X2Go Bug report logs -
#290
SSH key based authentication problems
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to x2go-dev@lists.berlios.de, software@matthiaskauer.com, X2Go Developers <x2go-dev@lists.berlios.de>
:
Bug#290
; Package x2goclient
.
(Tue, 27 Aug 2013 10:48:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
New Bug report received and forwarded. Copy sent to software@matthiaskauer.com, X2Go Developers <x2go-dev@lists.berlios.de>
.
(Tue, 27 Aug 2013 10:48:02 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: x2goclient
Tags: confirmed
Version: 4.0.1.0
Severity: important
x-debbugs-cc: software@matthiaskauer.com
I myself have also observed the issue reported by Matthias. Adding
this as a bug. This should get fixed before the release of 4.0.1.1.
Mike
----- Weitergeleitete Nachricht von software@matthiaskauer.com -----
Datum: Mon, 26 Aug 2013 23:54:55 +0200
Von: Matthias Kauer <software@matthiaskauer.com>
Betreff: [X2Go-User] Login via ~/.ssh/authorized_keys fails
An: x2go-user@lists.berlios.de
Hi,
I am looking for input on how to set up an ssh key-based authentication.
I generated an RSA key pair with puttygen and added it to
~/.ssh/authorized_keys2 => confirmed that I can login with putty.
Now, I specify the same private key in x2goclient (windows). I enter my
password and I am then prompted for the password of the ssh key. I enter
it and the same ssh key password prompt reappears. This seems to be an
infinite loop. When I cancel it, I get a message saying that only
publickey is supported as login method (which corresponds to my
sshd_config settings).
I then tried renaming ~/.ssh/authorized_keys and using a DSA key pair.
putty still works as expected with both of these alternatives.
x2goclient still shows the same problems however. It only lets me login
if I adapt my sshd_config and authenticate via user / password combination.
Is this a known limitation?
What is the best way to achieve high security? Can I limit the x2go
connections to only LAN IPs (without restricting the pure ssh connections)?
Best Wishes,
Matthias Kauer
_______________________________________________
X2Go-User mailing list
X2Go-User@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/x2go-user
----- Ende der weitergeleiteten Nachricht -----
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>
:
Bug#290
; Package x2goclient
.
(Tue, 27 Aug 2013 12:18:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Baur <newsgroups.mail2@stefanbaur.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>
.
(Tue, 27 Aug 2013 12:18:02 GMT) (full text, mbox, link).
Message #10 received at 290@bugs.x2go.org (full text, mbox, reply):
Hi Guys!
As a suggestion/workaround: I am using Pageant from the PuTTY suite,
this is where I have my users load their keys.
Pageant is a SSH agent for Windows, under the same license as PuTTY and
PuTTYgen.
The reason why I'm using it is that my users also use WinSCP for file
transfers and thus have to authenticate only once - when
loading/unlocking their key file in pageant.
Thus, I'm telling both x2goclient and WinSCP to use the SSH agent, and
everything works (for me).
Please ALSO note that PuTTYgen saves the private key files in its own
special format (as indicated by the *.ppk extension).
You might have to use one of the "Export" Options in PuTTYgen's
"Conversions" menu so that x2goclient is able to process the key.
-Stefan
Am 27.08.2013 12:34, schrieb Mike Gabriel:
> Package: x2goclient
> Tags: confirmed
> Version: 4.0.1.0
> Severity: important
> x-debbugs-cc: software@matthiaskauer.com
>
> I myself have also observed the issue reported by Matthias. Adding
> this as a bug. This should get fixed before the release of 4.0.1.1.
>
> Mike
>
> ----- Weitergeleitete Nachricht von software@matthiaskauer.com -----
> Datum: Mon, 26 Aug 2013 23:54:55 +0200
> Von: Matthias Kauer <software@matthiaskauer.com>
> Betreff: [X2Go-User] Login via ~/.ssh/authorized_keys fails
> An: x2go-user@lists.berlios.de
>
> Hi,
> I am looking for input on how to set up an ssh key-based authentication.
>
> I generated an RSA key pair with puttygen and added it to
> ~/.ssh/authorized_keys2 => confirmed that I can login with putty.
> Now, I specify the same private key in x2goclient (windows). I enter my
> password and I am then prompted for the password of the ssh key. I enter
> it and the same ssh key password prompt reappears. This seems to be an
> infinite loop. When I cancel it, I get a message saying that only
> publickey is supported as login method (which corresponds to my
> sshd_config settings).
>
> I then tried renaming ~/.ssh/authorized_keys and using a DSA key pair.
> putty still works as expected with both of these alternatives.
> x2goclient still shows the same problems however. It only lets me login
> if I adapt my sshd_config and authenticate via user / password
> combination.
>
> Is this a known limitation?
> What is the best way to achieve high security? Can I limit the x2go
> connections to only LAN IPs (without restricting the pure ssh
> connections)?
>
> Best Wishes,
> Matthias Kauer
> _______________________________________________
> X2Go-User mailing list
> X2Go-User@lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/x2go-user
>
>
> ----- Ende der weitergeleiteten Nachricht -----
>
>
>
>
> _______________________________________________
> X2Go-Dev mailing list
> X2Go-Dev@lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/x2go-dev
Information forwarded
to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>
:
Bug#290
; Package x2goclient
.
(Wed, 28 Aug 2013 21:33:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Matthias Kauer <software@matthiaskauer.com>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>
.
(Wed, 28 Aug 2013 21:33:02 GMT) (full text, mbox, link).
Message #15 received at 290@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Mike,
thanks for the confirmation and the submission.
