X2Go Bug report logs -
#602
X2GoSession clobbers .ssh/known_hosts when add_to_known_hosts is set
Reported by: Matteo Panella <m.panella@level28.org>
Date: Wed, 10 Sep 2014 07:55:01 UTC
Severity: normal
Tags: pending
Found in version 0.4.0.9
Fixed in version 0.5.0.0
Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#602
; Package python-x2go
.
(Wed, 10 Sep 2014 07:55:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Matteo Panella <m.panella@level28.org>
:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Wed, 10 Sep 2014 07:55:02 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):
Package: python-x2go
Version: 0.4.0.9
Whenever a host key is registered using pyhoca-cli or pyhoca-gui, the
$HOME/.ssh/known_hosts file gets clobbered: all keys whose type is not
either ssh-dss or ssh-rsa (namely, ECDSA and Ed25519 host keys) are removed.
Steps to reproduce:
1. register some ECDSA/Ed25519 host keys
2. backup .ssh/known_hosts
3. define a new profile in pyhoca-gui selecting "Store SSH host keys
under (unique) X2Go session profile ID"
4. connect to the host and accept the host key
5. run a diff between the old known_hosts file and the current
.ssh/known_hosts file
Expected behaviour:
there should _only_ be an addition for the new ssh host key registered
by python-x2go and no other modification
Actual result:
there is an addition for the new host key registered by python-x2go and
removals for all ecdsa and ed25519 host keys
I suspect this is a problem with paramiko not understanding ECDSA and
Ed25519 keys in known_hosts and summarily discarding them, nevertheless
I'm raising the bug here because the x2go PPA for Ubuntu ships a custom
version of paramiko for precise (also because it should probably be
noted in the release notes and/or worked around in python-x2go if possible).
Client OS Version: Ubuntu 12.04.5 (amd64)
Package source: ppa:x2go/stable
PyHoca-GUI Version: 0.4.0.9 (0.4.0.9-0~1107~ubuntu12.04.1)
python-x2go Version: 0.4.0.9 (0.4.0.9-0~1122~ubuntu12.04.1)
python-paramiko Version: 1.11.0-0~664~precise1 (from ppa:x2go/stable)
The server bits are mostly irrelevant since this is purely a client-side
bug, but it happened with the following server-side configuration:
Server OS Version: Ubuntu 14.04.1 (amd64)
Package source: ppa:x2go/stable
Server x2goserver Version: 4.0.1.15 (4.0.1.15-0~847~ubuntu14.04.1)
Server x2goserver-xsession Version: 4.0.1.15 (4.0.1.15-0~847~ubuntu14.04.1)
Server nx-libs Version: 3.5.0.27 (2:3.5.0.27-0~446~ubuntu14.04.1)
--
Matteo Panella
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#602
; Package python-x2go
.
(Fri, 17 Oct 2014 11:30:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Fri, 17 Oct 2014 11:30:01 GMT) (full text, mbox, link).
Message #10 received at 602@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Matteo,
On Mi 10 Sep 2014 09:45:18 CEST, Matteo Panella wrote:
> Package: python-x2go
> Version: 0.4.0.9
>
> Whenever a host key is registered using pyhoca-cli or pyhoca-gui, the
> $HOME/.ssh/known_hosts file gets clobbered: all keys whose type is not
> either ssh-dss or ssh-rsa (namely, ECDSA and Ed25519 host keys) are removed.
>
> Steps to reproduce:
> 1. register some ECDSA/Ed25519 host keys
> 2. backup .ssh/known_hosts
> 3. define a new profile in pyhoca-gui selecting "Store SSH host keys
> under (unique) X2Go session profile ID"
> 4. connect to the host and accept the host key
> 5. run a diff between the old known_hosts file and the current
> .ssh/known_hosts file
>
> Expected behaviour:
> there should _only_ be an addition for the new ssh host key registered
> by python-x2go and no other modification
>
> Actual result:
> there is an addition for the new host key registered by python-x2go and
> removals for all ecdsa and ed25519 host keys
>
> I suspect this is a problem with paramiko not understanding ECDSA and
> Ed25519 keys in known_hosts and summarily discarding them, nevertheless
> I'm raising the bug here because the x2go PPA for Ubuntu ships a custom
> version of paramiko for precise (also because it should probably be
> noted in the release notes and/or worked around in python-x2go if possible).
