X2Go Bug report logs - #241
Changed host key cannot be updated

Full log

🔗 View this message in rfc822 format

MIME-Version: 1.0
X-Mailer: MIME-tools 5.502 (Entity 5.502)
X-Loop: owner@bugs.x2go.org
From: owner@bugs.x2go.org (X2Go Bug Tracking System)
Subject: Bug#241 closed by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
 (X2Go issue (in src:x2goclient) has been marked as closed)
Message-ID: <handler.241.c.13872921695866.notifdone@bugs.x2go.org>
References: <20131217145521.03A625DB26@ymir>
X-X2go-PR-Keywords: pending patch
X-X2go-PR-Message: they-closed 241
X-X2go-PR-Package: x2goclient
X-X2go-PR-Source: x2goclient
Date: Tue, 17 Dec 2013 15:03:07 +0000
Content-Type: multipart/mixed; boundary="----------=_1387292587-10958-0"

[Message part 1 (text/plain, inline)]

This is an automatic notification regarding your Bug report
which was filed against the x2goclient package:

#241: Changed host key cannot be updated

It has been closed by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>.

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Mike Gabriel <mike.gabriel@das-netzwerkteam.de> by
replying to this email.


-- 
X2Go Bug Tracking System
Contact owner@bugs.x2go.org with problems

[Message part 2 (message/rfc822, inline)]

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

To: 241-submitter@bugs.x2go.org

Cc: control@bugs.x2go.org, 241@bugs.x2go.org

Subject: X2Go issue (in src:x2goclient) has been marked as closed

Date: Tue, 17 Dec 2013 15:55:20 +0100 (CET)

close #241
thanks

Hello,

we are very hopeful that X2Go issue #241 reported by you
has been resolved in the new release (4.0.1.2) of the
X2Go source project »src:x2goclient«.

You can view the complete changelog entry of src:x2goclient (4.0.1.2)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goclient.

    http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=34591fd62844b2b955e6a4bf3cf44d4759c5e44c;hp=d5ff7886ae22a1e36541570e7095fac9860af6e8

If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goclient.

Thanks a lot for contributing to X2Go!!!

