X2Go Bug report logs - #448
x2goclient won't connect with ssh agent (Q: Who was so afraid of the NSA that he disabled agent communication in x2go?)

Toggle useless messages

Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Stefan Baur <newsgroups.mail2@stefanbaur.de>

To: submit@bugs.x2go.org, Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, Michael DePaulo <mikedep333@gmail.com>

Subject: x2goclient won't connect with ssh agent (Q: Who was so afraid of the NSA that he disabled agent communication in x2go?)

Date: Thu, 06 Mar 2014 18:45:21 +0100

Package: x2goclient
Version: 4.0.2.0

(I'm filing this against 4.0.2.0 b/c it's still present there. If bugs
should be filed against the version they initially appeared in, please
let me know)

not affected: 4.0.0.3 with PulseAudio 0.9.6
not affected: 4.0.1.2 with PulseAudio 0.9.6
possibly affected (untested) 4.0.1.3 with PulseAudio 0.9.6
affected: 4.0.1.3+build2 with PulseAudio 0.9.6
affected: 4.0.2.0

Preface:
The followin issue has been observed on Windows; whoever takes care of
this should also check if the same issue occurs on Linux and Mac when
using the ssh agents shipped with these operating systems.

Situation:
4.0.1.2 with PulseAudio 0.9.6 and older clients allowed the use of an
external SSH agent that loads and memorizes SSH private keys (so you
don't have to re-enter your private key's passphrase whenever you try to
connect).
In my case, this SSH agent was "Pageant" from the PuTTY package.

With 4.0.1.3+build2/PA0.9.6, using the same (registry-stored) settings
as before, x2goclient.exe pops up a dialog box asking me for my private
key's password. Which it does over and over again, without ever connecting.
To me, it looks like it's asking for the password for a non-existant
private key, the key with the file name "", thus it always fails.

Assumption:
Someone tried to add/fix code regarding ssh public key authentication
(maybe something to do with bug #322?), took care of whatever issue
there was with private key file handling by x2goclient itself, but
overlooked the possibility that an external ssh agent might be involved.

Net Result:
SSH public key login using an SSH agent is effectively broken in
4.0.1.3+build2 (and possibly 4.0.1.3), up to 4.0.2.0-2014-03-06 (nightly
build), and probably still broken in the current source.

Sounds like a case for one of our two Mikes ...

-Stefan

Message #10 received at 448@bugs.x2go.org (full text, mbox, reply):

From: Stefan Baur <newsgroups.mail2@stefanbaur.de>

To: 448@bugs.x2go.org

Subject: Bug#448: x2goclient won't connect with ssh agent (Q: Who was so afraid of the NSA that he disabled agent communication in x2go?)

Date: Fri, 07 Mar 2014 21:55:08 +0100

Addendum:

Mike#2 suggested looking at libssh, as that was upgraded, too. So it
might be that it's not a bug in x2goclient per se, but in how libssh
talks to ssh agents.

-Stefan

Message #15 received at 448@bugs.x2go.org (full text, mbox, reply):

From: Stefan Baur <newsgroups.mail2@stefanbaur.de>

To: 448@bugs.x2go.org

Subject: Re: Bug#448: x2goclient won't connect with ssh agent (Q: Who was so afraid of the NSA that he disabled agent communication in x2go?)

Date: Fri, 07 Mar 2014 23:11:46 +0100

And another addendum:

Swapping out libssh.dll against a copy from an older, still working
x2goclient doesn't work. When you attempt that, x2goclient won't even start.

Message #20 received at 448@bugs.x2go.org (full text, mbox, reply):

From: Michael DePaulo <mikedep333@gmail.com>

To: 448@bugs.x2go.org

Subject: Linux not affected

Date: Sun, 16 Mar 2014 21:39:36 -0400

This bug was not present on the following client setup:
Fedora 20 64-bit
GNOME keyring 3.10.1 (1.fc20)
libssh 0.6.3 (1.fc20)
x2goclient 4.0.1.3 (4.fc20)


Specifically,
1. if I had not entered my passphrase for my private key into GNOME
kerying yet, then upon initiating the connection GNOME keyring would
prompt me. (X2Go Client did not prompt me.) Once it was done, X2Go
Client would connect.

2. if I had already entered my passphrase for my private key into
GNOME keyring, then upon initiating the connection, X2Go Client would
connect without any prompts.

