From Marian.Schwarcz@dlr.de Thu Jan 14 08:47:34 2021 Received: (at submit) by bugs.x2go.org; 14 Jan 2021 07:47:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,HTML_MESSAGE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mailin.dlr.de (mailin.dlr.de [194.94.201.12]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 9BA145DAC1 for ; Thu, 14 Jan 2021 08:47:34 +0100 (CET) IronPort-SDR: 4yDwW5Pt2JN6XRiW+PzvSKJmW2PC9jHddFLo3oXU8VLi+4MRwp1Xhd3OuCBA70Nl4uOfBVg3i+ WMX1r5Fx6s8Q== X-IPAS-Result: =?us-ascii?q?A2HoBABY9v9f/xeKuApigQmCcoFpFYFDlXecPwsBAQEBA?= =?us-ascii?q?QEBAQEIARMcBAEBhjsmOBMCAwEBAQMCAwEBAQEGAQEBAQEBBQQBAQKGFUWCO?= =?us-ascii?q?CKEKl4BNgFJFwEOAQQbE4MMgX6wSoE0hViFB4E4j3SBEYJrhGExYAIDhSsEg?= =?us-ascii?q?lKBV2woJiNljykZimOBRopwkT8HgWiWSYNAgmcrkwiPXoJugzKCMagUhHwCB?= =?us-ascii?q?AIEBQIWgW2Be3GDOU8XAg2caoErAgYBCQEBAwmMEw+BJIERAQE?= IronPort-PHdr: =?us-ascii?q?9a23=3AbAMutR1nxSXP/spEsmDT+DRfVm0co7zxezQtwd?= =?us-ascii?q?8ZseIQKPad9pjvdHbS+e9qxAeQG9mCu7Qc16GH7+igATVGvc/e9ihaMdRlbF?= =?us-ascii?q?wssY0uhQsuAcqIWwXQDcXBSGgEJvlET0Jv5HqhMEJYS47UblzWpWCuv3ZJQk?= =?us-ascii?q?2sfQV6Kf7oFYHMks+5y/69+4HJYwVPmTGxfa5+IA+5oAnMtcQam5duJ6k+xh?= =?us-ascii?q?bNrXZDZuBayX91KV6JkBvw+8W98IR//yhMvv4q6tJNX7j9c6kkV7JTES4oM3?= =?us-ascii?q?oy5M3ltBnDSRWA634BWWgIkRRGHhbI4gjiUpj+riX1uOx92DKHPcLtVrA7RS?= =?us-ascii?q?6i76ZwRxD2jioMKiM0/3vWisx0i6JbvQ6hqhliyIPafI2ZKPxzdb7bcNgHR2?= =?us-ascii?q?ROQ9xRWjRBDI2icoUPE+QPM+VZr4bhqFQDtgGxCRWuBO711jNEmmL60Ksn2O?= =?us-ascii?q?ohCwHG2wkgEsoJvXrTttr1LqYSXvqzzKXS0DvMc/NW2Dnn54jSbh8goOqBUq?= =?us-ascii?q?90ccrL00UgCh3Kg0yWpIf4MDybyv4DvHKH7+p8S+2vkWgnphlyrzWh28ohlJ?= =?us-ascii?q?XFip8Rx17E9Ch0xIU4KNm3RkNlfNKpDZldui+UOodoX88uXn9ltSg+x7AbpJ?= =?us-ascii?q?O2YDQHxZclyhPcbfGMbouG4gr7WeqMPTt0nm9pdbGwihqo7EStxO7xWtOq3F?= =?us-ascii?q?tEtiZJj8XAumoQ2xHQ5cWLUOZx80mi1DqVyQze6u5JLEYpnqTBMZEh2KQ/lp?= =?us-ascii?q?8LvETGGS/5hVv5gbeNdkUh5uio8+PnYqj6ppOEN497lAX+MqM2l8KxB+o2PA?= =?us-ascii?q?cAUWib9+q717Pt+lf3TKtEg/M5k6bUrorWJcUdpq6lGQ9ayJwv5Au7Dze8yt?= =?us-ascii?q?gXgGcIIEpEeBKBkYfpJ0nDLO3kAfulnlihkzhmy+rbMrDvAZjBNGbPnbn5cb?= =?us-ascii?q?Z48UFcyQ4zzd5F55JTD7EMOPX9VVXrtNzZFBA5NRa4zfv7B9V92IIRQ3iPDb?= =?us-ascii?q?OYMa7JrFCI4vgvL/ORa4ALoDr9MeQq5+byjX8lnl8QZbKp3YYMZ3C9H/RmP1?= =?us-ascii?q?6UbmHxgtcOCmcGpAU/QPLliF2FSzJTYGyyX61vrg08Xda9EI3GR5yFiqGOx2?= =?us-ascii?q?GrRJJRIGdcBQbfP23vctDQfv4WaSuUZPRqkiMNT7OzY4Mlz1eiuVmpmPJcMu?= =?us-ascii?q?PI93hA5trY399v6riLmA=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="5.79,346,1602540000"; d="scan'208,217";a="46029359" From: To: Subject: Proxy-Server - SSH - strong Cipher crash x2Go-Client Thread-Topic: Proxy-Server - SSH - strong Cipher crash x2Go-Client Thread-Index: AdbqSWsM7/JN+gIBSZ2CRVolZRtFrg== Date: Thu, 14 Jan 2021 07:47:33 +0000 Message-ID: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-tm-snts-smtp: 9117C79BEB61111EF066BA920226D64AF5A33AF3BB9B9196A226AFC5D074B2DF2000:8 Content-Type: multipart/alternative; boundary="_000_d2a6c484573844229e9e87c588ec8ba0dlrde_" MIME-Version: 1.0 --_000_d2a6c484573844229e9e87c588ec8ba0dlrde_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Package: x2goClient Version: 4.1.2.2-2020.02.13 Host-System: Windows 10, und Windows Server 2012 R2 (German Language) Installations-Typ: Recommended (Default) *** Problem Description *** When using x2GoClient via jumpserver (as SSH-Proxy-Server), then is X2GoCli= ent automatic closed (without any Information). Problem are the SSH-Strong-= Ciphers, which are configured in SSHd on Jumpserver. Strong Ciphers =3D> x2= GoClient crashed. If default Ciphers =3D> x2GoClient and connection works. *** X2GoClient - Configuration *** Sitzungsname: test Pfad: / Host: ziel-server Login: test_ye SSH-Port: 22 Proxy-Server f=FCr SSH-Verbindung verwenden SSH Host: jumpserver Port: 22 Gleiche Anmeldung wie f=FCr X2Go-Server Gleiches Kennwort wie f=FCr X2Go-Server XFCE *** Jumpserver Configuration) *** Jumpserver SSHd Config: /etc/ssh/sshd_config (CentOS 7) Ciphers aes128-ctr,aes192-ctr,aes256-ctr The ciphers are used for strong Encryption. Then access from x2GoClient via= jumpserver cannot handle this. ------ When the Cipher-Restriction is not configured: Jumpserver SSHd Confg: (CentOS 7) #Ciphers aes128-ctr,aes192-ctr,aes256-ctr then the connection from x2GoClient via jumpserver to Destination X2Go-Serv= er does work. I hope I provided all needed information for you. Let me know if this can b= e patched, or does our Company need to search for other solution. Thank you. Best regards, Mari=E1n Schwarcz --_000_d2a6c484573844229e9e87c588ec8ba0dlrde_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Package: x2goClient =

