From adam.dorsey@noaa.gov Mon Sep 20 21:14:20 2021 Received: (at 1520) by bugs.x2go.org; 20 Sep 2021 19:14:27 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-3.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FROM_GOV_DKIM_AU,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 63E815DB0A for <1520@bugs.x2go.org>; Mon, 20 Sep 2021 21:14:18 +0200 (CEST) Received: by mail-qk1-x733.google.com with SMTP id 73so41405283qki.4 for <1520@bugs.x2go.org>; Mon, 20 Sep 2021 12:14:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=noaa.gov; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LHCoHKmaayHKvhpt6nvLdsoKSBVxAia4UIeL2LBuVSY=; b=XV8SbSQmqr0l46CaABzss0JL80upbNWoSpDOPk22xr5fQFmbF9Y4v/f7Pk0/215eum VObmmhRlChH2wBfCQwB8UVsGLMb7RBu+BRpAIZHO+gjpEsEFF3+9vTpG6XKxkYS+eM0p NHsYHmgjK/mKttEJnvQMaelZE0qE91gaa1IESUMleeGvbUt+ilTl2Yranbfcm63UVRpo uSJidzi/ck38lSIWZO64Gn65chl+f2ADVWsyCq70+d2spRBEuzd6e1/S8C8sQ1fO4R2R VPjaLqai2jaz6BEjIt1cuKZOmaQFWA1Aqohd9W0yBpqwO4YAmyISs6Y3/BEHxJJSNIAM 18OQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LHCoHKmaayHKvhpt6nvLdsoKSBVxAia4UIeL2LBuVSY=; b=Z50DDS0vLxo6Ksl83rKXiTIWr+vZ8mYEPX4z7dU8JxX6VcGyCMWYB/gtparZsDY8gK ipy7by8NkY7Yd4mGNF9C/6WphDcPLqmn8+7OBJ7s4SEx8ECoRG6b6f+d1hPJoPWeIEF6 4UHZ2a0CXODuu/0wN5Dh5goXcwT0ETeaqqIvJkRk3qIn6H9MjqyyZDmWqBCvjuG3BTDg xRLOtTzBAfVHocdzXmn+R4G+C/w1cGeReOFJfYY8pO1xJwQeeIjp2lut2zs8V68qYjL4 0cwZa5nkalbhQizZ+he8MR4t1mLZZN2Ks3Do/baMgtmk2fzwEEpKz4KdfWFhHZsc3cNK 9w+A== X-Gm-Message-State: AOAM5309QD4iJmDIOo548yq125bSnVnvpZohR+uugoSCBdNUyNCYBLfw zBCMrVeLy9GCcmRcXy9XZn9dyi8+vF604eLBzTqlSQkkVf+kwA== X-Google-Smtp-Source: ABdhPJzkBZ/Pto3H0Py8M69yin4bL6j5ZNb4T6w7zaKlnlc3oXSsCMC0fsKPsKoCxxS4hadHSYspe/OJRrAhtONjHLk= X-Received: by 2002:a37:8a05:: with SMTP id m5mr26299644qkd.44.1632165256184; Mon, 20 Sep 2021 12:14:16 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Adam Dorsey - NOAA Affiliate Date: Mon, 20 Sep 2021 15:14:05 -0400 Message-ID: Subject: Re: [X2Go-Dev] Bug#1520: Proxy-Server - SSH - strong Cipher crash x2Go-Client To: 1520@bugs.x2go.org Cc: Chance Taylor - NOAA Affiliate , Nathan Gregg - NOAA Affiliate Content-Type: multipart/alternative; boundary="0000000000004f83db05cc721686" --0000000000004f83db05cc721686 Content-Type: text/plain; charset="UTF-8" I used the process described in bug 1557 today to attempt to capture debug information. I didn't get anything useful, and no clues as to why the X2Go client is crashing with strong ciphers. x2go-INFO-1> "Starting X2Go Client 4.1.2.3..." x2go-WARNING-1> English language requested, not loading translator. x2go-WARNING-1> English language requested, not loading translator. x2go-DEBUG-../src/onmainwindow.cpp:10902> Getting X.Org Server settings. x2go-INFO-3> "Started X2Go Client." x2go-DEBUG-../src/onmainwindow.cpp:626> "$HOME=C:/Users/Adam" x2go-DEBUG-../src/onmainwindow.cpp:2359> Reading 1 sessions from config file. x2go-DEBUG-../src/onmainwindow.cpp:13415> libssh not initialized yet. Initializing. x2go-DEBUG-../src/pulsemanager.cpp:369> pulseaudio --version returned:"pulseaudio 13.0 " x2go-DEBUG-../src/onmainwindow.cpp:10805> Starting helper servers for Windows ... x2go-DEBUG-../src/onmainwindow.cpp:10972> "/cygdrive/C/Users/Adam/.x2go/var" cygwin var path x2go-DEBUG-../src/onmainwindow.cpp:11060> "C:/Users/Adam/.x2go/etc/sshd_config created." x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost. x2go-DEBUG-../src/onmainwindow.cpp:2853> Creating QPixmap with session icon: '":/img/icons/128x128/x2gosession.png"'. x2go-DEBUG-../src/pulsemanager.cpp:227> pulse started with arguments ("--exit-idle-time=-1", "-n", "-F", "C:\Users\Adam\.x2go\pulse\config.pa", "-p", "C:\Program Files (x86)\x2goclient\pulse\lib\pulse-13.0\modules", "--log-level=debug", "--verbose", "--log-target=file:C:\Users\Adam\.x2go\pulse\pulse.log") - waiting for it to finish... x2go-DEBUG-../src/onmainwindow.cpp:10489> Port is free: 7022 x2go-DEBUG-../src/onmainwindow.cpp:11411> Logging cygwin sshd to: "C:/Users/Adam/.x2go/sshLogs/p12616.log" x2go-DEBUG-../src/onmainwindow.cpp:11425> Creating desktop: x2go_Adam x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost. x2go-DEBUG-../src/onmainwindow.cpp:10495> Port already in use: 7022 x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost. x2go-DEBUG-../src/onmainwindow.cpp:10495> Port already in use: 7022 x2go-DEBUG-../src/onmainwindow.cpp:11522> User mode OpenSSH server started successfully. x2go-INFO-8> "Starting connection to server: localhost:49199" x2go-DEBUG-../src/onmainwindow.cpp:2954> Starting new ssh connection to server:"localhost":"49199" krbLogin: false x2go-DEBUG-../src/sshmasterconnection.cpp:168> SshMasterConnection, host "localhost"; port 49199; user "Adam.Dorsey"; useproxy false; proxyserver ""; proxyport 22 x2go-DEBUG-../src/sshmasterconnection.cpp:248> Starting SSH connection without Kerberos authentication. x2go-DEBUG-../src/sshmasterconnection.cpp:250> SshMasterConnection, instance SshMasterConnection(0x548e2a8) created. x2go-DEBUG-../src/sshmasterconnection.cpp:492> SshMasterConnection, instance SshMasterConnection(0x548e2a8) entering thread. x2go-DEBUG-../src/sshmasterconnection.cpp:573> Setting SSH directory to C:/Users/Adam/ssh x2go-DEBUG-../src/sshmasterconnection.cpp:795> Session port before config file parse: 49199 x2go-DEBUG-../src/sshmasterconnection.cpp:805> Session port after config file parse: 49199 On Tue, Aug 17, 2021 at 11:45 AM Adam Dorsey - NOAA Affiliate < adam.dorsey@noaa.gov> wrote: > A quick update for this bug: > > Today I tested the same scenario (Cipher aes128-ctr) on our test cluster > using the latest Windows snapshot client, version > 4.1.2.3-2021.07.13-df4a8ec. The issue as described in this bug report is > still present. > > Thanks, > Adam > > On Fri, Mar 19, 2021 at 2:28 PM Adam Dorsey - NOAA Affiliate < > adam.dorsey@noaa.gov> wrote: > >> I can confirm this issue in my own environment as well. X2Go server >> version is 4.1.0.3-9.el7 running on CentOS 7. Affected users are running >> X2Go client version 4.1.2.2 on Windows 10 (though this may affect other >> Windows versions as well). >> >> We forced the use of the aes128-ctr cipher yesterday on our cluster login >> nodes to resolve a security issue raised by our security team. To do this, >> we added the following line to our SSH server config file: >> >> Ciphers aes128-ctr >> >> After making this change, several users running the X2Go client on >> Windows 10 could no longer connect. We found this bug report, and >> subsequently reverted the above change, which resolved the issue. >> >> Please note that Linux clients appeared to be unaffected by this issue; I >> was able to connect from a workstation running X2Go client version 4.1.2.2 >> on Ubuntu Linux 20.04 without any issues. >> >> -- >> Adam Dorsey >> NOAA RDHPCS Systems Administrator Site Lead >> CSRA / RedLine Performance Solutions, LLC >> >> NOAA NESCC >> 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 >> office: (304) 367-2882 >> cell: (304) 685-9345 >> adam.dorsey@noaa.gov >> > > > -- > Adam Dorsey > NOAA RDHPCS Systems Administrator Site Lead > CSRA / RedLine Performance Solutions, LLC > > NOAA NESCC > 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 > office: (304) 367-2882 > cell: (304) 685-9345 > adam.dorsey@noaa.gov > _______________________________________________ > x2go-dev mailing list > x2go-dev@lists.x2go.org > https://lists.x2go.org/listinfo/x2go-dev > -- Adam Dorsey NOAA RDHPCS Systems Administrator Site Lead CSRA / RedLine Performance Solutions, LLC NOAA NESCC 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 office: (304) 367-2882 cell: (304) 685-9345 adam.dorsey@noaa.gov --0000000000004f83db05cc721686 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I used the process described in bug 1557 today to att= empt to capture debug information.=C2=A0 I didn't get anything useful, = and no clues as to why the X2Go client is crashing with strong ciphers.

