X2Go Bug report logs - #240
X2goclient cannot read hashed entries in known_hosts

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Date: Sun, 16 Jun 2013 12:33:02 UTC

Severity: normal

Merged with 106

Found in versions 4.0.0.1, 4.0.1.0

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#240: X2goclient cannot read hashed entries in known_hosts
Reply-To: Heinrich Schuchardt <xypron.glpk@gmx.de>, 240@bugs.x2go.org
Resent-From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Resent-To: x2go-dev@lists.berlios.de
Resent-CC: X2Go Developers <x2go-dev@lists.berlios.de>
X-Loop: owner@bugs.x2go.org
Resent-Date: Sun, 16 Jun 2013 12:33:02 +0000
Resent-Message-ID: <handler.240.B.13713858943140@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 240
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: 
Received: via spool by submit@bugs.x2go.org id=B.13713858943140
          (code B); Sun, 16 Jun 2013 12:33:02 +0000
Received: (at submit) by bugs.x2go.org; 16 Jun 2013 12:31:34 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM,
	RCVD_IN_DNSWL_BLOCKED,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15])
	by ymir (Postfix) with ESMTP id 051E15DB17
	for <submit@bugs.x2go.org>; Sun, 16 Jun 2013 14:31:34 +0200 (CEST)
Received: from mailout-de.gmx.net ([10.1.76.10]) by mrigmx.server.lan
 (mrigmx002) with ESMTP (Nemesis) id 0LwkgY-1UH5Mz2pwm-016SXZ for
 <submit@bugs.x2go.org>; Sun, 16 Jun 2013 14:31:33 +0200
Received: (qmail invoked by alias); 16 Jun 2013 12:31:33 -0000
Received: from ip-109-90-96-202.unitymediagroup.de (EHLO [192.168.123.29]) [109.90.96.202]
  by mail.gmx.net (mp010) with SMTP; 16 Jun 2013 14:31:33 +0200
X-Authenticated: #41704822
X-Provags-ID: V01U2FsdGVkX1+NJdAwCN6NQaPvh9ZrOr5xtO/npG1lLD1VC4ev5I
	3qhSb7z7Dg8uGQ
Message-ID: <51BDB024.4060100@gmx.de>
Date: Sun, 16 Jun 2013 14:31:32 +0200
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12
MIME-Version: 1.0
To: submit@bugs.x2go.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Y-GMX-Trusted: 0
Package: x2goclient
Version: 4.0.1.0
Severity: normal

Dear maintainer,

I am running Debian Wheezy AMD64

I have installed
http://packages.x2go.org/debian/ wheezy/main x2goclient amd64 
4.0.1.0-0~x2go1+wheezy~main~380~build1

After deleting ~/.ssh/known_hosts I have connected my x2goserver with 
the command line tool ssh.

This created file known_hosts with one entry in the hashed file format 
described in the sshd(8) man page:
"Alternately, hostnames may be stored in a hashed form which hides host 
names and addresses should the file's contents be disclosed."

I now try to connect the same server with x2goclient and get an error

"Der Host-Key des Servers konnte nicht gefunden werden aber ein anderer 
Schlüsseltyp existiert. Ein Angreifer kann den Schlüssel verändert 
haben, um dem Client vorzutäuschen, dass der Schlüssel nicht existiert"

in English this would be

"The host key for this server was not found but an other type of key 
exists.An attacker might change the default server key to confuse your 
client into thinking the key does not exist"

Please, ensure that x2goclient can work with the hashed format of 
known_hosts.

Best regards

Heinrich Schuchardt

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Mar 28 13:59:36 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.