Version: 4.1.2.2-2020.02.13

 

Host-System: Windows 10, und Wi= ndows Server 2012 R2 (German Language)

Installations-Typ: Recommended = (Default)

 

*** Problem Description ***

When using x2GoClient via jumps= erver (as SSH-Proxy-Server), then is X2GoClient automatic closed (without a= ny Information). Problem are the SSH-Strong-Ciphers, which are configured i= n SSHd on Jumpserver. Strong Ciphers =3D> x2GoClient crashed. If default Ciphers =3D> x2GoClient and conn= ection works.

 

*** X2GoClient – Configur= ation ***

Sitzungsname: test

Pfad: /

Host: ziel-server

Login: test_ye

SSH-Port: 22

 

Proxy-Server f=FCr SSH-Verbindung verwenden

SSH

Host: jumpserver

Port: 22

Gleiche Anmeldung wie f=FCr X2Go-Server

Gleiches Kennwort wie f=FCr X2Go-Server

 

XFCE

 

*** Jumpserver Configuration) *= **

Jumpserver SSHd Config: /etc/ss= h/sshd_config  (CentOS 7)

Ciphers aes128-ctr,aes192-ctr,a= es256-ctr

 

The ciphers are used for strong= Encryption. Then access from x2GoClient via jumpserver cannot handle this.

------

 

When the Cipher-Restriction is = not configured:

Jumpserver SSHd Confg: (CentOS = 7)

#Ciphers aes128-ctr,aes192-ctr,= aes256-ctr

 

then the connection from x2GoCl= ient via jumpserver to Destination X2Go-Server does work.

 

 

I hope I provided all needed in= formation for you. Let me know if this can be patched, or does our Company = need to search for other solution.

Thank you.

 

Best regards,

Mari=E1n Schwarcz

 

