X2Go Bug report logs - #1323
SSH proxy connection doesn't work for tunnel only accounts

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Arcadie Cracan <acracan@gmail.com>

Date: Tue, 21 Aug 2018 13:45:02 UTC

Severity: normal

Found in version 4.1.2.1

Full log

Message #10 received at 1323@bugs.x2go.org (full text, mbox, reply):

Received: (at 1323) by bugs.x2go.org; 3 Mar 2020 09:58:03 +0000
From Juha.Pajula@vtt.fi  Tue Mar  3 10:58:01 2020
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham
	autolearn_force=no version=3.4.2
Received: from gate.edelkey.net (gate.edelkey.net [213.138.147.140])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 558A65DA8B
	for <1323@bugs.x2go.org>; Tue,  3 Mar 2020 10:57:59 +0100 (CET)
Received: from asgw3.edelkey.net (213138142181.edelkey.net [213.138.142.181])
	by gate.edelkey.net (8.15.2/8.15.2) with ESMTPS id 0239vvT7020124
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <1323@bugs.x2go.org>; Tue, 3 Mar 2020 11:57:57 +0200
Received: from VTTMAIL02.ad.vtt.fi (213214155241.edelkey.net [213.214.155.241])
	by asgw3.edelkey.net (8.16.0.42/8.16.0.42) with ESMTPS id 0239vv6V010089
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT)
	for <1323@bugs.x2go.org>; Tue, 3 Mar 2020 11:57:57 +0200
Received: from VTTMAIL01.ad.vtt.fi (2002:82bc:7e17::82bc:7e17) by
 VTTMAIL02.ad.vtt.fi (2002:82bc:7e18::82bc:7e18) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1847.3; Tue, 3 Mar 2020 11:57:57 +0200
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (104.47.4.54) by
 VTTMAIL01.ad.vtt.fi (130.188.126.23) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1847.3 via Frontend Transport; Tue, 3 Mar 2020 11:57:57 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=e07k99sHGkcfYGxXLCsNRKR68f3o2EAUDFLAJ80MY6i/4kVgHpSRISsNoSzZ7hGvDCPii22gToL74QLpzmKmnAqzI1cRssBu6atYf1pJKVmBW56Av+Kb4TyqyYuXHVAogf3pIL/LIgq/02cfLeGkNPZ5CDPIwX6jH/uCXvTq2oK9KAIxu0YtC18yDzO5qVzeXjYCvJ+TOcUUn6Sjs9utHKgOxwsWc7e0avHEn65XtRagPjPMllfKQO/LpQOz93umULpgl1NFNqXH5JWd0bXsfcU41KoJaxdi1vzmma7qZCi2oC6/xIDmGlPx7tVUS5+6+h+ngJkyM7k4TKQBDQhUlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=P+AmVZ5nBVpg7O4paF1SU/QgfQfKWsDGPuDl56iT4QU=;
 b=X48z2rCfL1Mb5Q6BRag4u+pTRwpDg1qXq+bsLKScvVcy9S7nmDvpIZIaQbNZoAQeLlGTqTwT9Jv9SKrDw8SACVn2NhinN1boQT0cN3R60/f7G1v880nVb/WJgQfF9UbmH2OVqk5FbHN3Gvmob/dJVS+RHA8G8CmNk36aY2ECd9FbxIsl0GXryvxY1ROW6xYDMkc0GIGpiHbGGc0l8A6BymfxPIrhJc/TXzBjyo0Pw4SXajjZVbYfr2DzPXiqBlL7eabRBJjsmBoLsTSWTko32dZ8zWLweErIhpHdL9/JqI8+3Rw364Tzcz/miDDwQLL3pg2YkPT7vFcxEmf2+dIz7w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=vtt.fi; dmarc=pass action=none header.from=vtt.fi; dkim=pass
 header.d=vtt.fi; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vtt.fi; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=P+AmVZ5nBVpg7O4paF1SU/QgfQfKWsDGPuDl56iT4QU=;
 b=Fv97DlUyzAkrR1U7UU0OrCmGQCs7UV/3RamZ2uZSi08on5QQwcPMgYidIB9RQd5YI08OJD0QOGzW7xoI/vW+YkLIq5azFn9nJ8gYQmROfiIEL1lyPJdlQYY64YBDQi07u+0+Y9q2giIcFCZoTFz16PAbzDZpHw80sop34H5gzDI=
Received: from HE1PR0801MB1930.eurprd08.prod.outlook.com (10.168.98.145) by
 HE1PR0801MB1994.eurprd08.prod.outlook.com (10.168.95.7) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2772.16; Tue, 3 Mar 2020 09:57:56 +0000
Received: from HE1PR0801MB1930.eurprd08.prod.outlook.com
 ([fe80::2c42:a035:6ade:ade0]) by HE1PR0801MB1930.eurprd08.prod.outlook.com
 ([fe80::2c42:a035:6ade:ade0%12]) with mapi id 15.20.2750.024; Tue, 3 Mar 2020
 09:57:56 +0000
From: Pajula Juha <Juha.Pajula@vtt.fi>
To: "1323@bugs.x2go.org" <1323@bugs.x2go.org>
Subject: Re: SSH proxy connection doesn't work for tunnel only accounts
Thread-Topic: Re: SSH proxy connection doesn't work for tunnel only accounts
Thread-Index: AdXxO+b/WmctX3vDTNGC0sAlaB80lQ==
Date: Tue, 3 Mar 2020 09:57:56 +0000
Message-ID: <HE1PR0801MB19305291A03FD3BE7481B76296E40@HE1PR0801MB1930.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.188.108.97]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f2084e30-cdc8-462d-4779-08d7bf595920
x-ms-traffictypediagnostic: HE1PR0801MB1994:
x-microsoft-antispam-prvs: <HE1PR0801MB199457B1BD42C76D127DC0A896E40@HE1PR0801MB1994.eurprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 03319F6FEF
x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(4636009)(39860400002)(366004)(346002)(376002)(136003)(396003)(199004)(189003)(76116006)(8676002)(55016002)(71200400001)(26005)(5660300002)(86362001)(9686003)(81166006)(8936002)(81156014)(6916009)(186003)(316002)(66946007)(6506007)(478600001)(66556008)(64756008)(66476007)(15650500001)(66446008)(52536014)(7696005)(2906002)(33656002);DIR:OUT;SFP:1101;SCL:1;SRVR:HE1PR0801MB1994;H:HE1PR0801MB1930.eurprd08.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1;
received-spf: None (protection.outlook.com: vtt.fi does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2gHmZaC+PF2SGsu/d3uKK3EDIug39h4CY2hJRbaGvUXtsJhlVBOIjRpN5lmgGNu63caJjZSLAE41RChbdH0mT7Vq/jUH+6P0dOGKQygbXN1mOyO8Vh7WZIRjiq5Tr9OTuLcf/HWfCSYUYFlSaeEpHmH8Y7BVgv7LiE6ZLJKyFJjEkWPrGLGr3kI8eDkRF77iCp70T9fB5IX+0tcwi+lIWNtqqWaellndsC8Ao3mvHM1aV/1ILX9PKk0aeMhafA8ywbZA0KV+8rSNOlJsOYRqfB44NbJyhmxp1ihMmkFETYhqGLQdjmc7CDIspJI/qbA0LSLR5q/Ul+c6klWVV7d6zzfnFfw+k43RvAFNoQL8Xwg4AZ16WyWhFGv4lfmO9U3LlGvmBLgfpLtNQ4J0iHUs7/tnPpRd9YluGr816Wmq0RXG0b9oeCOF20p+zSp00LCY
x-ms-exchange-antispam-messagedata: +uqkXX8TbSomvPBQgOGAe5l7iNJtgM2vu6e0swCV7JXBGr0erTbQXfq2rmnDs0xpE9dmAOjHXyF2aGpYUuQHHoveBoVcsGBxGwayhfoExZyebOHByJqVhbQHO8rH8hxCRtQemT90Ya++rUekuu/59w==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative;
	boundary="_000_HE1PR0801MB19305291A03FD3BE7481B76296E40HE1PR0801MB1930_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f2084e30-cdc8-462d-4779-08d7bf595920
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Mar 2020 09:57:56.3657
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68d6b592-5008-43b5-9b04-23bec4e86cf7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vb+ZTdiy0JI237Wq1sFbECG/Su7cnsnHliYPVa+Q13J3NM/tRRpd2E3y8kPbbplg82tifi41KlqQ+Joz3mjmkA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0801MB1994
X-OriginatorOrg: vtt.fi
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.572
 definitions=2020-03-03_02:2020-03-03,2020-03-03 signatures=0