If anyone is interested, one thing I did for now, to address this issue
was to allow password-based access from my LAN addresses as described
here:
http://askubuntu.com/questions/101670/how-can-i-allow-ssh-password-authentication-from-only-certain-ip-addresses
(Note that the match block should be at the end of sshd_config file as
it affects all statements below it if I understand it correctly)
Use a |Match| block in |/etc/ssh/sshd_config|.
|PasswordAuthentication no
Match address 192.0.2.0/24
PasswordAuthentication yes
|
Best,
Matthias
On 27/8/2013 12:34 PM, Mike Gabriel wrote:
> Package: x2goclient
> Tags: confirmed
> Version: 4.0.1.0
> Severity: important
> x-debbugs-cc: software@matthiaskauer.com
>
> I myself have also observed the issue reported by Matthias. Adding
> this as a bug. This should get fixed before the release of 4.0.1.1.
>
> Mike
>
> ----- Weitergeleitete Nachricht von software@matthiaskauer.com -----
> Datum: Mon, 26 Aug 2013 23:54:55 +0200
> Von: Matthias Kauer <software@matthiaskauer.com>
> Betreff: [X2Go-User] Login via ~/.ssh/authorized_keys fails
> An: x2go-user@lists.berlios.de
>
> Hi,
> I am looking for input on how to set up an ssh key-based authentication.
>
> I generated an RSA key pair with puttygen and added it to
> ~/.ssh/authorized_keys2 => confirmed that I can login with putty.
> Now, I specify the same private key in x2goclient (windows). I enter my
> password and I am then prompted for the password of the ssh key. I enter
> it and the same ssh key password prompt reappears. This seems to be an
> infinite loop. When I cancel it, I get a message saying that only
> publickey is supported as login method (which corresponds to my
> sshd_config settings).
>
> I then tried renaming ~/.ssh/authorized_keys and using a DSA key pair.
> putty still works as expected with both of these alternatives.
> x2goclient still shows the same problems however. It only lets me login
> if I adapt my sshd_config and authenticate via user / password
> combination.
>
> Is this a known limitation?
> What is the best way to achieve high security? Can I limit the x2go
> connections to only LAN IPs (without restricting the pure ssh
> connections)?
>
> Best Wishes,
> Matthias Kauer
> _______________________________________________
> X2Go-User mailing list
> X2Go-User@lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/x2go-user
>
>
> ----- Ende der weitergeleiteten Nachricht -----
>
>
[Message part 2 (text/html, inline)]
Information forwarded
to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>
:
Bug#290
; Package x2goclient
.
(Fri, 30 Aug 2013 19:48:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>
.
(Fri, 30 Aug 2013 19:48:02 GMT) (full text, mbox, link).
Message #20 received at 290@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
... these conditions conincide:
o no SSH priv key with default name(s) available
and
((
o ssh-agent not aware of any private key
o ssh-agent running
)
or
(
o ssh-agent not running
))
/me will dig into this and then release X2Go Client.
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>
:
Bug#290
; Package x2goclient
.
(Sun, 13 Apr 2014 13:55:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael DePaulo <mikedep333@gmail.com>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>
.
(Sun, 13 Apr 2014 13:55:01 GMT) (full text, mbox, link).
Message #25 received at 290@bugs.x2go.org (full text, mbox, reply):
1st of all, as the Windows maintainer for X2Go Client, I intend to
either add support for using PuTTY private keys, or at least update
X2Go Client to give a meaningful error message about PuTTY private
keys not being supported. I currently have no ETA on when I will
implement this.
2nd, if Pageant support is not working for you in x2goclient 4.0.1.3
or 4.0.1.3+build2, upgrade to x2goclient 4.0.2.0. This is bug 448.
3rd, as Stefan briefly mentioned, With PuTTYGen (0.63), a workaround
is available. Basically you are just exporting your private key from
PuTTY format to OpenSSH format. This workaround is the intended design
of PuTTY suite. Here are full instructions.
Step 4 isn't required, but I strongly encourage you to follow it. Step
5 only applies to if you wish to use cygwin.
1. Generate or load your putty private key with PuTTYGen
2. Select Conversions -> export OpenSSH key
3. Save the private key file to a file. I strongly encourage you to
save it with the standard openSSH filename. The standard filename
would be, depending upon what type of key your generated,:
id_rsa
id_dsa
4. Copy the "Public key for pasting into OpenSSH authorized_keys file"
into a new file in your favorite text editor; notepad will suffice.
Save it as one of the standard filenames in the same folder:
id_rsa.pub
id_dsa.pub
When saving it, make sure you do not put .txt on the end of the filename!
5. If you have cygwin installed on your Windows client, copy or move
both files to: ~/.ssh/ . Create ~/.ssh/ if it does not exist. Make
sure you set the correct permissions though:
chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
6. Configure your X2Go Client to use your id_rsa or id_dsa file.
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#290
; Package x2goclient
.
(Wed, 03 Jul 2019 12:35:01 GMT) (full text, mbox, link).
Acknowledgement sent
to victorcolon@rcn.com
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Wed, 03 Jul 2019 12:35:02 GMT) (full text, mbox, link).
Message #30 received at 290-submit@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
good news
[Message part 2 (text/html, inline)]
[3w.pdf (application/pdf, attachment)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#290
; Package x2goclient
.
(Wed, 03 Jul 2019 12:35:02 GMT) (full text, mbox, link).
Acknowledgement sent
to victorcolon@rcn.com
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Wed, 03 Jul 2019 12:35:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
X2Go Developers <owner@bugs.x2go.org>.
Last modified:
Thu Nov 21 14:00:52 2024;
Machine Name:
ymir.das-netzwerkteam.de
X2Go Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.