X2Go Bug report logs - #368
GSSAPI support falls back to SSH key

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Fri, 13 Dec 2013 11:18:01 UTC

Severity: normal

Found in version 4.0.1.2-pre03

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#368: GSSAPI support falls back to SSH key
Reply-To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 368@bugs.x2go.org
Resent-From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Resent-To: x2go-dev@lists.berlios.de
Resent-CC: X2Go Developers <x2go-dev@lists.berlios.de>
X-Loop: owner@bugs.x2go.org
Resent-Date: Fri, 13 Dec 2013 11:18:01 +0000
Resent-Message-ID: <handler.368.B.13869334391718@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 368
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: 
Received: via spool by submit@bugs.x2go.org id=B.13869334391718
          (code B); Fri, 13 Dec 2013 11:18:01 +0000
Received: (at submit) by bugs.x2go.org; 13 Dec 2013 11:17:19 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
	RCVD_IN_DNSWL_BLOCKED,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199])
	by ymir (Postfix) with ESMTPS id 124335DB17
	for <submit@bugs.x2go.org>; Fri, 13 Dec 2013 12:17:19 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98])
	by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 9666A1E947
	for <submit@bugs.x2go.org>; Fri, 13 Dec 2013 12:17:18 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 616D13C075
	for <submit@bugs.x2go.org>; Fri, 13 Dec 2013 12:17:18 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id rFB6T2oTknfJ for <submit@bugs.x2go.org>;
	Fri, 13 Dec 2013 12:17:18 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id 26A3F3BB68
	for <submit@bugs.x2go.org>; Fri, 13 Dec 2013 12:17:18 +0100 (CET)
Received: from m-047.informatik.uni-kiel.de (m-047.informatik.uni-kiel.de
 [134.245.254.47]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP;
 Fri, 13 Dec 2013 11:17:18 +0000
Date: Fri, 13 Dec 2013 11:17:18 +0000
Message-ID: <20131213111718.Horde.mO-2qGd0ZyJ89U7-j9al-g3@mail.das-netzwerkteam.de>
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: "submit@bugs.x2go.org" <submit@bugs.x2go.org>
User-Agent: Internet Messaging Program (IMP) H5 (6.1.4)
Accept-Language: en,de
Organization: DAS-NETZWERKTEAM
X-Originating-IP: 134.245.254.47
X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101
 Firefox/23.0 Iceweasel/23.0
Content-Type: multipart/signed; boundary="=_ptaZhXpYfiA10XKdRdIgkA2";
 protocol="application/pgp-signature"; micalg=pgp-sha1
MIME-Version: 1.0

[Message part 1 (text/plain, inline)]
Package: x2goclient
Version: 4.0.1.2-pre03

Hi Alex,

with the latest GSSAPI patch in X2Go Client, I observe the following:

Session profile options:

autologin = false
krblogin = true

If GSSAPI fails, the underlying ssh process falls back to SSH-key  
based authentication. When this happens on passphrase protected SSH  
keys, I see this when running X2Go Client from the command line:

"""
mike@<host>:~$ LANG=C x2goclient
x2go-INFO-1> "Starting x2goclient..."
x2go-WARNING-1> "Can't load translator: :/x2goclient_c"
x2go-WARNING-2> "Can't load translator: :/qt_C"
x2go-INFO-3> "Started  x2goclient."
x2go-INFO-8> "Starting connection to server: fylgja.das-netzwerkteam.de:32032"
Enter passphrase for key '/home/mike/.ssh/id_rsa':
"""
      ^^^^^^^^^^^^^^^^^^

At this point X2Go Client waits for the input and only continues with  
SSH key based authentication then (although autologin has been set to  
false!).

Seems like you should limit the ssh subprocess execution to  
GSSAPIAuthentication only and disable all other auth methods (unless  
autologin is true).

Mike
-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Tue Dec 3 18:55:49 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.