder:
1.=C2=A0 OWNER =E2=
=80=93 GROUP(!!!) Users (in fact, any group your user is in =E2=80=93 Every=
one, Administrators)
<=
code>2.=C2=A0 =
Disable rights inheriting
3.=C2=A0 Delete all user rights
=
4.=C2=A0=
 Add only one rule to the rights =
=E2=80=93 the group, that you have set the owner to =E2=80=93 read and writ=
e.
=C2=A0
It should not throw this error anymore.

=C2=A0=C2=A0

=C2=A0<= /p>

=C2=A0

Best regards,

Yahor Zaleski

Doctor Server, LLC, Minsk

--047d7b5d8d396f27dc052db4ae4d--