x2go-INFO-1> "Starting X2Go Client 4.1.2.3...= "
x2go-WARNING-1> English language requested, not loading transl= ator.
x2go-WARNING-1> English language requested, not loading transla= tor.
x2go-DEBUG-../src/onmainwindow.cpp:10902> Getting X.Org Server s= ettings.
x2go-INFO-3> "Started X2Go Client."
x2go-DEBUG-= ../src/onmainwindow.cpp:626> "$HOME=3DC:/Users/Adam"
x2go-D= EBUG-../src/onmainwindow.cpp:2359> Reading 1 sessions from config file.<= br>x2go-DEBUG-../src/onmainwindow.cpp:13415> libssh not initialized yet.= Initializing.
x2go-DEBUG-../src/pulsemanager.cpp:369> pulseaudio --v= ersion returned:"pulseaudio 13.0

"

x2go-DEBUG-../sr= c/onmainwindow.cpp:10805> Starting helper servers for Windows ...
x2g= o-DEBUG-../src/onmainwindow.cpp:10972> "/cygdrive/C/Users/Adam/.x2g= o/var" cygwin var path
x2go-DEBUG-../src/onmainwindow.cpp:11060>= "C:/Users/Adam/.x2go/etc/sshd_config created."
x2go-DEBUG-../= src/onmainwindow.cpp:10467> Resolved localhost.
x2go-DEBUG-../src/onm= ainwindow.cpp:2853> Creating QPixmap with session icon: '":/img= /icons/128x128/x2gosession.png"'.
x2go-DEBUG-../src/pulsemanage= r.cpp:227> pulse started with arguments ("--exit-idle-time=3D-1&quo= t;, "-n", "-F",
"C:\Users\Adam\.x2go\pulse\config.pa", "-p", "C:\Pro= gram Files (x86)\x2goclient\pulse\lib\pulse-13.0\modules",
"-= -log-level=3Ddebug", "--verbose", "--log-target=3Dfile:= C:\Users\Adam\.x2go\pulse\pulse.log") - waiting for it to
finish..= .
x2go-DEBUG-../src/onmainwindow.cpp:10489> Port is free: 7022
x2= go-DEBUG-../src/onmainwindow.cpp:11411> Logging cygwin sshd to: "C:= /Users/Adam/.x2go/sshLogs/p12616.log"
x2go-DEBUG-../src/onmainwindo= w.cpp:11425> Creating desktop: x2go_Adam
x2go-DEBUG-../src/onmainwind= ow.cpp:10467> Resolved localhost.
x2go-DEBUG-../src/onmainwindow.cpp:= 10495> Port already in use: 7022
x2go-DEBUG-../src/onmainwindow.cpp:1= 0467> Resolved localhost.
x2go-DEBUG-../src/onmainwindow.cpp:10495>= ; Port already in use: 7022
x2go-DEBUG-../src/onmainwindow.cpp:11522>= User mode OpenSSH server started successfully.
x2go-INFO-8> "St= arting connection to server: localhost:49199"
x2go-DEBUG-../src/onm= ainwindow.cpp:2954> Starting new ssh connection to server:"localhos= t":"49199" krbLogin: false
x2go-DEBUG-../src/sshmastercon= nection.cpp:168> SshMasterConnection, host "localhost"; port 4= 9199; user "Adam.Dorsey";
useproxy false; proxyserver "&= quot;; proxyport 22
x2go-DEBUG-../src/sshmasterconnection.cpp:248> St= arting SSH connection without Kerberos authentication.
x2go-DEBUG-../src= /sshmasterconnection.cpp:250> SshMasterConnection, instance SshMasterCon= nection(0x548e2a8) =C2=A0created.
x2go-DEBUG-../src/sshmasterconnection= .cpp:492> SshMasterConnection, instance SshMasterConnection(0x548e2a8) = =C2=A0entering
thread.
x2go-DEBUG-../src/sshmasterconnection.cpp:57= 3> Setting SSH directory to C:/Users/Adam/ssh
x2go-DEBUG-../src/sshma= sterconnection.cpp:795> Session port before config file parse: 49199
= x2go-DEBUG-../src/sshmasterconnection.cpp:805> Session port after config= file parse: 49199