>
> Client OS Version: Ubuntu 12.04.5 (amd64)
> Package source: ppa:x2go/stable
> PyHoca-GUI Version: 0.4.0.9 (0.4.0.9-0~1107~ubuntu12.04.1)
> python-x2go Version: 0.4.0.9 (0.4.0.9-0~1122~ubuntu12.04.1)
> python-paramiko Version: 1.11.0-0~664~precise1 (from ppa:x2go/stable)
>
> The server bits are mostly irrelevant since this is purely a client-side
> bug, but it happened with the following server-side configuration:
> Server OS Version: Ubuntu 14.04.1 (amd64)
> Package source: ppa:x2go/stable
> Server x2goserver Version: 4.0.1.15 (4.0.1.15-0~847~ubuntu14.04.1)
> Server x2goserver-xsession Version: 4.0.1.15 (4.0.1.15-0~847~ubuntu14.04.1)
> Server nx-libs Version: 3.5.0.27 (2:3.5.0.27-0~446~ubuntu14.04.1)
This does not happen with python-paramiko 1.15.1 anymore. I will add a
versioned dependency for that paramiko version to our upstream release
python-x2go and then see how to fix our archives.
Thanks for notifying us!
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#602
; Package python-x2go
.
(Fri, 17 Oct 2014 11:35:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Fri, 17 Oct 2014 11:35:02 GMT) (full text, mbox, link).
Message #15 received at 602@bugs.x2go.org (full text, mbox, reply):
tag #602 pending
fixed #602 0.5.0.0
thanks
Hello,
X2Go issue #602 (src:python-x2go) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:
http://code.x2go.org/gitweb?p=python-x2go.git;a=commitdiff;h=d3273c0
The issue will most likely be fixed in src:python-x2go (0.5.0.0).
light+love
X2Go Git Admin (on behalf of the sender of this mail)
---
commit d3273c05d7080b628789750bf2c6ad6205a93abd
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Fri Oct 17 13:31:24 2014 +0200
debian/control / python-x2go.spec: Update D (python-x2go): python-paramiko (>= 1.15.1-0~). Update R for python-x2go: python-paramiko >= 1.15.1. (Fixes: #602).
diff --git a/debian/changelog b/debian/changelog
index 28df526..a36dfdc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -121,10 +121,12 @@ python-x2go (0.5.0.0-0x2go1) UNRELEASED; urgency=low
+ Add dependencies: python-requests, python-simplejson.
+ Add R (python-x2go): sshfs.
+ Add S (python-x2go): telekinesis-client, mteleplayer-clientside.
+ + Update D (python-x2go): python-paramiko (>= 1.15.1-0~). (Fixes: #602).
* python-x2go.spec:
+ Add dependencies: python-requests, python-simplejson.
+ Additionally adapt to building on openSUSE/SLES.
+ Add all python packages under R to BR (for epydoc run).
+ + Update R for python-x2go: python-paramiko >= 1.15.1.
[ Mike DePaulo ]
* New upstream version (0.5.0.0):
Added tag(s) pending.
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to control@bugs.x2go.org
.
(Fri, 17 Oct 2014 11:35:02 GMT) (full text, mbox, link).
Marked as fixed in versions 0.5.0.0.
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to control@bugs.x2go.org
.
(Fri, 17 Oct 2014 11:35:02 GMT) (full text, mbox, link).
Message sent on
to Matteo Panella <m.panella@level28.org>
:
Bug#602.
(Fri, 17 Oct 2014 11:35:03 GMT) (full text, mbox, link).
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#602
; Package python-x2go
.
(Mon, 20 Oct 2014 10:55:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Mon, 20 Oct 2014 10:55:14 GMT) (full text, mbox, link).
Message #27 received at 602@bugs.x2go.org (full text, mbox, reply):
close #602
thanks
Hello,
we are very hopeful that X2Go issue #602 reported by you
has been resolved in the new release (0.5.0.0) of the
X2Go source project »src:python-x2go«.
You can view the complete changelog entry of src:python-x2go (0.5.0.0)
below, and you can use the following link to view all the code changes
between this and the last release of src:python-x2go.
http://code.x2go.org/gitweb?p=python-x2go.git;a=commitdiff;h=3fec411b839b53c0e51a73dd05c7a77dcde800e8;hp=3088eda9bf1494527afecc4b36c56a8caff314d0
If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:python-x2go.