Message #25 received at 448@bugs.x2go.org (full text, mbox, reply):

From: Michael DePaulo <mikedep333@gmail.com>

To: 448@bugs.x2go.org

Subject: KDE's libssh was patched for Pageant support

Date: Sun, 16 Mar 2014 23:38:04 -0400

If you compare KDE's libssh 0.5.3 src/agent.c
ftp://winkde.org/kde/ports/win32/releases/stable/latest/libssh-x86-mingw4-0.5.3-src.tar.bz2

To the vanilla libssh 0.5.3 src/agent.c
http://git.libssh.org/projects/libssh.git/tree/src/agent.c?id=libssh-0.5.3

You'll see that KDE patched it to add support for Pageant as an SSH
agent for Windows.

There's also winpgntc.c and winpgntc.h included in the KDE version,
but not in the vanilla version.

Our libssh 0.5.5 build doesn't have Pageant support:
http://git.libssh.org/projects/libssh.git/tree/src/agent.c?id=libssh-0.5.5

And neither does libssh 0.6.3:
http://git.libssh.org/projects/libssh.git/tree/src/agent.c?id=libssh-0.6.3
Or the current (2014-03-16) HEAD:
http://git.libssh.org/projects/libssh.git/tree/src/agent.c

So right now I need to find the applied patch they applied.

The src.tar.bz2 file contains patches, but only for CVE
vunlerabilities. I do not see .patch files for this feature, it is
already applied to the source.

Message #30 received at 448@bugs.x2go.org (full text, mbox, reply):

From: Michael DePaulo <mikedep333@gmail.com>

To: 448@bugs.x2go.org

Subject: Here's the patch

Date: Sun, 16 Mar 2014 23:52:54 -0400

Sorry for the long URL, but we can download the patch that KDE used
for libssh 0.5.3 here:
http://code.ohloh.net/project?pid=bnCaBd3Jo9I&prevcid=1&did=portage%2Fwin32libs%2Flibssh&cid=9zDTNiYDvV0&fp=305438&projSelected=true

Based on the dates in the files,
0001-implement-support-for-putty-s-pageant-0.5.3.patch supercedes
0001-implement-support-for-putty-s-pageant.patch

Message #35 received at 448@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

To: Michael DePaulo <mikedep333@gmail.com>, 448@bugs.x2go.org

Subject: Re: [X2Go-Dev] Bug#448: Here's the patch

Date: Mon, 17 Mar 2014 11:00:11 +0000

[Message part 1 (text/plain, inline)]

Hi Michael,

On  Mo 17 Mär 2014 04:52:54 CET, Michael DePaulo wrote:

> Sorry for the long URL, but we can download the patch that KDE used
> for libssh 0.5.3 here:
> http://code.ohloh.net/project?pid=bnCaBd3Jo9I&prevcid=1&did=portage%2Fwin32libs%2Flibssh&cid=9zDTNiYDvV0&fp=305438&projSelected=true
>
> Based on the dates in the files,
> 0001-implement-support-for-putty-s-pageant-0.5.3.patch supercedes
> 0001-implement-support-for-putty-s-pageant.patch

You are AWESOME!!!

Mike


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

[Message part 2 (application/pgp-signature, inline)]

Message #40 received at 448@bugs.x2go.org (full text, mbox, reply):

From: Michael DePaulo <mikedep333@gmail.com>

To: 448@bugs.x2go.org

Subject: Thanks Alex

Date: Wed, 19 Mar 2014 08:18:10 -0400

Oleksandr Shneyder provided a patched libssh 0.5.5 build and I added
it to our nightly build system. Both Stefan and I verified that it
fixes the bug.

We might move the location of the build, but for now it is here:
http://code.x2go.org/releases/libssh-with-pagent.patch/

Message #45 received at 448@bugs.x2go.org (full text, mbox, reply):

From: Mike DePaulo <mikedep333@gmail.com>

To: 448-submitter@bugs.x2go.org

Cc: control@bugs.x2go.org, 448@bugs.x2go.org

Subject: X2Go issue (in src:x2goclient) has been marked as pending for release

Date: Wed, 19 Mar 2014 13:23:48 +0100 (CET)

tag #448 pending
fixed #448 4.0.2.0
thanks

Hello,

X2Go issue #448 (src:x2goclient) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:

    http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ed2c005

The issue will most likely be fixed in src:x2goclient (4.0.2.0).