[Message part 1 (text/plain, inline)]
On Tue, 21 Aug 2018 16:38:24 +0300 Arcadie Cracan <acracan@gmail.com<mailto:acracan@gmail.com>> wrote:

> Package: x2goclient

> Version: 4.1.2.1

> Tag: patch

>

> I use a ssh proxy server that allows only tunnel connections (i.e. doesn't

> allow the users to use the shell). After upgrading from Ubuntu 16.04 to

> 18.04 x2goclient stopped working with my ssh proxy server.

>

> I believe the reason for this is the call to the "checkLogin()" function

> even for ssh proxy connections (which in my opinion is not necessary).

>

> I attach a patch that makes x2goclient skip the checkLogin() call (as it

> does for kerberos connections) for the ssh proxy connection.

>

> Thank you for considering this patch.

>

> Kind regards,

>    Arcadie Cracan



I can confirm that the bug exists still on latest version 4.1.2.2-2020.02.13.



It prevents using newer versions of X2GO (4.1.x) with Bastion host type of ssh proxies where proxy account is jailed to use only ssh (no shell is allowed).



The connections work fine with version 4.0.5.2-2016.09.20, but not newer.



This is clearly visible on debug messages with latest version:

x2go-DEBUG-../src/sshmasterconnection.cpp:943> state: 1



x2go-DEBUG-../src/sshmasterconnection.cpp:676> Setting SSH directory to C:/xxxxxxx

x2go-DEBUG-../src/sshmasterconnection.cpp:1324> Trying to authenticate user with private key.

x2go-DEBUG-../src/sshmasterconnection.cpp:1507> Authenticating with key: 0



x2go-DEBUG-../src/sshmasterconnection.cpp:687> User authentication OK.

x2go-DEBUG-../src/sshmasterconnection.cpp:1708> LOGIN CHECK:"This account is currently not available.

"

x2go-DEBUG-../src/sshmasterconnection.cpp:1744> LOOP FINISHED

x2go-DEBUG-../src/sshmasterconnection.cpp:1754> Reconnect session

x2go-DEBUG-../src/sshmasterconnection.cpp:707> Login Check - Failed

x2go-DEBUG-../src/onmainwindow.cpp:3051> SSH Session prompt:"This account is currently not available.

"

x2go-DEBUG-../src/onmainwindow.cpp:3054> SSH Session interaction

x2go-DEBUG-../src/sshmasterconnection.cpp:437> SSH proxy interaction finished





Regards,

-Juha Pajula

[Message part 2 (text/html, inline)]

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Nov 21 15:36:28 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.