X2Go Bug report logs - #106
SSH Host Key Validation fails when ECDSA is already known

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Christian Franke <admin@np.tl>

Date: Fri, 18 Jan 2013 18:18:02 UTC

Severity: normal

Merged with 240

Found in versions 4.0.0.1, 4.0.1.0

Full log


Message #9 received at control@bugs.x2go.org (full text, mbox, reply):

Received: (at control) by bugs.x2go.org; 21 Jun 2013 08:35:13 +0000
From mike.gabriel@das-netzwerkteam.de  Fri Jun 21 10:35:05 2013
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=URIBL_BLOCKED
	autolearn=unavailable version=3.3.2
Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199])
	by ymir (Postfix) with ESMTPS id 824E85DB2C;
	Fri, 21 Jun 2013 10:35:05 +0200 (CEST)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98])
	by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 16A599B8;
	Fri, 21 Jun 2013 10:35:05 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id F0F583BB30;
	Fri, 21 Jun 2013 10:35:04 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id fgI5nsv9WrXF; Fri, 21 Jun 2013 10:35:04 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id C84703BC1A;
	Fri, 21 Jun 2013 10:35:04 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id AA69E3BB30;
	Fri, 21 Jun 2013 10:35:04 +0200 (CEST)
Received: by grimnir.das-netzwerkteam.de (Postfix, from userid 33)
	id 7913A3BBF5; Fri, 21 Jun 2013 10:35:04 +0200 (CEST)
Received: from nocatv2.tng.de (nocatv2.tng.de [213.178.75.58]) by
 mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 21 Jun 2013
 10:35:04 +0200
Message-ID: <20130621103504.15043c3htzhtmam0@mail.das-netzwerkteam.de>
X-Priority: 3 (Normal)
Date: Fri, 21 Jun 2013 10:35:04 +0200
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>, 240@bugs.x2go.org
Cc: control@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#240: ecdsa-sha2-nistp256 not supported
References: <51BE1119.4030004@gmx.de>
In-Reply-To: <51BE1119.4030004@gmx.de>
MIME-Version: 1.0
Content-Type: multipart/signed;
 boundary="=_39bjlqh0o7js";
 protocol="application/pgp-signature";
 micalg="pgp-sha1"
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.4)
[Message part 1 (text/plain, inline)]
merge #240 #106
thanks

Hi Heinrich,

On So 16 Jun 2013 21:25:13 CEST Heinrich Schuchardt wrote:

> What I observed is that the entries in known_hosts created by ssh  
> that are not supported contain a string ecdsa-sha2-nistp256 instead  
> of ssh-rsa.
> Hashed entries with ssh-rsa are supported.
>
> readelf -d /usr/bin/x2goclient
> |does not show a dependency on libcrypto which contains the elliptic  
> curve cryptography functions while
> readlef -d /usr/bin/ssh
> shows such a dependency.|

The problem actually is that there is no ECDSA key support in libssh2  
(which is used by X2Go Client). Unfortunately, most recent (Open)SSH  
implementation do use ECDSA as the default key type.

Thus, I will merge this bug report with #106 which tackles the same problem.

Thanks+Greets,
Mike (who is waiting desperately for the libssh2 developers to  
implement ECDSA)


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Mon Oct 14 23:40:33 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.