From mike.gabriel@das-netzwerkteam.de Fri Oct 17 13:28:15 2014 Received: (at 602) by bugs.x2go.org; 17 Oct 2014 11:28:16 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 7042B5E0B9 for <602@bugs.x2go.org>; Fri, 17 Oct 2014 13:28:15 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id EB1F5D70; Fri, 17 Oct 2014 13:28:14 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id DC0063BB6E; Fri, 17 Oct 2014 13:28:14 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id puujkaEQaRUT; Fri, 17 Oct 2014 13:28:14 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id A8E913B92E; Fri, 17 Oct 2014 13:28:14 +0200 (CEST) Received: from m-094.informatik.uni-kiel.de (m-094.informatik.uni-kiel.de [134.245.254.94]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 17 Oct 2014 11:28:14 +0000 Date: Fri, 17 Oct 2014 11:28:14 +0000 Message-ID: <20141017112814.Horde.zPkyTl3ZNN32TX77gOz-Sg7@mail.das-netzwerkteam.de> From: Mike Gabriel To: Matteo Panella , 602@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#602: X2GoSession clobbers .ssh/known_hosts when add_to_known_hosts is set In-Reply-To: <5410018E.3070803@level28.org> User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 134.245.254.94 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_TxCGFECNYR4BKyGwcg8RXQ1"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_TxCGFECNYR4BKyGwcg8RXQ1 Content-Type: text/plain; charset=us-ascii; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Matteo, On Mi 10 Sep 2014 09:45:18 CEST, Matteo Panella wrote: > Package: python-x2go > Version: 0.4.0.9 > > Whenever a host key is registered using pyhoca-cli or pyhoca-gui, the > $HOME/.ssh/known_hosts file gets clobbered: all keys whose type is not > either ssh-dss or ssh-rsa (namely, ECDSA and Ed25519 host keys) are remov= ed. > > Steps to reproduce: > 1. register some ECDSA/Ed25519 host keys > 2. backup .ssh/known_hosts > 3. define a new profile in pyhoca-gui selecting "Store SSH host keys > under (unique) X2Go session profile ID" > 4. connect to the host and accept the host key > 5. run a diff between the old known_hosts file and the current > .ssh/known_hosts file > > Expected behaviour: > there should _only_ be an addition for the new ssh host key registered > by python-x2go and no other modification > > Actual result: > there is an addition for the new host key registered by python-x2go and > removals for all ecdsa and ed25519 host keys > > I suspect this is a problem with paramiko not understanding ECDSA and > Ed25519 keys in known_hosts and summarily discarding them, nevertheless > I'm raising the bug here because the x2go PPA for Ubuntu ships a custom > version of paramiko for precise (also because it should probably be > noted in the release notes and/or worked around in python-x2go if possibl= e). > > Client OS Version: Ubuntu 12.04.5 (amd64) > Package source: ppa:x2go/stable > PyHoca-GUI Version: 0.4.0.9 (0.4.0.9-0~1107~ubuntu12.04.1) > python-x2go Version: 0.4.0.9 (0.4.0.9-0~1122~ubuntu12.04.1) > python-paramiko Version: 1.11.0-0~664~precise1 (from ppa:x2go/stable) > > The server bits are mostly irrelevant since this is purely a client-side > bug, but it happened with the following server-side configuration: > Server OS Version: Ubuntu 14.04.1 (amd64) > Package source: ppa:x2go/stable > Server x2goserver Version: 4.0.1.15 (4.0.1.15-0~847~ubuntu14.04.1) > Server x2goserver-xsession Version: 4.0.1.15 (4.0.1.15-0~847~ubuntu14.04.= 1) > Server nx-libs Version: 3.5.0.27 (2:3.5.0.27-0~446~ubuntu14.04.1) This does not happen with python-paramiko 1.15.1 anymore. I will add a=20= =20 versioned=20dependency for that paramiko version to our upstream release=20= =20 python-x2go=20and then see how to fix our archives. Thanks for notifying us! Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_TxCGFECNYR4BKyGwcg8RXQ1 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJUQP1OAAoJEJr0azAldxsxxfQQAIEdxJC9v010qoCZc9tEnWU/ Bt5dnEgXAYkpnvMClIeQKUxH6VS52DuxMoCxdN7H1NF+h3lRG8lZxHSkj6zdUlFL G7Va4AeZjyN58KnitAdTMMqpD5+XwESK02AdiUIYJg12dMzVDNGfejsJMicIy17X JI13W/xfyGzlnAxnqiTq4GwkydFtm2Gq3ixn1bwlx1SaK/VppxVMEACe95WUc60D 8vDhSt6R4KrRoBfFIxyDNZyuWl9rgpk+PfhibyRH0ClRyQi2AOHWwrJUAopt2sW1 r2ePT/gfw5u78rEH0IY8CUzORwpiGgvs9Zdv+oD7sLXWRN3Gtlty5gX6SABJGw9I ATLNF3dNMorGx/Azz4vmpszI8AKUprPNy3uqM1CeXLN2QFbSkbL87EJ8/2aReGeR mr9w124LjcAbaOx22Ds0r/kxo1LJzIOycv9Pnj30kPveXT9pZXXR9eVTYU2ScCib eYfiA/QXvDzaJzD0tccMSpbk4hqP/A/qdhS54WOo4oz6LEmISqHU6otwOwOj+vXD 9CBlVQzCyVHpmLlkYAxDw9w0mc2WGCEuTbHb/YcQ2mzkOBgKW8AQ9knvSXGt28eI G1WGHatXGSFbN1UpLPZPz/d+rq22/eC201xgXFsxhPT1QFYo10DkAJGzzLX4fW1P tj4xYLp1LXFXPdXA8+4j =RqR0 -----END PGP SIGNATURE----- --=_TxCGFECNYR4BKyGwcg8RXQ1--