X2Go Bug report logs - #1520
Proxy-Server - SSH - strong Cipher crash x2Go-Client

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: <Marian.Schwarcz@dlr.de>

To: <submit@bugs.x2go.org>

Subject: Proxy-Server - SSH - strong Cipher crash x2Go-Client

Date: Thu, 14 Jan 2021 07:47:33 +0000

[Message part 1 (text/plain, inline)]

Package: x2goClient
Version: 4.1.2.2-2020.02.13

Host-System: Windows 10, und Windows Server 2012 R2 (German Language)
Installations-Typ: Recommended (Default)

*** Problem Description ***
When using x2GoClient via jumpserver (as SSH-Proxy-Server), then is X2GoClient automatic closed (without any Information). Problem are the SSH-Strong-Ciphers, which are configured in SSHd on Jumpserver. Strong Ciphers => x2GoClient crashed. If default Ciphers => x2GoClient and connection works.

*** X2GoClient - Configuration ***
Sitzungsname: test
Pfad: /
Host: ziel-server
Login: test_ye
SSH-Port: 22

Proxy-Server für SSH-Verbindung verwenden
SSH
Host: jumpserver
Port: 22
Gleiche Anmeldung wie für X2Go-Server
Gleiches Kennwort wie für X2Go-Server

XFCE

*** Jumpserver Configuration) ***
Jumpserver SSHd Config: /etc/ssh/sshd_config  (CentOS 7)
Ciphers aes128-ctr,aes192-ctr,aes256-ctr

The ciphers are used for strong Encryption. Then access from x2GoClient via jumpserver cannot handle this.
------

When the Cipher-Restriction is not configured:
Jumpserver SSHd Confg: (CentOS 7)
#Ciphers aes128-ctr,aes192-ctr,aes256-ctr

then the connection from x2GoClient via jumpserver to Destination X2Go-Server does work.


I hope I provided all needed information for you. Let me know if this can be patched, or does our Company need to search for other solution.
Thank you.

Best regards,
Marián Schwarcz

[Message part 2 (text/html, inline)]

Message #10 received at 1520@bugs.x2go.org (full text, mbox, reply):

From: Adam Dorsey - NOAA Affiliate <adam.dorsey@noaa.gov>

To: 1520@bugs.x2go.org

Cc: Nathan Gregg - NOAA Affiliate <nathan.gregg@noaa.gov>, Chance Taylor - NOAA Affiliate <chance.taylor@noaa.gov>

Subject: RE: Proxy-Server - SSH - strong Cipher crash x2Go-Client

Date: Fri, 19 Mar 2021 14:28:38 -0400

[Message part 1 (text/plain, inline)]

I can confirm this issue in my own environment as well.  X2Go server
version is 4.1.0.3-9.el7 running on CentOS 7.  Affected users are running
X2Go client version 4.1.2.2 on Windows 10 (though this may affect other
Windows versions as well).

We forced the use of the aes128-ctr cipher yesterday on our cluster login
nodes to resolve a security issue raised by our security team.  To do this,
we added the following line to our SSH server config file:

Ciphers aes128-ctr

After making this change, several users running the X2Go client on Windows
10 could no longer connect.  We found this bug report, and subsequently
reverted the above change, which resolved the issue.

Please note that Linux clients appeared to be unaffected by this issue; I
was able to connect from a workstation running X2Go client version 4.1.2.2
on Ubuntu Linux 20.04 without any issues.

-- 
Adam Dorsey
NOAA RDHPCS Systems Administrator Site Lead
CSRA / RedLine Performance Solutions, LLC

NOAA NESCC
1000 Galliher Drive, Suite 333, Fairmont, WV 26554
office: (304) 367-2882
cell: (304) 685-9345
adam.dorsey@noaa.gov

[Message part 2 (text/html, inline)]

Message #15 received at 1520@bugs.x2go.org (full text, mbox, reply):

From: Adam Dorsey - NOAA Affiliate <adam.dorsey@noaa.gov>

To: 1520@bugs.x2go.org

Cc: Nathan Gregg - NOAA Affiliate <nathan.gregg@noaa.gov>, Chance Taylor - NOAA Affiliate <chance.taylor@noaa.gov>

Subject: Re: Proxy-Server - SSH - strong Cipher crash x2Go-Client

Date: Tue, 17 Aug 2021 11:41:30 -0400

[Message part 1 (text/plain, inline)]

A quick update for this bug:

Today I tested the same scenario (Cipher aes128-ctr) on our test cluster
using the latest Windows snapshot client, version
4.1.2.3-2021.07.13-df4a8ec.  The issue as described in this bug report is
still present.