--_000_d2a6c484573844229e9e87c588ec8ba0dlrde_-- From adam.dorsey@noaa.gov Fri Mar 19 19:28:54 2021 Received: (at 1520) by bugs.x2go.org; 19 Mar 2021 18:28:59 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.5 required=3.0 tests=BAYES_50,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FROM_GOV_DKIM_AU,HTML_MESSAGE, SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x332.google.com (mail-ot1-x332.google.com [IPv6:2607:f8b0:4864:20::332]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id D60A35DAEB for <1520@bugs.x2go.org>; Fri, 19 Mar 2021 19:28:51 +0100 (CET) Received: by mail-ot1-x332.google.com with SMTP id f73-20020a9d03cf0000b02901b4d889bce0so9395842otf.12 for <1520@bugs.x2go.org>; Fri, 19 Mar 2021 11:28:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=noaa.gov; s=google; h=mime-version:from:date:message-id:subject:to:cc; bh=jeL0iLpJowPtp1QlEADlGCcauCCGzEVPbUNUKKQbsLA=; b=EmOCn1j+/xLsLMUL/ebHQAHDPa9mHBWfSfe2oaQUEhWSZfq6uhTEguFGxHhrwQxNCw bo9aEIlOj59CgTGGdirLojkMCUsZ7BL6rEAtJuVgVIJIsgzIGSCVa3w3JEt3MGZFyCF1 BdZ60pTNsVScn0lOGMPbQrn1Tq1agACXv3iYY6eM0ho14roTcScXFQLO/vmKnkDfJBQi 6HCquZXcy0eeBLvOLo6O1HbdoiEyYf91TaYDZluAEKm9o6lZdeu9T48A51/xpBxChZk3 xyt6+Pf5yXlXS90UCtCYBu3ytr9DoVp0p2yASXp7vUOQeSW5KgDq7wHKUDnoECLv7PzA Aslg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=jeL0iLpJowPtp1QlEADlGCcauCCGzEVPbUNUKKQbsLA=; b=sl4jL7kWfBYLHVbpNSa6EQnfHTQG8/oOT89pYZfXuTEHYxNEJepmNAXjdTrLkbJz6s eShKkeuDPoCCIm3SR1EINDhNZ4vgJ5TdbYfSuOdzrDkFqzFw8j7hvVs7ThEl54LKIbDS Adnn963CwEWFCi/XcX81QUbLBUlKC3ba6uA7dy1u3T7x6oHH/mRA/Er2tFwdyn9l1Meo n0S6qR8Nf25EtYtlPeMqY4xvzgpq6RjE/9tsysz8qQ2IaNVzvTm7l0IpFRc7KdhYs3n+ SHw1zAdzSG1Buum5p1oMgyUH7qfWMAENPQk//d4qjNWTHPJz+jZHCuC1uznWSLiz6dBE Mz/Q== X-Gm-Message-State: AOAM5319tn2o1wjRIfimhPu/7vawLT6E9FMZNVI/ZoN0o/ayhyOX+wLx 4xeid3oCLg5NYVesPJ1qwaUsBHpcNX9Y5T8+wmoIdw6a8HI3ZQ== X-Google-Smtp-Source: ABdhPJzwI8IROsSBDhhQt6sDCH4jg6UgNPX3UywptQJd19XdoOTfied45oyChoZDtZkcp32oSgSQwa5XiOfNhJJqI6w= X-Received: by 2002:a05:6830:10d6:: with SMTP id z22mr2147919oto.190.1616178528860; Fri, 19 Mar 2021 11:28:48 -0700 (PDT) MIME-Version: 1.0 From: Adam Dorsey - NOAA Affiliate Date: Fri, 19 Mar 2021 14:28:38 -0400 Message-ID: Subject: RE: Proxy-Server - SSH - strong Cipher crash x2Go-Client To: 1520@bugs.x2go.org Cc: Nathan Gregg - NOAA Affiliate , Chance Taylor - NOAA Affiliate Content-Type: multipart/alternative; boundary="0000000000001b6c1105bde7e378" --0000000000001b6c1105bde7e378 Content-Type: text/plain; charset="UTF-8" I can confirm this issue in my own environment as well. X2Go server version is 4.1.0.3-9.el7 running on CentOS 7. Affected users are running X2Go client version 4.1.2.2 on Windows 10 (though this may affect other Windows versions as well). We forced the use of the aes128-ctr cipher yesterday on our cluster login nodes to resolve a security issue raised by our security team. To do this, we added the following line to our SSH server config file: Ciphers aes128-ctr After making this change, several users running the X2Go client on Windows 10 could no longer connect. We found this bug report, and subsequently reverted the above change, which resolved the issue. Please note that Linux clients appeared to be unaffected by this issue; I was able to connect from a workstation running X2Go client version 4.1.2.2 on Ubuntu Linux 20.04 without any issues. -- Adam Dorsey NOAA RDHPCS Systems Administrator Site Lead CSRA / RedLine Performance Solutions, LLC NOAA NESCC 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 office: (304) 367-2882 cell: (304) 685-9345 adam.dorsey@noaa.gov --0000000000001b6c1105bde7e378 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I can confirm this issue in my own environment as well.=C2= =A0 X2Go server version is 4.1.0.3-9.el7 running on CentOS 7.=C2=A0 Affecte= d users are running X2Go client version 4.1.2.2 on Windows 10 (though this = may affect other Windows versions as well).

We forced the use o= f the aes128-ctr cipher yesterday on our cluster login nodes to resolve a s= ecurity issue raised by our security team.=C2=A0 To do this, we added the f= ollowing line to our SSH server config file:

Ciphers aes128-ctr
After making this change, several users running the X2Go client= on Windows 10 could no longer connect.=C2=A0 We found this bug report, and= subsequently reverted the above change, which resolved the issue.

