X2Go Bug report logs - #602
X2GoSession clobbers .ssh/known_hosts when add_to_known_hosts is set

version graph

Package: python-x2go; Maintainer for python-x2go is X2Go Developers <x2go-dev@lists.x2go.org>; Source for python-x2go is src:python-x2go.

Reported by: Matteo Panella <m.panella@level28.org>

Date: Wed, 10 Sep 2014 07:55:01 UTC

Severity: normal

Tags: pending

Found in version

Fixed in version

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#602: X2GoSession clobbers .ssh/known_hosts when add_to_known_hosts is set
Reply-To: Matteo Panella <m.panella@level28.org>, 602@bugs.x2go.org
Resent-From: Matteo Panella <m.panella@level28.org>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Wed, 10 Sep 2014 07:55:01 +0000
Resent-Message-ID: <handler.602.B.141033558916107@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 602
X-X2Go-PR-Package: python-x2go
Received: via spool by submit@bugs.x2go.org id=B.141033558916107
          (code B); Wed, 10 Sep 2014 07:55:01 +0000
Received: (at submit) by bugs.x2go.org; 10 Sep 2014 07:53:09 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,SPF_HELO_PASS,
	T_DKIM_INVALID autolearn=ham version=3.3.2
X-Greylist: delayed 466 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Wed, 10 Sep 2014 09:53:07 CEST
Received: from tassadar.level28.org (tassadar.level28.org [])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 954365DEAB
	for <submit@bugs.x2go.org>; Wed, 10 Sep 2014 09:53:07 +0200 (CEST)
Received: from [] (host22-22-static.52-88-b.business.telecomitalia.it [])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by tassadar.level28.org (Postfix) with ESMTPSA id 371252F2141
	for <submit@bugs.x2go.org>; Wed, 10 Sep 2014 09:45:18 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=level28.org;
	s=default; t=1410335118;
Message-ID: <5410018E.3070803@level28.org>
Date: Wed, 10 Sep 2014 09:45:18 +0200
From: Matteo Panella <m.panella@level28.org>
MIME-Version: 1.0
To: submit@bugs.x2go.org
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Package: python-x2go

Whenever a host key is registered using pyhoca-cli or pyhoca-gui, the
$HOME/.ssh/known_hosts file gets clobbered: all keys whose type is not
either ssh-dss or ssh-rsa (namely, ECDSA and Ed25519 host keys) are removed.

Steps to reproduce:
1. register some ECDSA/Ed25519 host keys
2. backup .ssh/known_hosts
3. define a new profile in pyhoca-gui selecting "Store SSH host keys
under (unique) X2Go session profile ID"
4. connect to the host and accept the host key
5. run a diff between the old known_hosts file and the current
.ssh/known_hosts file

Expected behaviour:
there should _only_ be an addition for the new ssh host key registered
by python-x2go and no other modification

Actual result:
there is an addition for the new host key registered by python-x2go and
removals for all ecdsa and ed25519 host keys

I suspect this is a problem with paramiko not understanding ECDSA and
Ed25519 keys in known_hosts and summarily discarding them, nevertheless
I'm raising the bug here because the x2go PPA for Ubuntu ships a custom
version of paramiko for precise (also because it should probably be
noted in the release notes and/or worked around in python-x2go if possible).

Client OS Version: Ubuntu 12.04.5 (amd64)
Package source: ppa:x2go/stable
PyHoca-GUI Version: (
python-x2go Version: (
python-paramiko Version: 1.11.0-0~664~precise1 (from ppa:x2go/stable)

The server bits are mostly irrelevant since this is purely a client-side
bug, but it happened with the following server-side configuration:
Server OS Version: Ubuntu 14.04.1 (amd64)
Package source: ppa:x2go/stable
Server x2goserver Version: (
Server x2goserver-xsession Version: (
Server nx-libs Version: (2:
Matteo Panella

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Mon Sep 25 09:22:50 2023; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.