X2Go Bug report logs -
#1520
Proxy-Server - SSH - strong Cipher crash x2Go-Client
Reported by: <Marian.Schwarcz@dlr.de>
Date: Thu, 14 Jan 2021 07:50:02 UTC
Severity: normal
Found in version 4.1.2.2-2020.02.13
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1520
; Package x2goclient
.
(Thu, 14 Jan 2021 07:50:02 GMT) (full text, mbox, link).
Acknowledgement sent
to <Marian.Schwarcz@dlr.de>
:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Thu, 14 Jan 2021 07:50:02 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: x2goClient
Version: 4.1.2.2-2020.02.13
Host-System: Windows 10, und Windows Server 2012 R2 (German Language)
Installations-Typ: Recommended (Default)
*** Problem Description ***
When using x2GoClient via jumpserver (as SSH-Proxy-Server), then is X2GoClient automatic closed (without any Information). Problem are the SSH-Strong-Ciphers, which are configured in SSHd on Jumpserver. Strong Ciphers => x2GoClient crashed. If default Ciphers => x2GoClient and connection works.
*** X2GoClient - Configuration ***
Sitzungsname: test
Pfad: /
Host: ziel-server
Login: test_ye
SSH-Port: 22
Proxy-Server für SSH-Verbindung verwenden
SSH
Host: jumpserver
Port: 22
Gleiche Anmeldung wie für X2Go-Server
Gleiches Kennwort wie für X2Go-Server
XFCE
*** Jumpserver Configuration) ***
Jumpserver SSHd Config: /etc/ssh/sshd_config (CentOS 7)
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
The ciphers are used for strong Encryption. Then access from x2GoClient via jumpserver cannot handle this.
------
When the Cipher-Restriction is not configured:
Jumpserver SSHd Confg: (CentOS 7)
#Ciphers aes128-ctr,aes192-ctr,aes256-ctr
then the connection from x2GoClient via jumpserver to Destination X2Go-Server does work.
I hope I provided all needed information for you. Let me know if this can be patched, or does our Company need to search for other solution.
Thank you.
Best regards,
Marián Schwarcz
[Message part 2 (text/html, inline)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1520
; Package x2goclient
.
(Fri, 19 Mar 2021 18:30:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Adam Dorsey - NOAA Affiliate <adam.dorsey@noaa.gov>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Fri, 19 Mar 2021 18:30:02 GMT) (full text, mbox, link).
Message #10 received at 1520@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
I can confirm this issue in my own environment as well. X2Go server
version is 4.1.0.3-9.el7 running on CentOS 7. Affected users are running
X2Go client version 4.1.2.2 on Windows 10 (though this may affect other
Windows versions as well).
We forced the use of the aes128-ctr cipher yesterday on our cluster login
nodes to resolve a security issue raised by our security team. To do this,
we added the following line to our SSH server config file:
Ciphers aes128-ctr
After making this change, several users running the X2Go client on Windows
10 could no longer connect. We found this bug report, and subsequently
reverted the above change, which resolved the issue.
Please note that Linux clients appeared to be unaffected by this issue; I
was able to connect from a workstation running X2Go client version 4.1.2.2
on Ubuntu Linux 20.04 without any issues.
--
Adam Dorsey
NOAA RDHPCS Systems Administrator Site Lead
CSRA / RedLine Performance Solutions, LLC
NOAA NESCC
1000 Galliher Drive, Suite 333, Fairmont, WV 26554
office: (304) 367-2882
cell: (304) 685-9345
adam.dorsey@noaa.gov
[Message part 2 (text/html, inline)]
Send a report that this bug log contains spam.
X2Go Developers <owner@bugs.x2go.org>.
Last modified:
Sun Apr 11 10:54:08 2021;
Machine Name:
ymir.das-netzwerkteam.de
X2Go Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.