Please note that Linux clients appeared to be unaffected b= y this issue; I was able to connect from a workstation running X2Go client = version 4.1.2.2 on Ubuntu Linux 20.04 without any issues.
--
Adam Dorsey
NOAA RDHPCS Sy= stems Administrator Site Lead
CSRA / RedLine Performance Solutions, LLC<= br>
NOAA NESCC
1000 Galliher Drive, Suite 333, Fairmont, WV 26554
= office: (304) 367-2882
cell: (304) 685-9345
adam.dorsey@noaa.gov
--0000000000001b6c1105bde7e378-- From adam.dorsey@noaa.gov Tue Aug 17 17:41:45 2021 Received: (at 1520) by bugs.x2go.org; 17 Aug 2021 15:41:51 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=BAYES_40,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FROM_GOV_DKIM_AU,HTML_MESSAGE, SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-qk1-x72a.google.com (mail-qk1-x72a.google.com [IPv6:2607:f8b0:4864:20::72a]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 725ED5DAF8 for <1520@bugs.x2go.org>; Tue, 17 Aug 2021 17:41:44 +0200 (CEST) Received: by mail-qk1-x72a.google.com with SMTP id y144so10480079qkb.6 for <1520@bugs.x2go.org>; Tue, 17 Aug 2021 08:41:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=noaa.gov; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pKSZlV1g4kjIT2Vf44w5MIrA7ob2zOR8gpIuC1u8tHg=; b=UD4gqykqzUZemPDUs79tlykCsZ1DNsqsG7SYBqiMAok8c/OSjCu0K2PVaQG4xtCwsY a6Aj1Ynb8Qgw86SagkKdR2nmTRcC+Kiz32k7UtzqjcPewQSIiwlOfCdOr9uPMa74FFOm iKWlCxC3S0sNaU6F27pu96ZH+ZZCqvjJkMvC6v3JxpgZZI7J/uKH01GSJ4ukmbj9vpIl 1v0hkdtAj6wl9lP3+jW8BBUUsDEs9IhmLQf15VhkTL1nxzObx/4jr3qcs2/fkx7RIi+l GUqRCdxwQ33I3MnrJRMXTBzOrhzs/inHcM4Ig43czAHg071SO81oLD6FNYu1NRAwdGnU 1D+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pKSZlV1g4kjIT2Vf44w5MIrA7ob2zOR8gpIuC1u8tHg=; b=fI3hUh7kUnOzWLE5/I+RkX0XjX+7Qrpmt6JzMDrTArVkE8vCanDdsRFlENPZBvgpGC 4jFQm5eespwfGaA9WEy4A2wRtOGCqi+TrrUor2fHcbP78qJIQ+4Idx6LS4qCGok3cgZ7 lCEDeyAulCtsYxJZHl25TJasWuaGYZa0LkwFMfFPzEjPDDq5EG7g/tvAhmS8co35+ddY RomA0zH4ev26sI8iLRwfM83XgXxZH89kQ8h5arpvl9AlSEvJ5Js/osC6A4EdnQvdj0uV eYsXnYGKGIJBqGfcKgv5nmGp4CajqJzNu63fmskTvEexis2SGFrKCqyhRWr661Dn60xb sLJw== X-Gm-Message-State: AOAM532hqBzNUcDmQnWq274O7j4dB3bfgk2hN1V7pRJO6INYKtAFOoI0 SSjMRPCLM/DRGhxeD9TayA/hjuwuLpxpOZfimxr7AVRCdpwjgQ== X-Google-Smtp-Source: ABdhPJxVmA/mVcsmoUNaFcWjzMlilr7xcGFscwtjIJA0uRTZWJQ9aI+BzE64xl5/79psyvzm0GRYHNWuAw2mHKOpf1s= X-Received: by 2002:a05:620a:c8d:: with SMTP id q13mr370923qki.233.1629214902352; Tue, 17 Aug 2021 08:41:42 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Adam Dorsey - NOAA Affiliate Date: Tue, 17 Aug 2021 11:41:30 -0400 Message-ID: Subject: Re: Proxy-Server - SSH - strong Cipher crash x2Go-Client To: 1520@bugs.x2go.org Cc: Nathan Gregg - NOAA Affiliate , Chance Taylor - NOAA Affiliate Content-Type: multipart/alternative; boundary="00000000000084a98a05c9c3279c" --00000000000084a98a05c9c3279c Content-Type: text/plain; charset="UTF-8" A quick update for this bug: Today I tested the same scenario (Cipher aes128-ctr) on our test cluster using the latest Windows snapshot client, version 4.1.2.3-2021.07.13-df4a8ec. The issue as described in this bug report is still present. Thanks, Adam On Fri, Mar 19, 2021 at 2:28 PM Adam Dorsey - NOAA Affiliate < adam.dorsey@noaa.gov> wrote: > I can confirm this issue in my own environment as well. X2Go server > version is 4.1.0.3-9.el7 running on CentOS 7. Affected users are running > X2Go client version 4.1.2.2 on Windows 10 (though this may affect other > Windows versions as well). > > We forced the use of the aes128-ctr cipher yesterday on our cluster login > nodes to resolve a security issue raised by our security team. To do this, > we added the following line to our SSH server config file: > > Ciphers aes128-ctr > > After making this change, several users running the X2Go client on Windows > 10 could no longer connect. We found this bug report, and subsequently > reverted the above change, which resolved the issue. > > Please note that Linux clients appeared to be unaffected by this issue; I > was able to connect from a workstation running X2Go client version 4.1.2.2 > on Ubuntu Linux 20.04 without any issues. > > -- > Adam Dorsey > NOAA RDHPCS Systems Administrator Site Lead > CSRA / RedLine Performance Solutions, LLC > > NOAA NESCC > 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 > office: (304) 367-2882 > cell: (304) 685-9345 > adam.dorsey@noaa.gov > -- Adam Dorsey NOAA RDHPCS Systems Administrator Site Lead CSRA / RedLine Performance Solutions, LLC NOAA NESCC 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 office: (304) 367-2882 cell: (304) 685-9345 adam.dorsey@noaa.gov --00000000000084a98a05c9c3279c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
A quick update for this bug:

