X2Go Bug report logs - #290
SSH key based authentication problems

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#290: [X2Go-Dev] Bug#290: SSH key based authentication problems
Reply-To: Stefan Baur <newsgroups.mail2@stefanbaur.de>, 290@bugs.x2go.org
Resent-From: Stefan Baur <newsgroups.mail2@stefanbaur.de>
Resent-To: x2go-dev@lists.berlios.de
Resent-CC: X2Go Developers <x2go-dev@lists.berlios.de>
X-Loop: owner@bugs.x2go.org
Resent-Date: Tue, 27 Aug 2013 12:18:02 +0000
Resent-Message-ID: <handler.290.B290.13776058372998@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 290
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: confirmed
Received: via spool by 290-submit@bugs.x2go.org id=B290.13776058372998
          (code B ref 290); Tue, 27 Aug 2013 12:18:02 +0000
Received: (at 290) by bugs.x2go.org; 27 Aug 2013 12:17:17 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_PASS,
	URIBL_BLOCKED autolearn=ham version=3.3.2
X-Greylist: delayed 452 seconds by postgrey-1.34 at ymir; Tue, 27 Aug 2013 14:17:16 CEST
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187])
	by ymir (Postfix) with ESMTP id C271F5DB05;
	Tue, 27 Aug 2013 14:17:16 +0200 (CEST)
Received: from [192.168.0.3] (HSI-KBW-149-172-200-27.hsi13.kabel-badenwuerttemberg.de [149.172.200.27])
	by mrelayeu.kundenserver.de (node=mreu4) with ESMTP (Nemesis)
	id 0M6c88-1VzUm32Hdk-00wW9v; Tue, 27 Aug 2013 14:04:39 +0200
Message-ID: <521C95D7.2080508@stefanbaur.de>
Date: Tue, 27 Aug 2013 14:04:39 +0200
From: Stefan Baur <newsgroups.mail2@stefanbaur.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 290@bugs.x2go.org, 
 x2go-dev@lists.berlios.de
CC: submit@bugs.x2go.org
References: <20130827123401.1559208fzp3qfrtl@mail.das-netzwerkteam.de>
In-Reply-To: <20130827123401.1559208fzp3qfrtl@mail.das-netzwerkteam.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V02:K0:G3EDX8+ZrVlG96hngm0E+Ikj52unmIqEVFOA/jX5+tH
 4mEB5/DVsxsZb6qKaVBHPgsxOBvyObDb9y/1zHIYlBrylnFWKG
 1GAqOcszRqtS8mfiqK6lKkI6rHL1k84xbmWDcMsiPX8v8hKEvp
 0iwjYVQsljfLhr9bS0BvAebkflIlSa8sbQJ4IqUvxVSHa3fbCp
 5t2olkjCtB7kSpmp4UfWzvUt+ap/BKFq6jpnedFd4vMdrWdpp/
 06b93w1Kg2z+v/eRn4/2L1s/8ZkgnikjbSAmzg+gn+4d6pKRuQ
 Xo6igwwDceXZv6Ac4TLWsShVzs7JlRQmmbC5koMn4rczpbyhxn
 zm52RwSgTM5Pq9ubEd2WiHO9VAN7z9xH4qa6U67t2

Hi Guys!

As a suggestion/workaround: I am using Pageant from the PuTTY suite, 
this is where I have my users load their keys.
Pageant is a SSH agent for Windows, under the same license as PuTTY and 
PuTTYgen.
The reason why I'm using it is that my users also use WinSCP for file 
transfers and thus have to authenticate only once - when 
loading/unlocking their key file in pageant.

Thus, I'm telling both x2goclient and WinSCP to use the SSH agent, and 
everything works (for me).

Please ALSO note that PuTTYgen saves the private key files in its own 
special format (as indicated by the *.ppk extension).
You might have to use one of the "Export" Options in PuTTYgen's 
"Conversions" menu so that x2goclient is able to process the key.

-Stefan

Am 27.08.2013 12:34, schrieb Mike Gabriel:
> Package: x2goclient
> Tags: confirmed
> Version: 4.0.1.0
> Severity: important
> x-debbugs-cc: software@matthiaskauer.com
>
> I myself have also observed the issue reported by Matthias. Adding 
> this as a bug. This should get fixed before the release of 4.0.1.1.
>
> Mike
>
> ----- Weitergeleitete Nachricht von software@matthiaskauer.com -----
>      Datum: Mon, 26 Aug 2013 23:54:55 +0200
>        Von: Matthias Kauer <software@matthiaskauer.com>
>    Betreff: [X2Go-User] Login via ~/.ssh/authorized_keys fails
>         An: x2go-user@lists.berlios.de
>
> Hi,
> I am looking for input on how to set up an ssh key-based authentication.
>
> I generated an RSA key pair with puttygen and added it to
> ~/.ssh/authorized_keys2 => confirmed that I can login with putty.
> Now, I specify the same private key in x2goclient (windows). I enter my
> password and I am then prompted for the password of the ssh key. I enter
> it and the same ssh key password prompt reappears. This seems to be an
> infinite loop. When I cancel it, I get a message saying that only
> publickey is supported as login method (which corresponds to my
> sshd_config settings).
>
> I then tried renaming ~/.ssh/authorized_keys and using a DSA key pair.
> putty still works as expected with both of these alternatives.
> x2goclient still shows the same problems however. It only lets me login
> if I adapt my sshd_config and authenticate via user / password 
> combination.
>
> Is this a known limitation?
> What is the best way to achieve high security? Can I limit the x2go
> connections to only LAN IPs (without restricting the pure ssh 
> connections)?
>
> Best Wishes,
> Matthias Kauer
> _______________________________________________
> X2Go-User mailing list
> X2Go-User@lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/x2go-user
>
>
> ----- Ende der weitergeleiteten Nachricht -----
>
>
>
>
> _______________________________________________
> X2Go-Dev mailing list
> X2Go-Dev@lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/x2go-dev

Send a report that this bug log contains spam.