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
X2Go Component: src:x2goclient
Version: 4.0.1.2-0x2go2
Status: RELEASE
Date: Tue, 17 Dec 2013 15:21:38 +0100
Fixes: 139 230 241 311 315 316 328 333
Changes: 
 x2goclient (4.0.1.2-0x2go2) RELEASED; urgency=low
 .
   [ Mike Gabriel ]
   * New upstream version (4.0.1.2):
     - Provide Keywords: key in .desktop file.
     - Add NSIS packaging files for win32 builds to source tree.
       (Files provided by Oleksandr Shneyder, thanks!!!).
     - Rename win32 desktop and startmenu icon from "X2goClient" to "X2Go
       Client".
     - Store broker HTTPS certificate exceptions in
       $HOME/.x2go/ssl/exceptions (before: $HOME/ssl/exceptions).
       (Fixes: #328).
     - Perform sanity checks on data that comes in from X2Go Servers.
       Prohibit the execution of arbitrary code via the ~/.bashrc file.
       (Fixes: #333).
     - Add option --broker-cacertfile. Allow usage of non-system-wide
       installed (self-signed) SSL certificate chains for https (SSL)
       session broker connections. (Fixes: #311).
     - Update man page for new --tray-icon cmdline option.
     - Update man page for --broker-url. Explain the syntax of <URL>.
     - Properly handle (=expand) the "~" character in key filenames. (Brought to
       attention by Eldamir on IRC. Thanks!).
     - Expand tilde operator for all other file paths handed over to X2Go Client
       via sessions file or cmdline parameter.
     - Syntax fix of x2goclient.desktop file.
     - Test for various file locations of the pulseaudio cookie file.
     - Allow patching of qmake-qt4 executable path in Makefile.
     - Make qmake-qt4 and lrelease path in Makefile easily replacable (as
       RHEL-5 does not have those tools in $PATH).
     - Make sure that build_client and build_plugin are not build with parallel
       make.
     - Make x2goplugin-provider installable via Makefile.
   * Pull-in packaging changes from Debian.
   * debian/source/format:
     + Switch to format 1.0.
   * x2goclient.spec:
     + Ship x2goclient.spec (RPM package definitions) in upstream project.
       (Thanks to the Fedora package maintainers).
     + Clear (Fedora package) changelog.
     + Make package build on Fedora/EPEL versions that do not have the
       qtbrowserplugin package.
     + For EPEL-5 builds: replace full path to qmake-qt4 and lrelease.
     + Split up package into bin:packages: x2goclient, x2goplugin,
       x2goplugin-provider.
     + Make sure lrelease-qt4 is executed (not just lrelease).
 .
   [ Ricardo Díaz Martín ]
   * New upstream versino (4.0.1.2):
     - Strip whitespaces off of user name, host name and other
       strings when loading / saving session profiles.(Fixes: #315).
     - New option --tray-icon. Force showing the tray icon, even for
       hidden sessions. Also allow creation of .desktop files with
       --tray-icon optionally being enabled. (Fixes: #316).
     - Update Spanish translation.
 .
   [ Oleksandr Shneyder ]
   * New upstream version (4.0.1.2):
     - Support for keys "shadowuser" "shadowdisplay" and "shadowmode" in
       config file. This allows choosing the default display for shadow
       sessions.
     - Support for GSSApi(Kerberos 5) authentication. Using ssh/scp commands
       on Linux and Mac and plink/pscp on Windows.
     - Support for ChallengeResponseAuthentication (Google Authenticator)
     - Setting main window focus on mac (Fixes: #139).
     - Additional check if authentication with GSSApi successfull
     - c121b7e2d3d83abdc2d7a29637bc3294e38b2ec3 broke checking if remote
       command produce only stderr and not stdout. It made x2goclient crash
       if x2gostartagent send LIMIT error. Current commit fixes this issue.
     - SshMasterConnection should use current user name if no user name is
       specified in session settings
     - GSSApi(Kerberos 5) authentication for sshproxy and sshbroker
     - fixed GSSApi(Kerberos 5) authentication for sshproxy and sshbroker
       on windows
 .
   [ Heinrich Schuchardt ]
   * New upstream version (4.0.1.2):
     - Handle SSH host key changes more elegantly and allow user interaction
       if such a host key change occurs. (Fixes: #241).
 .
   [ Michael DePaulo ]
   * New upstream version (4.0.1.2):
     - win32: Add uninstall information to Add/Remove Programs. (Fixes: #230).

[Message part 3 (message/rfc822, inline)]

From: Heinrich Schuchardt <xypron.glpk@gmx.de>

To: submit@bugs.x2go.org

Subject: Changed host key cannot be updated

Date: Sun, 16 Jun 2013 14:36:32 +0200

Package: x2goclient
Version: 4.0.0.3
Severity: normal

Dear maintainer,

from time to time the SSH key used for identification by a X2GO server 
may change.

When trying to connect the server a pop up is shown:

"Anmeldung fehlgeschlagen"
"Host-Key des Servers hat sich geändert Er lautet jetzt:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Aus Sicherheitsgründen wird die Verbindung abgebrochen"

The user is left puzzled with what he should do next.

There is no indication in which file there is a problem, e.g.
~/.ssh/known_hosts
or
%APPDATA%\ssh\known_hosts

There is no indication which entry in this file is corrupted.

Deleting file known_hosts is a bad idea because it may contain the keys 
for dozens of validated servers.

There are examples of more informative output, e.g. from command line 
program ssh:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this 
message.
Offending RSA key in /home/user/.ssh/known_hosts:1
RSA host key for 10.0.0.5 has changed and you have requested strict 
checking.
Host key verification failed.

Here I can identify the filename: /home/user/.ssh/known_hosts
and the line of the the entry: 1

Manual editing of known_hosts is now possible but not too good an idea 
because it is error prone.

A good solution is what you see in PuTTY. A warning pop up is shown and 
you get the choice to update file known_hosts.

Best regards

Heinrich Schuchardt

Send a report that this bug log contains spam.