Thanks a lot for contributing to X2Go!!!
light+love
X2Go Git Admin (on behalf of the sender of this mail)
---
X2Go Component: src:python-x2go
Version: 0.5.0.0-0x2go1
Status: RELEASE
Date: Mon, 20 Oct 2014 12:40:34 +0200
Fixes: 334 358 500 508 532 537 588 602
Changes:
python-x2go (0.5.0.0-0x2go1) RELEASED; urgency=low
.
[ Mike Gabriel ]
* New upstream version (0.5.0.0):
- Split up session profile backend into generic and storage specific
parts.
- Fully rework backend concept in Python X2Go. Breaks compatibility
with earlier versions of Python X2Go concerning backends (probably
not really used by third-party products, if at all).
- Fix setting default values in X2GoClientXConfig class.
- Default to xdg-open as default PDF viewer command.
- Provide session profile backend for a http broker.
- Make session profile backends more unicode robust.
- X2GoSessionProfile.get_server_hostname must return unicode objects.
- Speed-optimize session profile ID <-> name mapping.
- Handle injection of PKey (Paramiko SSH key) objects for authentication
from the broker session profiles backend.
- Allow catching "connection refused" errors while talking to an X2Go
Session Broker (X2GoBrokerConnectionException).
- Support cookie based authentication against a http(s) session broker.
- On Windows: Improve debugging when a new X-Server port has to be
allocated.
- Capture broker connection problems during selectsession calls to the
broker via a HOOK method.
- Allow user interaction via a HOOK if broker connection problems occur.
- Handle broker setups that don't require credentials. Connection can
be established simply by leaving the password (and authid) empty.
- Fix detection of matching path names in X2GoIniFiles.
- Make sure X2GoClientXConfig config file really gets written to disk
(after we changed the internas of X2GoIniFile for this new major release).
- Rename hook method HOOK_no_known_xserver_found to
HOOK_no_installed_xservers_found. Call this new hook if no installed
X-Servers could be found on the system.
- Only check running X-Servers that have the same WMI SessionId as the
current X2Go application.
- Session profiles: default value type for exports session profile option
is an empty dictionary.
- Make X2GoClient's constructor aware of non-usable X-Server ports.
- Windows: Fix crash while attempting to find the session window.
- Support SSH proxy autologin feature of X2Go Session Broker.
- Provide Telekinesis support in Python X2Go.
- Stop manipulating session profiles in X2GoSshProxy class. Esp. stop
manipulating session profiles with deprecated session options.
- Type-hardening of X2GoSshProxy class. Accept hosts as list and strings.
If hosts are given as a list, a random list element will be taken as
host (for connecting and for the SSH proxy tunnel setup).
- Type-hardening of X2GoControlSession class's C{connect()} method.
Handle hostnames that come in as lists gracefully.
- Don't construct the sshproxy_tunnel parameter in x2go/utils.py. Leave
that to higher level classes that know more about X2Go internals.
- Add support for a subsystem string when setting up port forwarding
tunnels.
- Use gevent to spawn the TeKi client start-up process (instead of waiting
for it to return).
- Provide support for new session parameter: clipboard. (Fixes: #508).
- Split up NX output and NX errors into two separate files.
- Silent ignore it if we cannot detect the local Xlib.display.Display()
instance (happens with polyinstantiated /tmp dirs).
- Don't start telekinesis client if not support server-side. Don't attempt
at starting telekinesis client, if it is not installed.
- Disallow server-side users to override X2Go Server commands via
~/bin (or similar). (Fixes: #334).
- Handle non-available color depth in X2Go session name gracefully.
(Fixes: #358).
- Make sure that the x2gosuspend-session/x2goterminate-session commands
are sent to the X2Go Server before we take down the NX proxy subprocess.
- Create a "session.window" file in the session directory. This file for now
contains one line "ID:<window-id>". The file appears once a session window
comes up (start/resume), and disappears once the session window closes
(suspend/terminate).
- Only enable Telekinesis client debugging if the logger instance is in
debug mode.
- Performance tests have shown, that enabling SSH compression is not a
good idea. NX should handle that instead (and does).