Today I tested the same scenario (Cipher aes128-ctr) on o= ur test cluster using the latest Windows snapshot client, version 4.1.2.3-2= 021.07.13-df4a8ec.=C2=A0 The issue as described in this bug report is still= present.

Thanks,
Adam

On= Fri, Mar 19, 2021 at 2:28 PM Adam Dorsey - NOAA Affiliate <adam.dorsey@noaa.gov> wrote:
I can conf= irm this issue in my own environment as well.=C2=A0 X2Go server version is = 4.1.0.3-9.el7 running on CentOS 7.=C2=A0 Affected users are running X2Go cl= ient version 4.1.2.2 on Windows 10 (though this may affect other Windows ve= rsions as well).

We forced the use of the aes128-ctr cipher yes= terday on our cluster login nodes to resolve a security issue raised by our= security team.=C2=A0 To do this, we added the following line to our SSH se= rver config file:

Ci= phers aes128-ctr

After making th= is change, several users running the X2Go client on Windows 10 could no lon= ger connect.=C2=A0 We found this bug report, and subsequently reverted the = above change, which resolved the issue.

Please not= e that Linux clients appeared to be unaffected by this issue; I was able to= connect from a workstation running X2Go client version 4.1.2.2 on Ubuntu L= inux 20.04 without any issues.

--
Adam Dorsey
N= OAA RDHPCS Systems Administrator Site Lead
CSRA / RedLine Performance So= lutions, LLC

NOAA NESCC
1000 Galliher Drive, Suite 333, Fairmont,= WV 26554
office: (304) 367-2882
cell: (304) 685-9345
adam.dorsey@noaa.gov
<= /div>


--
Adam Dorsey
NOAA RDHPCS Systems Administrator Site Lead
CSRA / RedL= ine Performance Solutions, LLC

