X2Go Bug report logs - #290
SSH key based authentication problems

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Tue, 27 Aug 2013 10:48:02 UTC

Severity: important

Tags: confirmed

Found in version 4.0.1.0

Full log

Message #15 received at 290@bugs.x2go.org (full text, mbox, reply):

Received: (at 290) by bugs.x2go.org; 28 Aug 2013 21:21:46 +0000
From software@matthiaskauer.com  Wed Aug 28 23:21:45 2013
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,HTML_MESSAGE,
	URIBL_BLOCKED autolearn=ham version=3.3.2
X-Greylist: delayed 563 seconds by postgrey-1.34 at ymir; Wed, 28 Aug 2013 23:21:45 CEST
Received: from fra07-inx04.webhod.de (fra07-inx04.webhod.de [212.224.89.152])
	by ymir (Postfix) with ESMTPS id 777235DB1C
	for <290@bugs.x2go.org>; Wed, 28 Aug 2013 23:21:45 +0200 (CEST)
X-No-Relay: not in my network
X-No-Relay: not in my network
Received: from [192.168.123.189] (e181003244.adsl.alicedsl.de [85.181.3.244])
	by fra07-inx04.webhod.de (Postfix) with ESMTPSA id 09F38D20687;
	Wed, 28 Aug 2013 23:12:43 +0200 (CEST)
Message-ID: <521E67B6.2030605@matthiaskauer.com>
Date: Wed, 28 Aug 2013 23:12:22 +0200
From: Matthias Kauer <software@matthiaskauer.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 290@bugs.x2go.org
Subject: Re: Bug#290: SSH key based authentication problems
References: <20130827123401.1559208fzp3qfrtl@mail.das-netzwerkteam.de>
In-Reply-To: <20130827123401.1559208fzp3qfrtl@mail.das-netzwerkteam.de>
Content-Type: multipart/alternative;
 boundary="------------050307080702090806020902"

[Message part 1 (text/plain, inline)]
Hi Mike,
thanks for the confirmation and the submission.

If anyone is interested, one thing I did for now, to address this issue
was to allow password-based access from my LAN addresses as described
here:
http://askubuntu.com/questions/101670/how-can-i-allow-ssh-password-authentication-from-only-certain-ip-addresses
(Note that the match block should be at the end of sshd_config file as
it affects all statements below it if I understand it correctly)

Use a |Match| block in |/etc/ssh/sshd_config|.

|PasswordAuthentication no

Match address 192.0.2.0/24
    PasswordAuthentication yes
|

Best,
Matthias

On 27/8/2013 12:34 PM, Mike Gabriel wrote:
> Package: x2goclient
> Tags: confirmed
> Version: 4.0.1.0
> Severity: important
> x-debbugs-cc: software@matthiaskauer.com
>
> I myself have also observed the issue reported by Matthias. Adding
> this as a bug. This should get fixed before the release of 4.0.1.1.
>
> Mike
>
> ----- Weitergeleitete Nachricht von software@matthiaskauer.com -----
>      Datum: Mon, 26 Aug 2013 23:54:55 +0200
>        Von: Matthias Kauer <software@matthiaskauer.com>
>    Betreff: [X2Go-User] Login via ~/.ssh/authorized_keys fails
>         An: x2go-user@lists.berlios.de
>
> Hi,
> I am looking for input on how to set up an ssh key-based authentication.
>
> I generated an RSA key pair with puttygen and added it to
> ~/.ssh/authorized_keys2 => confirmed that I can login with putty.
> Now, I specify the same private key in x2goclient (windows). I enter my
> password and I am then prompted for the password of the ssh key. I enter
> it and the same ssh key password prompt reappears. This seems to be an
> infinite loop. When I cancel it, I get a message saying that only
> publickey is supported as login method (which corresponds to my
> sshd_config settings).
>
> I then tried renaming ~/.ssh/authorized_keys and using a DSA key pair.
> putty still works as expected with both of these alternatives.
> x2goclient still shows the same problems however. It only lets me login
> if I adapt my sshd_config and authenticate via user / password
> combination.
>
> Is this a known limitation?
> What is the best way to achieve high security? Can I limit the x2go
> connections to only LAN IPs (without restricting the pure ssh
> connections)?
>
> Best Wishes,
> Matthias Kauer
> _______________________________________________
> X2Go-User mailing list
> X2Go-User@lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/x2go-user
>
>
> ----- Ende der weitergeleiteten Nachricht -----
>
>


[Message part 2 (text/html, inline)]

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Sat Nov 23 10:17:22 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.