From unknown Thu Mar 28 11:36:46 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1102: Kerberos (GSSAPI) auth fails there is an sshd banner and the client is on Linux (or Mac OS X) Reply-To: Mike DePaulo , 1102@bugs.x2go.org Resent-From: Mike DePaulo Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Thu, 13 Oct 2016 20:30:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 1102 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: Received: via spool by submit@bugs.x2go.org id=B.14763905884694 (code B); Thu, 13 Oct 2016 20:30:02 +0000 Received: (at submit) by bugs.x2go.org; 13 Oct 2016 20:29:48 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.7 required=3.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM autolearn=ham version=3.3.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 07C2D5DA9D for ; Thu, 13 Oct 2016 22:29:46 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jQ-e9TN0liCw for ; Thu, 13 Oct 2016 22:29:39 +0200 (CEST) Received: from mail-yb0-f169.google.com (mail-yb0-f169.google.com [209.85.213.169]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 932165DA8E for ; Thu, 13 Oct 2016 22:29:38 +0200 (CEST) Received: by mail-yb0-f169.google.com with SMTP id 184so35703962yby.2 for ; Thu, 13 Oct 2016 13:29:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=DJ6d3U4gRF17rRCSesGZMSUh81LsADyoU37SSWmT6PE=; b=p9ZCf2kt1DalbbL+41L/zfknebnpN+SxoC+AqPNyWJ4aiyIbQaRKk2TgobRU5PAPUY Vj6OtjeYeImrReB9yF/E9u4rdkr+2FgBQ91sdK+A0NmtwqEdzoPi1N2utDXDhs3Vwe5/ ZegEUFrrlkmmm/h6mfzZJpd4Jpbv+8XwJE1gYw+2BgiDS2+6dgxawHO7pCJfE88GAgki /UpwSzsm6FVddzPo/LroGEKxK4mWqKGRJfqnUN7KVEqWO8q25y00s3azTVu6uF5Zrods StafUDNO/QZ4z7/tmVM5UA+hXlydw1yPzGvELti35iLvxFyg7oT6GfmohtD4922VB9Bf 4UGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=DJ6d3U4gRF17rRCSesGZMSUh81LsADyoU37SSWmT6PE=; b=EXyzdKvdnOR19o+XVcAgGLLTu2pWo8NwtG5SM0hx4M5JIhvsfW5f1cjmCe1NnY17rI 4spV9uys1GgyOHPBXKs1sA/O4Bl9NVHp029VK4Ym11BuH1vjxll4OCJUmvHfIweyAC+r F0YQK4Jl0FEm261BePix5dz03ScdHI/TTacUXSGJvB3lR1vPBW132zWVMrERHb2yxu/4 AuTB1n18JrJeOWWgMpakniCdCKugWGzZulJbV3DJbKLVN2h+YLKhP05IXK0VcVPELg7P D3URkK7aOqb+MIBYsgq8mSxfCBSo5DkpLbZTyRJ4baJchhefzsdwE5Iq7PnMHV9NUgvp 3pcg== X-Gm-Message-State: AA6/9RkEtKE8tEy6pYT/mkd8Q20fS4wmP05Q4nsC/Ob4Fycv7gBYsK3LMU9qoyZZqcRuozj4vCfcnBxHJy1A1Q== X-Received: by 10.37.199.82 with SMTP id w79mr7233524ybe.127.1476390577195; Thu, 13 Oct 2016 13:29:37 -0700 (PDT) MIME-Version: 1.0 Received: by 10.129.159.20 with HTTP; Thu, 13 Oct 2016 13:29:36 -0700 (PDT) From: Mike DePaulo Date: Thu, 13 Oct 2016 16:29:36 -0400 Message-ID: To: "submit@bugs.x2go.org" Content-Type: text/plain; charset=UTF-8 Package: x2goclient Version: 4.0.5.2 When the following conditions are met: 1. You are using Kerberos (GSSAPI) auth 2. You are using the Linux client (Mac client is probably affected also, although I have not tested it. Windows is unaffected, I tested it.) 3. A "banner" is enabled on the SSH server 4. `x2golistsessions` lists no sessions. e.g., you do not already have a session running. Kerberos (GSSAPI) auth fails. This is because the x2goclient code considers the connection to have failed if the `ssh` command has 0 length standard output (in between the delimeters), but it does have standard error. A connection is made to the remote system to run `x2golistsessions`, which returns no standard output when there are no existing sessions. However, the `ssh` command outputs the banner on standard error. Note that the banner is outputted in a popup window, as if it were an SSH connection error. This is a separate bug IMHO.