NOAA NESCC
1000 Galliher Drive, Su= ite 333, Fairmont, WV 26554
office: (304) 367-2882
cell: (304) 685-93= 45
adam.dorsey= @noaa.gov
--00000000000084a98a05c9c3279c-- From adam.dorsey@noaa.gov Mon Sep 20 21:14:20 2021 Received: (at 1520) by bugs.x2go.org; 20 Sep 2021 19:14:27 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-3.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FROM_GOV_DKIM_AU,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 63E815DB0A for <1520@bugs.x2go.org>; Mon, 20 Sep 2021 21:14:18 +0200 (CEST) Received: by mail-qk1-x733.google.com with SMTP id 73so41405283qki.4 for <1520@bugs.x2go.org>; Mon, 20 Sep 2021 12:14:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=noaa.gov; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LHCoHKmaayHKvhpt6nvLdsoKSBVxAia4UIeL2LBuVSY=; b=XV8SbSQmqr0l46CaABzss0JL80upbNWoSpDOPk22xr5fQFmbF9Y4v/f7Pk0/215eum VObmmhRlChH2wBfCQwB8UVsGLMb7RBu+BRpAIZHO+gjpEsEFF3+9vTpG6XKxkYS+eM0p NHsYHmgjK/mKttEJnvQMaelZE0qE91gaa1IESUMleeGvbUt+ilTl2Yranbfcm63UVRpo uSJidzi/ck38lSIWZO64Gn65chl+f2ADVWsyCq70+d2spRBEuzd6e1/S8C8sQ1fO4R2R VPjaLqai2jaz6BEjIt1cuKZOmaQFWA1Aqohd9W0yBpqwO4YAmyISs6Y3/BEHxJJSNIAM 18OQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LHCoHKmaayHKvhpt6nvLdsoKSBVxAia4UIeL2LBuVSY=; b=Z50DDS0vLxo6Ksl83rKXiTIWr+vZ8mYEPX4z7dU8JxX6VcGyCMWYB/gtparZsDY8gK ipy7by8NkY7Yd4mGNF9C/6WphDcPLqmn8+7OBJ7s4SEx8ECoRG6b6f+d1hPJoPWeIEF6 4UHZ2a0CXODuu/0wN5Dh5goXcwT0ETeaqqIvJkRk3qIn6H9MjqyyZDmWqBCvjuG3BTDg xRLOtTzBAfVHocdzXmn+R4G+C/w1cGeReOFJfYY8pO1xJwQeeIjp2lut2zs8V68qYjL4 0cwZa5nkalbhQizZ+he8MR4t1mLZZN2Ks3Do/baMgtmk2fzwEEpKz4KdfWFhHZsc3cNK 9w+A== X-Gm-Message-State: AOAM5309QD4iJmDIOo548yq125bSnVnvpZohR+uugoSCBdNUyNCYBLfw zBCMrVeLy9GCcmRcXy9XZn9dyi8+vF604eLBzTqlSQkkVf+kwA== X-Google-Smtp-Source: ABdhPJzkBZ/Pto3H0Py8M69yin4bL6j5ZNb4T6w7zaKlnlc3oXSsCMC0fsKPsKoCxxS4hadHSYspe/OJRrAhtONjHLk= X-Received: by 2002:a37:8a05:: with SMTP id m5mr26299644qkd.44.1632165256184; Mon, 20 Sep 2021 12:14:16 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Adam Dorsey - NOAA Affiliate Date: Mon, 20 Sep 2021 15:14:05 -0400 Message-ID: Subject: Re: [X2Go-Dev] Bug#1520: Proxy-Server - SSH - strong Cipher crash x2Go-Client To: 1520@bugs.x2go.org Cc: Chance Taylor - NOAA Affiliate , Nathan Gregg - NOAA Affiliate Content-Type: multipart/alternative; boundary="0000000000004f83db05cc721686" --0000000000004f83db05cc721686 Content-Type: text/plain; charset="UTF-8" I used the process described in bug 1557 today to attempt to capture debug information. I didn't get anything useful, and no clues as to why the X2Go client is crashing with strong ciphers. x2go-INFO-1> "Starting X2Go Client 4.1.2.3..." x2go-WARNING-1> English language requested, not loading translator. x2go-WARNING-1> English language requested, not loading translator. x2go-DEBUG-../src/onmainwindow.cpp:10902> Getting X.Org Server settings. x2go-INFO-3> "Started X2Go Client." x2go-DEBUG-../src/onmainwindow.cpp:626> "$HOME=C:/Users/Adam" x2go-DEBUG-../src/onmainwindow.cpp:2359> Reading 1 sessions from config file. x2go-DEBUG-../src/onmainwindow.cpp:13415> libssh not initialized yet. Initializing. x2go-DEBUG-../src/pulsemanager.cpp:369> pulseaudio --version returned:"pulseaudio 13.0 " x2go-DEBUG-../src/onmainwindow.cpp:10805> Starting helper servers for Windows ... x2go-DEBUG-../src/onmainwindow.cpp:10972> "/cygdrive/C/Users/Adam/.x2go/var" cygwin var path x2go-DEBUG-../src/onmainwindow.cpp:11060> "C:/Users/Adam/.x2go/etc/sshd_config created." x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost. x2go-DEBUG-../src/onmainwindow.cpp:2853> Creating QPixmap with session icon: '":/img/icons/128x128/x2gosession.png"'. x2go-DEBUG-../src/pulsemanager.cpp:227> pulse started with arguments ("--exit-idle-time=-1", "-n", "-F", "C:\Users\Adam\.x2go\pulse\config.pa", "-p", "C:\Program Files (x86)\x2goclient\pulse\lib\pulse-13.0\modules", "--log-level=debug", "--verbose", "--log-target=file:C:\Users\Adam\.x2go\pulse\pulse.log") - waiting for it to finish... x2go-DEBUG-../src/onmainwindow.cpp:10489> Port is