From christian.krause@idiv.de Mon Apr 1 17:11:57 2019 Received: (at submit) by bugs.x2go.org; 1 Apr 2019 15:12:01 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 7A7565DAEF for ; Mon, 1 Apr 2019 17:11:57 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yIhPOl6UMMOT for ; Mon, 1 Apr 2019 17:11:48 +0200 (CEST) X-Greylist: delayed 324 seconds by postgrey-1.35 at ymir.das-netzwerkteam.de; Mon, 01 Apr 2019 17:11:48 CEST Received: from v4.rz.uni-leipzig.de (v4.rz.uni-leipzig.de [139.18.1.30]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id BE97F5DA96 for ; Mon, 1 Apr 2019 17:11:48 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by v4.rz.uni-leipzig.de (Postfix) with ESMTP id A1130780E0 for ; Mon, 1 Apr 2019 17:06:24 +0200 (CEST) X-Virus-Scanned: by amavisd-new at v4-ul Received: from v4.rz.uni-leipzig.de ([127.0.0.1]) by localhost (v4.rz.uni-leipzig.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AkVbt1x8mYEW for ; Mon, 1 Apr 2019 17:06:24 +0200 (CEST) Received: from v2.rz.uni-leipzig.de (v2.rz.uni-leipzig.de [139.18.1.27]) by v4.rz.uni-leipzig.de (Postfix) with ESMTPS id 716FB780AC for ; Mon, 1 Apr 2019 17:06:24 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by v2.rz.uni-leipzig.de (Postfix) with ESMTP id EE6C464066 for ; Mon, 1 Apr 2019 17:06:23 +0200 (CEST) X-Virus-Scanned: by amavisd-new at v2-ul Received: from v2.rz.uni-leipzig.de ([127.0.0.1]) by localhost (v2.rz.uni-leipzig.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VYFjthLEiiKO for ; Mon, 1 Apr 2019 17:06:23 +0200 (CEST) Received: from exchange.dom.uni-leipzig.de (urzdommbx02.dom.intern.uni-leipzig.de [172.18.88.111]) by v2.rz.uni-leipzig.de (Postfix) with ESMTPS id D12F364063 for ; Mon, 1 Apr 2019 17:06:23 +0200 (CEST) Received: from [172.18.115.44] (172.18.89.129) by urzdommbx02.dom.uni-leipzig.de (172.18.88.111) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 1 Apr 2019 17:06:23 +0200 To: From: Christian Krause Subject: x2goclient shows wrong fingerprint Message-ID: <0eba51f6-7fb1-fc4c-e660-11e2d7869caf@idiv.de> Date: Mon, 1 Apr 2019 17:06:23 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Language: en-IE Content-Transfer-Encoding: 8bit X-ClientProxiedBy: urzdomcas02.dom.uni-leipzig.de (172.18.88.110) To urzdommbx02.dom.uni-leipzig.de (172.18.88.111) Package: x2goclient Version: 4.1.2.0 The Windows version of x2goclient shows "a" wrong server key fingerprint. Both the Linux client and PuTTY on Windows show the correct fingerprint. x2goclient on Windows: > The server is unknown. Do you trust the host key? > Public key hash: SSH proxy connection error: (address omitted):22 - > 57:a8:d5:ae:c6:9d:6a:a2:d1:4e:a4:c4:cd:51:7e:c8:72:75:51:5d PuTTY on Windows: > The server's host key is not cached in the registry. You have no guarantee > that the server is the computer you think it is. > The server's rsa2 key fingerprint is: > ssh-rsa 2048 f3:27:28:1a:16:92:7e:a0:74:26:2f:ce:2e:54:f7:62 > If you trust this host, hit Yes to ... On the host I'm trying to connect to: ```console $ for i in /etc/ssh/*.pub ; do ssh-keygen -lf $i ; done 1024 27:6d:55:b1:f0:60:b6:06:ea:49:a1:c7:d5:4f:60:e9 /etc/ssh/ssh_host_dsa_key.pub (DSA) 2048 0e:68:68:d6:ed:be:d2:11:2f:11:60:41:97:b4:15:33 /etc/ssh/ssh_host_key.pub (RSA1) 2048 f3:27:28:1a:16:92:7e:a0:74:26:2f:ce:2e:54:f7:62 /etc/ssh/ssh_host_rsa_key.pub (RSA) ``` Note: It's also really hard to figure out for which key x2go is trying to show me the fingerprint. Both PuTTY and OpenSSH show the key type, so it's really obvious. With x2go, I have to guess. (That's worth a different bug report, I know.) -- Christian Krause Scientific Computing Administration and Support ------------------------------------------------------------------------------- Email: christian.krause@idiv.de Office: BioCity Leipzig 5e, Room 3.201.3 Phone: +49 341 97 33144 ------------------------------------------------------------------------------- German Centre for Integrative Biodiversity Research (iDiv) Halle-Jena-Leipzig Deutscher Platz 5e 04103 Leipzig Germany ------------------------------------------------------------------------------- iDiv is a research centre of the DFG – Deutsche Forschungsgemeinschaft iDiv ist eine zentrale Einrichtung der Universität Leipzig im Sinne des § 92 Abs. 1 SächsHSFG und wird zusammen mit der Martin-Luther-Universität Halle-Wittenberg und der Friedrich-Schiller-Universität Jena betrieben sowie in Kooperation mit dem Helmholtz-Zentrum für Umweltforschung GmbH – UFZ. Beteiligte Kooperationspartner sind die folgenden außeruniversitären Forschungseinrichtungen: das Helmholtz-Zentrum für Umweltforschung GmbH - UFZ, das Max-Planck-Institut für Biogeochemie (MPI BGC), das Max-Planck-Institut für chemische Ökologie (MPI CE), das Max-Planck-Institut für evolutionäre Anthropologie (MPI EVA), das Leibniz-Institut Deutsche Sammlung von Mikroorganismen und Zellkulturen (DSMZ), das Leibniz-Institut für Pflanzenbiochemie (IPB), das Leibniz-Institut für Pflanzengenetik und Kulturpflanzenforschung (IPK) und das Leibniz-Institut Senckenberg Museum für Naturkunde Görlitz (SMNG). USt-IdNr. DE 141510383 From frank.lenaerts@sckcen.be Wed Oct 23 16:00:32 2019 Received: (at 1380) by bugs.x2go.org; 23 Oct 2019 14:00:44 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-0.3 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,FORGED_SPF_HELO,KHOP_HELO_FCRDNS,SPF_HELO_PASS autolearn=no autolearn_force=no version=3.4.2 Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-ve1eur03on0706.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe09::706]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 9C7E45DCED for <1380@bugs.x2go.org>; Wed, 23 Oct 2019 16:00:03 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mTu+YLIA9Km7qBIP7PFtQo6maVtio215FmeqdOT+pTi+Ae4+DgMpn0gRUysAb8211h//HJtb5CxEYRstw27UP2vkcOnVM9QzPNdkjLt3hC39FJ3QuYe57NGwYvUd/GwxF6AOUgLKAR/NX7jJLK+Y6lZBkSWndlPUYG1wyqyWQ1JqqquDKc0vsjlM7I82gPf6TlEiZO2WRxs6Uzs8mXORJ2ugwT65esc7114deIFwkicUFSbwXp1Igpu7xl3/2UY8Rjb2G2k/vA44OXJC6UP+J7ZTRKXm30AGHclHHSRk8WacHDVQl5CLWvIOf157uiBRMGSH8lK1fRmCIdV2XpJ87g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jwn2SxJN6sOMLTW76dsb22S8M6MIprlsXQLZN14krgY=; b=gxt2ZpDWMUtHApBhQkP4Qx94HJIPh5CkkLwcaPtzSTWycRa/xbKTMOWoa4YiHHa9IlBSb+uQkfRrNo1Ete7UNX/mWpVJv2H881GGZMPu3Ohdno1MNohbEeSpbKGeS9us1mYDQb6Z4DO7ZhPzgvmYXw0AEDjsxbfrGsO5KHGAHgb6YDoLcZYPtS2STek7XziI/8+kGFOqLxMlWtYfozRDpOgSLGfxp0gBl5fMq0xis4B8alsaYIL20u5ULhdO8BZNXe4r1UZXXMPyhvbsVip6NUNCXmVy1SNAO1mQiaq4FgkiAsoMUyUWySv4mrOiqB5BwQUxnNPP4pwoVJdz1mG6HA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 193.190.140.222) smtp.rcpttodomain=bugs.x2go.org smtp.mailfrom=sckcen.be; dmarc=bestguesspass action=none header.from=sckcen.be; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sckcen.onmicrosoft.com; s=selector2-sckcen-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jwn2SxJN6sOMLTW76dsb22S8M6MIprlsXQLZN14krgY=; b=J6oj/4HIAN6xkjGz5IZCuld/V8zMIZtbv7oMuboTJw+TuLxPxQ1Ed0YHXeOCiHTz1nlAdaRf3ABQFhmySoP//h1+cWWfnSLvH22bU0kjU5/mlYoxKcdhioLcRwWKdvhE2z+YYF6wNWCxQdDpRLRF7WzfdM0Rxzo3GNnPdcm8H9A= Received: from DB8PR03CA0012.eurprd03.prod.outlook.com (2603:10a6:10:be::25) by DB7PR03MB4028.eurprd03.prod.outlook.com (2603:10a6:5:2d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.20; Wed, 23 Oct 2019 14:00:02 +0000 Received: from DB5EUR01FT023.eop-EUR01.prod.protection.outlook.com (2a01:111:f400:7e02::205) by DB8PR03CA0012.outlook.office365.com (2603:10a6:10:be::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2367.21 via Frontend Transport; Wed, 23 Oct 2019 14:00:01 +0000 Authentication-Results: spf=pass (sender IP is 193.190.140.222) smtp.mailfrom=sckcen.be; bugs.x2go.org; dkim=none (message not signed) header.d=none;bugs.x2go.org; dmarc=bestguesspass action=none header.from=sckcen.be; Received-SPF: Pass (protection.outlook.com: domain of sckcen.be designates 193.190.140.222 as permitted sender) receiver=protection.outlook.com; client-ip=193.190.140.222; helo=mail.sckcen.be; Received: from mail.sckcen.be (193.190.140.222) by DB5EUR01FT023.mail.protection.outlook.com (10.152.4.233) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.2387.20 via Frontend Transport; Wed, 23 Oct 2019 14:00:01 +0000 Received: from pc5424-v2.sck.be (10.0.6.24) by mailsrv4.sck.be (193.190.140.222) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1531.3; Wed, 23 Oct 2019 16:00:01 +0200 Date: Wed, 23 Oct 2019 15:59:59 +0200 From: Frank Lenaerts To: <1380@bugs.x2go.org> Subject: fingerprint in Windows x2goclient Message-ID: <20191023135952.2zprpxgd7fyoe7sb@pc5424-v2.sck.be> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Originating-IP: [10.0.6.24] X-ClientProxiedBy: mailsrv4.sck.be (193.190.140.222) To mailsrv4.sck.be (193.190.140.222) X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:193.190.140.222;IPV:NLI;CTRY:BE;EFV:NLI;SFV:NSPM;SFS:(10019020)(136003)(396003)(39850400004)(376002)(346002)(189003)(199004)(55016002)(9686003)(5660300002)(186003)(305945005)(22756006)(16526019)(476003)(70586007)(70206006)(486006)(6116002)(3846002)(7736002)(478600001)(126002)(36756003)(336012)(44832011)(356004)(26005)(6916009)(386003)(7696005)(81166006)(86362001)(8936002)(81156014)(23756003)(50466002)(4744005)(2906002)(2870700001)(22746008)(106002)(2351001)(316002)(53416004)(8676002)(47776003)(1076003);DIR:OUT;SFP:1102;SCL:1;SRVR:DB7PR03MB4028;H:mail.sckcen.be;FPR:;SPF:Pass;LANG:en;PTR:InfoDomainNonexistent;MX:1;A:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b2da5868-8940-407e-fcc4-08d757c14c52 X-MS-TrafficTypeDiagnostic: DB7PR03MB4028: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-Forefront-PRVS: 019919A9E4 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: s6GRvQNLlju62qM2ZlFMGqqK7rzrIdJ/E9fP1WQDCe7xZXkLy1YzMG4ziipLv0mEvamc+SFo0/gSJipmSQTf+d0mr5eO0CugcwoYc90qvpJltP8E4ddUrQibDHTZFI08WLUpmm8XENovrY7Rq0NAm8u0fUR7EaH8bokbz4nTTnp6XC31D4oHzBE9yH4DLnXXqK7ZPm3gPbArmBAgZDWgOzWpmgreGUREZnEbbLvPFxU3jWHpZq+3aLwzT6Ht4xJlpRM1xRg58saUKF6vEZkNorb2C2XJGwh27rSLkQ0cttNeS0zzRut0HOFuOpgayYW5sv5Ao5dFmiN5XIKJE0QYLghes7GFMnqJ7vrKYz/bGddHEHritWXzYHDEsFf2llx4WlXjV/t9VLTZhARg6V635WaAXCf4Pa4u92gHGqEJzF2t3AiVIUf0oxKIhMKs3i7n X-OriginatorOrg: sckcen.be X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2019 14:00:01.5945 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b2da5868-8940-407e-fcc4-08d757c14c52 X-MS-Exchange-CrossTenant-Id: 2f885e27-9e8b-4e12-bf50-1768b073bc54 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=2f885e27-9e8b-4e12-bf50-1768b073bc54;Ip=[193.190.140.222];Helo=[mail.sckcen.be] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR03MB4028 Hi I also couldn't immediately map the fingerprint that the x2goclient on Windows shows. It didn't match the usual[*] fingerprints and shows a longer (320 instead of 256 bits) one. That one though, can be derived from the public host keys as follows: for x in /etc/ssh/*.pub ; do echo $x && cut -d' ' -f2 < $x | base64 -d | openssl sha1 -c ; done ; In my case, it matched the ED25519 one. [*] The ones you can get with ssh-keygen(1) for users to check. -- Kind regards Frank Lenaerts SCK·CEN / ICT Group Boeretang 200 B-2400 Mol Belgium Tel.: +3214338723