- Better control the startup bootstrap of the Telekinesis client
subsystem.
- Newly understand our own Paramiko/SSH forwarding tunnel code. Become
aware of handling multiple connects on the same tunnel.
- Rename LICENSE.txt to COPYING.
- Be more exact when detecting the NX proxy window id.
- On non-Windows platforms, enforce usage of the "ares" DNS resolver in
python-gevent (which is available since Python gevent 1.0~). (Fixes:
#588).
- Use Xlib to detect client-side destop geometry.
- For reverse port forwardings use IPv4 localhost address only.
- Assure proper NX Proxy cleanup when sessions suspends/
terminates.
- Assure proper Telekinesis client cleanup when sessions suspends/
terminates.
- Clean up terminal sessions properly when the clean_sessions() method
of the control session has got called.
- Don't use compression on TeKi sshfs mounts.
- Handle duplicate profile names gracefully (i.e. append a " (1)",
" (2)", ... to the session profile name). (Fixes: #500).
- Support server-side Telekinesis versions that ship their own
(teki-)sftpserver.
- Use session_name, not session_info object's __str__() method to obtain
session name (in X2GoTelekinesis).
- Handle socket errors on the reverse port forwarding tunnels more
gracefully.
- Handle sudden control session death during local folder sharing
gracefully.
- Don't choke on non-initialized SSH transport objects when initializing
SFTP client.
- Fix transport lock release in X2GoControlSession._x2go_sftp_put().
- Fix session lock release in various methods of the X2GoSession class.
- Release _share_local_folder_lock on instance X2GoTerminalSession
destruction.
- Detect non-installed sshfs (required for Telekinesis).
- X2GoControlSession: Don't mess with the associated_terminals dict if
the control session has already died away (i.e. been forcefully
disconnect).
- If the listsessions command detects a terminated or suspended session,
we have to destroy the corresponding X2GoTerminalSession() to trigger
a proper cleanup of that instance.
- Fix various hrefs in __doc__ strings.
- Fix creating/renaming/reconfiguring session profiles. Handle host
option properly (as list).
- Make sure we do a deepcopy of the default session profile parameters.
- Detect more exceptions in the requests module when authenticating against a
session broker.
- Only convert the value of the export session profile option if not
already a Python dictionary.
- Capture X2GoControlSessionException occurrences during client-side folder
sharing initializaation while starting/resuming a session.
- X2GoSessionRegistry: Don't report about sessions that have a not yet
fully assigned session name / profile name / profile id.
* debian/control:
+ Add dependencies: python-requests, python-simplejson.
+ Add R (python-x2go): sshfs.
+ Add S (python-x2go): telekinesis-client, mteleplayer-clientside.
+ Update D (python-x2go): python-paramiko (>= 1.15.1-0~). (Fixes: #602).
* python-x2go.spec:
+ Add dependencies: python-requests, python-simplejson.
+ Additionally adapt to building on openSUSE/SLES.
+ Add all python packages under R to BR (for epydoc run).
+ Update R for python-x2go: python-paramiko >= 1.15.1.
.
[ Mike DePaulo ]
* New upstream version (0.5.0.0):
- Windows: Fix compatibility with PulseAudio 3.0 & later (Fixes: #532)
- Windows: Prevent high PulseAudio CPU usage on Windows XP by lowering
PulseAudio's CPU priority from "high" to "normal" on XP specifically.
Also do so on Windows Server 2003 (R2) (Fixes: #537)
Marked Bug as done
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to control@bugs.x2go.org
.
(Mon, 20 Oct 2014 10:55:18 GMT) (full text, mbox, link).
Notification sent
to Matteo Panella <m.panella@level28.org>
:
Bug acknowledged by developer.
(Mon, 20 Oct 2014 10:55:18 GMT) (full text, mbox, link).
Message sent on
to Matteo Panella <m.panella@level28.org>
:
Bug#602.
(Mon, 20 Oct 2014 10:55:34 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.x2go.org>
to internal_control@bugs.x2go.org
.
(Tue, 18 Nov 2014 06:24:01 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
X2Go Developers <owner@bugs.x2go.org>.
Last modified:
Tue Nov 12 05:47:59 2024;
Machine Name:
ymir.das-netzwerkteam.de
X2Go Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.