free: 7022 x2go-DEBUG-../src/onmainwindow.cpp:11411> Logging cygwin sshd to: "C:/Users/Adam/.x2go/sshLogs/p12616.log" x2go-DEBUG-../src/onmainwindow.cpp:11425> Creating desktop: x2go_Adam x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost. x2go-DEBUG-../src/onmainwindow.cpp:10495> Port already in use: 7022 x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost. x2go-DEBUG-../src/onmainwindow.cpp:10495> Port already in use: 7022 x2go-DEBUG-../src/onmainwindow.cpp:11522> User mode OpenSSH server started successfully. x2go-INFO-8> "Starting connection to server: localhost:49199" x2go-DEBUG-../src/onmainwindow.cpp:2954> Starting new ssh connection to server:"localhost":"49199" krbLogin: false x2go-DEBUG-../src/sshmasterconnection.cpp:168> SshMasterConnection, host "localhost"; port 49199; user "Adam.Dorsey"; useproxy false; proxyserver ""; proxyport 22 x2go-DEBUG-../src/sshmasterconnection.cpp:248> Starting SSH connection without Kerberos authentication. x2go-DEBUG-../src/sshmasterconnection.cpp:250> SshMasterConnection, instance SshMasterConnection(0x548e2a8) created. x2go-DEBUG-../src/sshmasterconnection.cpp:492> SshMasterConnection, instance SshMasterConnection(0x548e2a8) entering thread. x2go-DEBUG-../src/sshmasterconnection.cpp:573> Setting SSH directory to C:/Users/Adam/ssh x2go-DEBUG-../src/sshmasterconnection.cpp:795> Session port before config file parse: 49199 x2go-DEBUG-../src/sshmasterconnection.cpp:805> Session port after config file parse: 49199 On Tue, Aug 17, 2021 at 11:45 AM Adam Dorsey - NOAA Affiliate < adam.dorsey@noaa.gov> wrote: > A quick update for this bug: > > Today I tested the same scenario (Cipher aes128-ctr) on our test cluster > using the latest Windows snapshot client, version > 4.1.2.3-2021.07.13-df4a8ec. The issue as described in this bug report is > still present. > > Thanks, > Adam > > On Fri, Mar 19, 2021 at 2:28 PM Adam Dorsey - NOAA Affiliate < > adam.dorsey@noaa.gov> wrote: > >> I can confirm this issue in my own environment as well. X2Go server >> version is 4.1.0.3-9.el7 running on CentOS 7. Affected users are running >> X2Go client version 4.1.2.2 on Windows 10 (though this may affect other >> Windows versions as well). >> >> We forced the use of the aes128-ctr cipher yesterday on our cluster login >> nodes to resolve a security issue raised by our security team. To do this, >> we added the following line to our SSH server config file: >> >> Ciphers aes128-ctr >> >> After making this change, several users running the X2Go client on >> Windows 10 could no longer connect. We found this bug report, and >> subsequently reverted the above change, which resolved the issue. >> >> Please note that Linux clients appeared to be unaffected by this issue; I >> was able to connect from a workstation running X2Go client version 4.1.2.2 >> on Ubuntu Linux 20.04 without any issues. >> >> -- >> Adam Dorsey >> NOAA RDHPCS Systems Administrator Site Lead >> CSRA / RedLine Performance Solutions, LLC >> >> NOAA NESCC >> 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 >> office: (304) 367-2882 >> cell: (304) 685-9345 >> adam.dorsey@noaa.gov >> > > > -- > Adam Dorsey > NOAA RDHPCS Systems Administrator Site Lead > CSRA / RedLine Performance Solutions, LLC > > NOAA NESCC > 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 > office: (304) 367-2882 > cell: (304) 685-9345 > adam.dorsey@noaa.gov > _______________________________________________ > x2go-dev mailing list > x2go-dev@lists.x2go.org > https://lists.x2go.org/listinfo/x2go-dev > -- Adam Dorsey NOAA RDHPCS Systems Administrator Site Lead CSRA / RedLine Performance Solutions, LLC NOAA NESCC 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 office: (304) 367-2882 cell: (304) 685-9345 adam.dorsey@noaa.gov --0000000000004f83db05cc721686 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I used the process described in bug 1557 today to att= empt to capture debug information.=C2=A0 I didn't get anything useful, = and no clues as to why the X2Go client is crashing with strong ciphers.