Thanks,
Adam

On Fri, Mar 19, 2021 at 2:28 PM Adam Dorsey - NOAA Affiliate <
adam.dorsey@noaa.gov> wrote:

> I can confirm this issue in my own environment as well.  X2Go server
> version is 4.1.0.3-9.el7 running on CentOS 7.  Affected users are running
> X2Go client version 4.1.2.2 on Windows 10 (though this may affect other
> Windows versions as well).
>
> We forced the use of the aes128-ctr cipher yesterday on our cluster login
> nodes to resolve a security issue raised by our security team.  To do this,
> we added the following line to our SSH server config file:
>
> Ciphers aes128-ctr
>
> After making this change, several users running the X2Go client on Windows
> 10 could no longer connect.  We found this bug report, and subsequently
> reverted the above change, which resolved the issue.
>
> Please note that Linux clients appeared to be unaffected by this issue; I
> was able to connect from a workstation running X2Go client version 4.1.2.2
> on Ubuntu Linux 20.04 without any issues.
>
> --
> Adam Dorsey
> NOAA RDHPCS Systems Administrator Site Lead
> CSRA / RedLine Performance Solutions, LLC
>
> NOAA NESCC
> 1000 Galliher Drive, Suite 333, Fairmont, WV 26554
> office: (304) 367-2882
> cell: (304) 685-9345
> adam.dorsey@noaa.gov
>


-- 
Adam Dorsey
NOAA RDHPCS Systems Administrator Site Lead
CSRA / RedLine Performance Solutions, LLC

NOAA NESCC
1000 Galliher Drive, Suite 333, Fairmont, WV 26554
office: (304) 367-2882
cell: (304) 685-9345
adam.dorsey@noaa.gov

[Message part 2 (text/html, inline)]

Message #20 received at 1520@bugs.x2go.org (full text, mbox, reply):

From: Adam Dorsey - NOAA Affiliate <adam.dorsey@noaa.gov>

To: 1520@bugs.x2go.org

Cc: Chance Taylor - NOAA Affiliate <chance.taylor@noaa.gov>, Nathan Gregg - NOAA Affiliate <nathan.gregg@noaa.gov>

Subject: Re: [X2Go-Dev] Bug#1520: Proxy-Server - SSH - strong Cipher crash x2Go-Client

Date: Mon, 20 Sep 2021 15:14:05 -0400

[Message part 1 (text/plain, inline)]

I used the process described in bug 1557 today to attempt to capture debug
information.  I didn't get anything useful, and no clues as to why the X2Go
client is crashing with strong ciphers.

x2go-INFO-1> "Starting X2Go Client 4.1.2.3..."
x2go-WARNING-1> English language requested, not loading translator.
x2go-WARNING-1> English language requested, not loading translator.
x2go-DEBUG-../src/onmainwindow.cpp:10902> Getting X.Org Server settings.
x2go-INFO-3> "Started X2Go Client."
x2go-DEBUG-../src/onmainwindow.cpp:626> "$HOME=C:/Users/Adam"
x2go-DEBUG-../src/onmainwindow.cpp:2359> Reading 1 sessions from config
file.
x2go-DEBUG-../src/onmainwindow.cpp:13415> libssh not initialized yet.
Initializing.
x2go-DEBUG-../src/pulsemanager.cpp:369> pulseaudio --version
returned:"pulseaudio 13.0

"

