From admin@np.tl Fri Jan 18 19:15:10 2013 Received: (at submit) by bugs.x2go.org; 18 Jan 2013 18:15:10 +0000 Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by ymir (Postfix) with ESMTP id 4D2315DB18 for ; Fri, 18 Jan 2013 19:15:10 +0100 (CET) Received: from [IPv6:2001:470:9f43::4] (buster.dn42.nowhere.ws [IPv6:2001:470:9f43::4]) (Authenticated sender: admin@np.tl) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id EC88017209A for ; Fri, 18 Jan 2013 19:15:09 +0100 (CET) Message-ID: <50F9912D.8010701@np.tl> Date: Fri, 18 Jan 2013 19:15:09 +0100 From: Christian Franke User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: submit@bugs.x2go.org Subject: SSH Host Key Validation fails when ECDSA is already known Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Package: x2goclient Version: 4.0.0.1 I have a server to which I regularly use SSH. On one client system, I used regular OpenSSH to connect to that server, accepting its ECDSA key before ever connecting using x2goclient. While I currently can ssh to that server without any problems using ECDSA, when trying to connect with x2goclient, I get: "The host key for this server was not found but an othertype of key exists. An attacker might change the default server key to confuse your client into thinking the key does not exist" (nb: if I remember correctly x2goclient used to call regular OpenSSH, now it seems to implement ssh by itself. I liked the former approach much better since it allowed me to use SSH features like ControlMaster, ProxyCommand etc. Also it avoids cat and mouse issues like this bug seemingly originating from differing SSH Client feature sets)