X2Go Bug report logs - #1477
x2goclient doesn't prompt for password after authentication failure if server is using google-authenticator

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Toby <anothercoffee@googlemail.com>

Date: Mon, 8 Jun 2020 17:00:03 UTC

Severity: normal

Found in version 4.1.2.2

Full log

Message #20 received at 1477@bugs.x2go.org (full text, mbox, reply):

Received: (at 1477) by bugs.x2go.org; 11 Jun 2020 13:50:53 +0000
From anothercoffee@googlemail.com  Thu Jun 11 15:50:50 2020
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=BAYES_40,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,SPF_HELO_NONE,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.2
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id E77235DD8A
	for <1477@bugs.x2go.org>; Thu, 11 Jun 2020 15:50:49 +0200 (CEST)
Received: by mail-io1-xd2b.google.com with SMTP id d5so6326505ios.9
        for <1477@bugs.x2go.org>; Thu, 11 Jun 2020 06:50:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=66RBC+XGJt9HhFT8B73FlG/W3wJlivFEafOC/BjybFc=;
        b=KYcwHgg6Q0S7CYXCCSLzOk/33yOYbY72paWzGWnnCL22H12pQYHdtoBA8VUb56ja2X
         BlAxRI+gHMB1+rxJ0ok0w+dimxE4rgp3lIwXcyct6kvcPIgACcOHTRa55Z9XcivsKgOT
         OqA9GAdb/pTjpAqSqL1UJTeEoA10T5eJLnAhnptY8F963iTuPHV4IIEeSv89bSboxaZl
         qUS/L5CR787zyWaeOVylWQ/OwA9r6ieDJlBiCN4p5leepagr9KCDLUpK5u2VJgVxKcWA
         Zwm26G1YyjUffkvV+xgD+GLBo03KlkOrNK9yj+deumiyYPHHxONuMgSsqUF0JTKsjZSb
         n2bw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=66RBC+XGJt9HhFT8B73FlG/W3wJlivFEafOC/BjybFc=;
        b=pIc732h/Nt/M5TO5sieyEPNUM9K5UOUu59VBbVtToux6IrpbKTeWRpwhxHh7e0wkV3
         QGFWE2qi3OFo5ZY1iSxuBE8+PNEdr0aOEMWKWnWlQ56Vu8gbRXkEU+PjaKi77UaNaMqF
         Pm/8RtI9FrwO3Uy30zCUfR0qLyvR80+alHx00HiWY9xubLO/QxjiNhrTlUSF/RMKesCg
         qoMstIrigtnXxYFpVUQfcQGl/wM2IvtBO74zplm6QRm5RgMA8MEgLuC5/bPPE3jnfiCl
         JtoTdz9acI2ykqQo7QfsMosyhINmh2VsA8wLE9La6JfwfUEubXuxL02MOLWqhNlPoiqx
         i22A==
X-Gm-Message-State: AOAM530S5Pon1mabDCFUkTtpuVOqDQOxdUISQ3iJU5ZaiVGHkpSiV6RX
	ZhLBG3bi0oivFOdQgmdCO0UqO/NCJd3b9SuIwCVoOxQhvS4=
X-Google-Smtp-Source: ABdhPJxl716kgrUK8m9BArxcOS2lH3vWH9EFumXGWUY2hjBc320K3B81a+GKoqTV6LkgTrnHJBBYTBQU2VL7QTKLzkI=
X-Received: by 2002:a05:6602:2437:: with SMTP id g23mr8593822iob.5.1591883448411;
 Thu, 11 Jun 2020 06:50:48 -0700 (PDT)
MIME-Version: 1.0
References: <CAEScUDi0z1tWFkcD_znURLO0pgmf5XfsT6yTY6DQMzLgGBWtwA@mail.gmail.com>
 <CAEScUDgE8TV-DxYTMhUd3Q3BufEDaGGb8MJHopLjx44wju2rvw@mail.gmail.com>
In-Reply-To: <CAEScUDgE8TV-DxYTMhUd3Q3BufEDaGGb8MJHopLjx44wju2rvw@mail.gmail.com>
From: Toby <anothercoffee@googlemail.com>
Date: Thu, 11 Jun 2020 14:50:22 +0100
Message-ID: <CAEScUDi6Re2Sk+YRDOWAgfW_HAOkug7AY9h1kCM+CeLOTKxe4Q@mail.gmail.com>
Subject: Re: Debug output
To: 1477@bugs.x2go.org
Content-Type: text/plain; charset="UTF-8"

I appreciate the whole ssh connection process is hairy as ****, and
thinking I've got a proper fix after a couple of hours poking about
looking at a single use case is naive, but the removal of one line
gets the behaviour I expect: if either the password or verification
code are incorrect, restart the authentication process

diff --git a/src/sshmasterconnection.cpp b/src/sshmasterconnection.cpp
index 667e0ef..34045de 100644
--- a/src/sshmasterconnection.cpp
+++ b/src/sshmasterconnection.cpp
@@ -1127,7 +1127,7 @@ bool SshMasterConnection::userChallengeAuth()
             if (has_challenge_auth_code_prompt) {
                 x2goDebug<<"Verification code request"<<endl;

-                challengeAuthPasswordAccepted=true;
+                // challengeAuthPasswordAccepted=true;
                 if(challengeAuthVerificationCode == QString::null)
                 {
                     keyPhraseReady=false;


This also works in the case of using an ssh proxy server with
google-authenticator.

Cheers
Toby

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Apr 25 05:26:35 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.