x2go-DEBUG-../src/onmainwindow.cpp:10805> Starting helper servers for
Windows ...
x2go-DEBUG-../src/onmainwindow.cpp:10972>
"/cygdrive/C/Users/Adam/.x2go/var" cygwin var path
x2go-DEBUG-../src/onmainwindow.cpp:11060>
"C:/Users/Adam/.x2go/etc/sshd_config created."
x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost.
x2go-DEBUG-../src/onmainwindow.cpp:2853> Creating QPixmap with session
icon: '":/img/icons/128x128/x2gosession.png"'.
x2go-DEBUG-../src/pulsemanager.cpp:227> pulse started with arguments
("--exit-idle-time=-1", "-n", "-F",
"C:\Users\Adam\.x2go\pulse\config.pa", "-p", "C:\Program Files
(x86)\x2goclient\pulse\lib\pulse-13.0\modules",
"--log-level=debug", "--verbose",
"--log-target=file:C:\Users\Adam\.x2go\pulse\pulse.log") - waiting for it
to
finish...
x2go-DEBUG-../src/onmainwindow.cpp:10489> Port is free: 7022
x2go-DEBUG-../src/onmainwindow.cpp:11411> Logging cygwin sshd to:
"C:/Users/Adam/.x2go/sshLogs/p12616.log"
x2go-DEBUG-../src/onmainwindow.cpp:11425> Creating desktop: x2go_Adam
x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost.
x2go-DEBUG-../src/onmainwindow.cpp:10495> Port already in use: 7022
x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost.
x2go-DEBUG-../src/onmainwindow.cpp:10495> Port already in use: 7022
x2go-DEBUG-../src/onmainwindow.cpp:11522> User mode OpenSSH server started
successfully.
x2go-INFO-8> "Starting connection to server: localhost:49199"
x2go-DEBUG-../src/onmainwindow.cpp:2954> Starting new ssh connection to
server:"localhost":"49199" krbLogin: false
x2go-DEBUG-../src/sshmasterconnection.cpp:168> SshMasterConnection, host
"localhost"; port 49199; user "Adam.Dorsey";
useproxy false; proxyserver ""; proxyport 22
x2go-DEBUG-../src/sshmasterconnection.cpp:248> Starting SSH connection
without Kerberos authentication.
x2go-DEBUG-../src/sshmasterconnection.cpp:250> SshMasterConnection,
instance SshMasterConnection(0x548e2a8)  created.
x2go-DEBUG-../src/sshmasterconnection.cpp:492> SshMasterConnection,
instance SshMasterConnection(0x548e2a8)  entering
thread.
x2go-DEBUG-../src/sshmasterconnection.cpp:573> Setting SSH directory to
C:/Users/Adam/ssh
x2go-DEBUG-../src/sshmasterconnection.cpp:795> Session port before config
file parse: 49199
x2go-DEBUG-../src/sshmasterconnection.cpp:805> Session port after config
file parse: 49199

On Tue, Aug 17, 2021 at 11:45 AM Adam Dorsey - NOAA Affiliate <
adam.dorsey@noaa.gov> wrote:

> A quick update for this bug:
>
> Today I tested the same scenario (Cipher aes128-ctr) on our test cluster
> using the latest Windows snapshot client, version
> 4.1.2.3-2021.07.13-df4a8ec.  The issue as described in this bug report is
> still present.
>
> Thanks,
> Adam
>
> On Fri, Mar 19, 2021 at 2:28 PM Adam Dorsey - NOAA Affiliate <
> adam.dorsey@noaa.gov> wrote:
>
>> I can confirm this issue in my own environment as well.  X2Go server
>> version is 4.1.0.3-9.el7 running on CentOS 7.  Affected users are running
>> X2Go client version 4.1.2.2 on Windows 10 (though this may affect other
>> Windows versions as well).
>>
>> We forced the use of the aes128-ctr cipher yesterday on our cluster login
>> nodes to resolve a security issue raised by our security team.  To do this,
>> we added the following line to our SSH server config file:
>>
>> Ciphers aes128-ctr
>>
>> After making this change, several users running the X2Go client on
>> Windows 10 could no longer connect.  We found this bug report, and
>> subsequently reverted the above change, which resolved the issue.
>>
>> Please note that Linux clients appeared to be unaffected by this issue; I
>> was able to connect from a workstation running X2Go client version 4.1.2.2
>> on Ubuntu Linux 20.04 without any issues.
>>
>> --
>> Adam Dorsey
>> NOAA RDHPCS Systems Administrator Site Lead
>> CSRA / RedLine Performance Solutions, LLC
>>
>> NOAA NESCC
>> 1000 Galliher Drive, Suite 333, Fairmont, WV 26554
>> office: (304) 367-2882
>> cell: (304) 685-9345
>> adam.dorsey@noaa.gov
>>
>
>
> --
> Adam Dorsey
> NOAA RDHPCS Systems Administrator Site Lead
> CSRA / RedLine Performance Solutions, LLC
>
> NOAA NESCC
> 1000 Galliher Drive, Suite 333, Fairmont, WV 26554
> office: (304) 367-2882
> cell: (304) 685-9345
> adam.dorsey@noaa.gov
> _______________________________________________
> x2go-dev mailing list
> x2go-dev@lists.x2go.org
> https://lists.x2go.org/listinfo/x2go-dev
>


-- 
Adam Dorsey
NOAA RDHPCS Systems Administrator Site Lead
CSRA / RedLine Performance Solutions, LLC

NOAA NESCC
1000 Galliher Drive, Suite 333, Fairmont, WV 26554
office: (304) 367-2882
cell: (304) 685-9345
adam.dorsey@noaa.gov

[Message part 2 (text/html, inline)]

Send a report that this bug log contains spam.