x2go-INFO-1> "Starting X2Go Client 4.1.2.3...= "
x2go-WARNING-1> English language requested, not loading transl= ator.
x2go-WARNING-1> English language requested, not loading transla= tor.
x2go-DEBUG-../src/onmainwindow.cpp:10902> Getting X.Org Server s= ettings.
x2go-INFO-3> "Started X2Go Client."
x2go-DEBUG-= ../src/onmainwindow.cpp:626> "$HOME=3DC:/Users/Adam"
x2go-D= EBUG-../src/onmainwindow.cpp:2359> Reading 1 sessions from config file.<= br>x2go-DEBUG-../src/onmainwindow.cpp:13415> libssh not initialized yet.= Initializing.
x2go-DEBUG-../src/pulsemanager.cpp:369> pulseaudio --v= ersion returned:"pulseaudio 13.0

"

x2go-DEBUG-../sr= c/onmainwindow.cpp:10805> Starting helper servers for Windows ...
x2g= o-DEBUG-../src/onmainwindow.cpp:10972> "/cygdrive/C/Users/Adam/.x2g= o/var" cygwin var path
x2go-DEBUG-../src/onmainwindow.cpp:11060>= "C:/Users/Adam/.x2go/etc/sshd_config created."
x2go-DEBUG-../= src/onmainwindow.cpp:10467> Resolved localhost.
x2go-DEBUG-../src/onm= ainwindow.cpp:2853> Creating QPixmap with session icon: '":/img= /icons/128x128/x2gosession.png"'.
x2go-DEBUG-../src/pulsemanage= r.cpp:227> pulse started with arguments ("--exit-idle-time=3D-1&quo= t;, "-n", "-F",
"C:\Users\Adam\.x2go\pulse\config.pa", "-p", "C:\Pro= gram Files (x86)\x2goclient\pulse\lib\pulse-13.0\modules",
"-= -log-level=3Ddebug", "--verbose", "--log-target=3Dfile:= C:\Users\Adam\.x2go\pulse\pulse.log") - waiting for it to
finish..= .
x2go-DEBUG-../src/onmainwindow.cpp:10489> Port is free: 7022
x2= go-DEBUG-../src/onmainwindow.cpp:11411> Logging cygwin sshd to: "C:= /Users/Adam/.x2go/sshLogs/p12616.log"
x2go-DEBUG-../src/onmainwindo= w.cpp:11425> Creating desktop: x2go_Adam
x2go-DEBUG-../src/onmainwind= ow.cpp:10467> Resolved localhost.
x2go-DEBUG-../src/onmainwindow.cpp:= 10495> Port already in use: 7022
x2go-DEBUG-../src/onmainwindow.cpp:1= 0467> Resolved localhost.
x2go-DEBUG-../src/onmainwindow.cpp:10495>= ; Port already in use: 7022
x2go-DEBUG-../src/onmainwindow.cpp:11522>= User mode OpenSSH server started successfully.
x2go-INFO-8> "St= arting connection to server: localhost:49199"
x2go-DEBUG-../src/onm= ainwindow.cpp:2954> Starting new ssh connection to server:"localhos= t":"49199" krbLogin: false
x2go-DEBUG-../src/sshmastercon= nection.cpp:168> SshMasterConnection, host "localhost"; port 4= 9199; user "Adam.Dorsey";
useproxy false; proxyserver "&= quot;; proxyport 22
x2go-DEBUG-../src/sshmasterconnection.cpp:248> St= arting SSH connection without Kerberos authentication.
x2go-DEBUG-../src= /sshmasterconnection.cpp:250> SshMasterConnection, instance SshMasterCon= nection(0x548e2a8) =C2=A0created.
x2go-DEBUG-../src/sshmasterconnection= .cpp:492> SshMasterConnection, instance SshMasterConnection(0x548e2a8) = =C2=A0entering
thread.
x2go-DEBUG-../src/sshmasterconnection.cpp:57= 3> Setting SSH directory to C:/Users/Adam/ssh
x2go-DEBUG-../src/sshma= sterconnection.cpp:795> Session port before config file parse: 49199
= x2go-DEBUG-../src/sshmasterconnection.cpp:805> Session port after config= file parse: 49199

On Tue, Aug 17, 2021 at 11:45 AM Adam Dorsey - NOAA= Affiliate <ad= am.dorsey@noaa.gov> wrote:
A quick update for= this bug:

Today I tested the same scenario (Ciphe= r aes128-ctr) on our test cluster using the latest Windows snapshot client,= version 4.1.2.3-2021.07.13-df4a8ec.=C2=A0 The issue as described in this b= ug report is still present.

Thanks,
Adam=

On Fri, Mar 19, 2021 at 2:28 PM Adam Dorsey - NOAA Affiliat= e <adam.dorsey= @noaa.gov> wrote:
I can confirm this issue in my own environment = as well.=C2=A0 X2Go server version is 4.1.0.3-9.el7 running on CentOS 7.=C2= =A0 Affected users are running X2Go client version 4.1.2.2 on Windows 10 (t= hough this may affect other Windows versions as well).

We force= d the use of the aes128-ctr cipher yesterday on our cluster login nodes to = resolve a security issue raised by our security team.=C2=A0 To do this, we = added the following line to our SSH server config file:

Ciphers aes128-ctr

After making this change, several users running the = X2Go client on Windows 10 could no longer connect.=C2=A0 We found this bug = report, and subsequently reverted the above change, which resolved the issu= e.

Please note that Linux clients appeared to be u= naffected by this issue; I was able to connect from a workstation running X= 2Go client version 4.1.2.2 on Ubuntu Linux 20.04 without any issues.

--
=
Adam Dorsey
NOAA RDHPCS Systems Administrator Site= Lead
CSRA / RedLine Performance Solutions, LLC

NOAA NESCC
100= 0 Galliher Drive, Suite 333, Fairmont, WV 26554
office: (304) 367-2882cell: (304) 685-9345
adam.dorsey@noaa.gov


--
Adam Dorsey
NOAA RD= HPCS Systems Administrator Site Lead
CSRA / RedLine Performance Solution= s, LLC

NOAA NESCC
1000 Galliher Drive, Suite 333, Fairmont, WV 26= 554
office: (304) 367-2882
cell: (304) 685-9345
adam.dorsey@noaa.gov
<= /div>
_______________________________________________
x2go-dev mailing list
x2go-dev@lists= .x2go.org
https://lists.x2go.org/listinfo/x2go-dev


--
Adam Dorsey
NOAA RD= HPCS Systems Administrator Site Lead
CSRA / RedLine Performance Solution= s, LLC

NOAA NESCC
1000 Galliher Drive, Suite 333, Fairmont, WV 26= 554
office: (304) 367-2882
cell: (304) 685-9345
adam.dorsey@noaa.gov
<= /div>
--0000000000004f83db05cc721686--