X2Go Bug report logs - #472
Upgrade SSH key exchange and message authentication code from SHA1 to SHA2

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Aurélien Grosdidier <aurelien.grosdidier@gmail.com>

Date: Thu, 3 Apr 2014 14:35:02 UTC

Severity: important

Found in version 4.0.1.3-1

Full log


Message #52 received at 472@bugs.x2go.org (full text, mbox, reply):

Received: (at 472) by bugs.x2go.org; 26 Nov 2014 00:13:16 +0000
From root@ospgsql.radonc.washington.edu  Wed Nov 26 01:13:15 2014
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,MISSING_SUBJECT,
	URIBL_BLOCKED autolearn=no version=3.3.2
X-Greylist: delayed 1247 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Wed, 26 Nov 2014 01:13:14 CET
Received: from mail.radonc.washington.edu (smtp.radonc.washington.edu [140.142.235.195])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id EE21E5E0D4
	for <472@bugs.x2go.org>; Wed, 26 Nov 2014 01:13:14 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by mail.radonc.washington.edu (Postfix) with ESMTP id AC118D14019
	for <472@bugs.x2go.org>; Tue, 25 Nov 2014 15:52:24 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at mail.radonc.washington.edu
Received: from mail.radonc.washington.edu ([127.0.0.1])
	by localhost (mail.radonc.washington.edu [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id wGdu2m7XvDKS for <472@bugs.x2go.org>;
	Tue, 25 Nov 2014 15:52:21 -0800 (PST)
Received: from ont2bn.radonc.washington.edu (ont2bn.radonc.washington.edu [140.142.39.16])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by mail.radonc.washington.edu (Postfix) with ESMTPS id B42BB5476B5
	for <472@bugs.x2go.org>; Tue, 25 Nov 2014 15:52:20 -0800 (PST)
Received: from root by ont2bn.radonc.washington.edu with local (Exim 4.84)
	(envelope-from <root@ospgsql.radonc.washington.edu>)
	id 1XtPtn-0002UI-Nc
	for 472@bugs.x2go.org; Tue, 25 Nov 2014 15:51:59 -0800
Date: Tue, 25 Nov 2014 15:51:59 -0800
From: root <root@ospgsql.radonc.washington.edu>
To: 472@bugs.x2go.org
Message-ID: <20141125235159.GA9557@ospgsql.radonc.washington.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: stefani banerian <banerian@uw.edu>
X-Was-To: Debian Bug Tracking System <submit@bugs.debian.org>
To: <472@bugs.x2go.org>
Subject: x2goclient: bug #472 update
Bcc: stefani banerian <banerian@uw.edu>
X-Debbugs-Cc: banerian@uw.edu

Package: x2goclient
Version: 4.0.3.0-1
Severity: normal

Dear Maintainer,

In following the bug report #472:
http://bugs.x2go.org/db/47/472.html

the reported work-around at:
http://permalink.gmane.org/gmane.linux.terminal-server.x2go.user/2368
was employed. 

The following error was reported:

"The host key for this server was not found but an othertype of key exists. An attacker might change the default server key to confuse your client into thinking the key does not exist. 
For security reasons, it is recommended to stop the connection.
Do you want to terminate the connection? (no)
Host Key Verification Failed."

The warning did not reply which ssh host key was problematic, nor give an indication of the fingerprint for comparison.
The host keys did not in fact change. It is not clear why there would be a host key problem.


-- System Information:
Debian Release: jessie/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages x2goclient depends on:
ii  libc6           2.19-13
ii  libcups2        1.7.5-7
ii  libgcc1         1:4.9.1-19
ii  libldap-2.4-2   2.4.40-2
ii  libqt4-network  4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqt4-svg      4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqtcore4      4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqtgui4       4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libssh-4        0.6.3-3+b1
ii  libstdc++6      4.9.1-19
ii  libx11-6        2:1.6.2-3
ii  libxpm4         1:3.5.11-1
ii  nxproxy         2:3.5.0.28-0x2go1+git20141113.546+wheezy.main.1
ii  openssh-client  1:6.7p1-3

Versions of packages x2goclient recommends:
ii  openssh-server  1:6.7p1-3
ii  rdesktop        1.8.2-3

Versions of packages x2goclient suggests:
pn  pinentry-x2go  <none>

-- no debconf information


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Nov 21 15:35:43 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.