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
commit ed2c00559188166d824063b266310245d3c54d37
Author: Mike DePaulo <mikedep333@gmail.com>
Date:   Wed Mar 19 08:23:33 2014 -0400

    Windows: Reapply KDE on Windows's patch for Pageant support to libssh 0.5.5. (Fixes: #448)

diff --git a/debian/changelog b/debian/changelog
index 90d98ef..14ae6df 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -55,6 +55,8 @@ x2goclient (4.0.2.0-0x2go1) UNRELEASED; urgency=low
     - Windows: Upgrade included PulseAudio from 1.1 to 5.0.
       The 5.0 build is patched for X2Go bug #363. and available here:
       https://build.opensuse.org/project/show/home:mikedep333:branches:home:mkbosmans:mingw32:pulseaudio
+    - Windows: Reapply KDE on Windows's patch for Pageant support to
+      libssh 0.5.5. (Fixes: #448)
 
  -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>  Wed, 22 Jan 2014 09:20:08 +0100
 

Message #57 received at 448@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

To: 448-submitter@bugs.x2go.org

Cc: control@bugs.x2go.org, 448@bugs.x2go.org

Subject: X2Go issue (in src:x2goclient) has been marked as closed

Date: Thu, 10 Apr 2014 13:52:14 +0200 (CEST)

close #448
thanks

Hello,

we are very hopeful that X2Go issue #448 reported by you
has been resolved in the new release (4.0.2.0) of the
X2Go source project »src:x2goclient«.

You can view the complete changelog entry of src:x2goclient (4.0.2.0)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goclient.

    http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=cbe900f245206ad9bd62d0fbaf226da1b3ffc44e;hp=f7cdada8c57c45ee9ea3b6c42bd680fae26d728c

If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goclient.

Thanks a lot for contributing to X2Go!!!

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
X2Go Component: src:x2goclient
Version: 4.0.2.0-0x2go1
Status: RELEASE
Date: Thu, 10 Apr 2014 13:47:56 +0200
Fixes: 138 349 422 440 446 448 453
Changes: 
 x2goclient (4.0.2.0-0x2go1) RELEASED; urgency=low
 .
   [ Oleksandr Shneyder ]
   * New upstream version (4.0.2.0):
     - Revrite SSH Classes to support libssh fix.
     - Add Class HelpDialog to show options in scroll area.
     - Fix authentication on SSH Broker with key + passphrase.
     - Set modmap timer timeout to 10 sec on Mac.
     - Fix running xmodmap if X2Go Client not started from terminal.
     - Setting keyboard modifiers with xmodmap.
     - Fix multimonitor support on Linux.
     - Display more version info. Parameters --version, --git, --changelog.
     - Don't show GUI dialog for --version, --help, etc, if started
       from terminal on linux and mac.
     - If no user in session config, display system username in pass form.
     - Check if txt/changelog and txt/git exist on config phase.
       Rename option "--git" to "--git-info".
     - Change x2goclient.nsi for nightly builds.
 .
   [ Josh Lukens ]
   * New upstream version (4.0.2.0):
     - Switch to QNetworkAccessManager. Appropriately set content type
       header to "application/x-www-form-urlencoded" for HTTP post
       requests. (Fixes: #440, #138).
     - Fix copy+paste errors in QNetworkAccessManager code.
     - Provide support for dynamic authentication IDs. This is
       a requirement for using the broker client against brokers
       that use some sort of OTP authentication mechanism.
       (Fixes: #446).
 .
   [ Mike Gabriel ]
   * New upstream version (4.0.2.0):
     - Drop create_text.sh again, implement changelog copying
       in distro build files. Implement Git history creation for
       nightly builds in build scripts.
     - Rename txt/git to txt/git-info (make it compliant with cmdline
       options).
     - Allow starting shadow sessions from the command line with
       option --hidden being enabled. (Fixes: #349).
   * debian/control:
     + Build-depend on libssh-dev (>= 0.5.4-2).
     + Bump Standards: to 3.9.5. No changes needed.
   * debian/rules:
     + Copy debian/changelog into txt/ subfolder during dh_auto_configure.
     + Create txt/git-info files for ChangeLog.git if it exists.
   * x2goclient.spec:
     + Copy ChangeLog (or debian/changelog) into txt/ subfolder during
       %setup.
     + Copy ChangeLog.gitlog (if present) into txt/ subfolder during %setup.
     + B-R (epel-7): man2html-core (same as for Fedora builds).
 .
   [ Mike DePaulo ]
   * New upstream version (4.0.2.0):
     - Decrease HelpDialog's tab width from 320 to 30
       (the width of 10 spaces.) (Fixes: #453)
     - Windows: Fix compatibility with PulseAudio 3.0 & later through
       new cookie handling. (Fixes: #422)
     - Windows: Upgrade included PulseAudio from 1.1 to 5.0.
       The 5.0 build is patched for X2Go bug #363. and available here:
         https://build.opensuse.org/project/show/home:mikedep333:branches:home:\
         mkbosmans:mingw32:pulseaudio
     - Windows: Reapply KDE on Windows's patch for Pageant support to
       libssh 0.5.5. (Fixes: #448)

Send a report that this bug log contains spam.