On Tue, Aug 17, 2021 at 11:45 AM Adam Dorsey - NOAA= Affiliate <ad= am.dorsey@noaa.gov> wrote:
A quick update for= this bug:

Today I tested the same scenario (Ciphe= r aes128-ctr) on our test cluster using the latest Windows snapshot client,= version 4.1.2.3-2021.07.13-df4a8ec.=C2=A0 The issue as described in this b= ug report is still present.

Thanks,
Adam=

On Fri, Mar 19, 2021 at 2:28 PM Adam Dorsey - NOAA Affiliat= e <adam.dorsey= @noaa.gov> wrote:
I can confirm this issue in my own environment = as well.=C2=A0 X2Go server version is 4.1.0.3-9.el7 running on CentOS 7.=C2= =A0 Affected users are running X2Go client version 4.1.2.2 on Windows 10 (t= hough this may affect other Windows versions as well).

We force= d the use of the aes128-ctr cipher yesterday on our cluster login nodes to = resolve a security issue raised by our security team.=C2=A0 To do this, we = added the following line to our SSH server config file:

Ciphers aes128-ctr

After making this change, several users running the = X2Go client on Windows 10 could no longer connect.=C2=A0 We found this bug = report, and subsequently reverted the above change, which resolved the issu= e.

Please note that Linux clients appeared to be u= naffected by this issue; I was able to connect from a workstation running X= 2Go client version 4.1.2.2 on Ubuntu Linux 20.04 without any issues.

--
=
Adam Dorsey
NOAA RDHPCS Systems Administrator Site= Lead
CSRA / RedLine Performance Solutions, LLC

NOAA NESCC
100= 0 Galliher Drive, Suite 333, Fairmont, WV 26554
office: (304) 367-2882cell: (304) 685-9345
adam.dorsey@noaa.gov


--
Adam Dorsey
NOAA RD= HPCS Systems Administrator Site Lead
CSRA / RedLine Performance Solution= s, LLC

NOAA NESCC
1000 Galliher Drive, Suite 333, Fairmont, WV 26= 554
office: (304) 367-2882
cell: (304) 685-9345
adam.dorsey@noaa.gov
<= /div>
_______________________________________________
x2go-dev mailing list
x2go-dev@lists= .x2go.org
https://lists.x2go.org/listinfo/x2go-dev


--
Adam Dorsey
NOAA RD= HPCS Systems Administrator Site Lead
CSRA / RedLine Performance Solution= s, LLC

NOAA NESCC
1000 Galliher Drive, Suite 333, Fairmont, WV 26= 554
office: (304) 367-2882
cell: (304) 685-9345
adam.dorsey@noaa.gov
<= /div>
--0000000000004f83db05cc721686--