X2Go Bug report logs - #602
X2GoSession clobbers .ssh/known_hosts when add_to_known_hosts is set

version graph

Package: python-x2go; Maintainer for python-x2go is X2Go Developers <x2go-dev@lists.x2go.org>; Source for python-x2go is src:python-x2go.

Reported by: Matteo Panella <m.panella@level28.org>

Date: Wed, 10 Sep 2014 07:55:01 UTC

Severity: normal

Tags: pending

Found in version

Fixed in version

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

Received: (at submit) by bugs.x2go.org; 10 Sep 2014 07:53:09 +0000
From m.panella@level28.org  Wed Sep 10 09:53:07 2014
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,SPF_HELO_PASS,
	T_DKIM_INVALID autolearn=ham version=3.3.2
X-Greylist: delayed 466 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Wed, 10 Sep 2014 09:53:07 CEST
Received: from tassadar.level28.org (tassadar.level28.org [])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 954365DEAB
	for <submit@bugs.x2go.org>; Wed, 10 Sep 2014 09:53:07 +0200 (CEST)
Received: from [] (host22-22-static.52-88-b.business.telecomitalia.it [])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by tassadar.level28.org (Postfix) with ESMTPSA id 371252F2141
	for <submit@bugs.x2go.org>; Wed, 10 Sep 2014 09:45:18 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=level28.org;
	s=default; t=1410335118;
Message-ID: <5410018E.3070803@level28.org>
Date: Wed, 10 Sep 2014 09:45:18 +0200
From: Matteo Panella <m.panella@level28.org>
MIME-Version: 1.0
To: submit@bugs.x2go.org
Subject: X2GoSession clobbers .ssh/known_hosts when add_to_known_hosts is
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Package: python-x2go

Whenever a host key is registered using pyhoca-cli or pyhoca-gui, the
$HOME/.ssh/known_hosts file gets clobbered: all keys whose type is not
either ssh-dss or ssh-rsa (namely, ECDSA and Ed25519 host keys) are removed.

Steps to reproduce:
1. register some ECDSA/Ed25519 host keys
2. backup .ssh/known_hosts
3. define a new profile in pyhoca-gui selecting "Store SSH host keys
under (unique) X2Go session profile ID"
4. connect to the host and accept the host key
5. run a diff between the old known_hosts file and the current
.ssh/known_hosts file

Expected behaviour:
there should _only_ be an addition for the new ssh host key registered
by python-x2go and no other modification

Actual result:
there is an addition for the new host key registered by python-x2go and
removals for all ecdsa and ed25519 host keys

I suspect this is a problem with paramiko not understanding ECDSA and
Ed25519 keys in known_hosts and summarily discarding them, nevertheless
I'm raising the bug here because the x2go PPA for Ubuntu ships a custom
version of paramiko for precise (also because it should probably be
noted in the release notes and/or worked around in python-x2go if possible).

Client OS Version: Ubuntu 12.04.5 (amd64)
Package source: ppa:x2go/stable
PyHoca-GUI Version: (
python-x2go Version: (
python-paramiko Version: 1.11.0-0~664~precise1 (from ppa:x2go/stable)

The server bits are mostly irrelevant since this is purely a client-side
bug, but it happened with the following server-side configuration:
Server OS Version: Ubuntu 14.04.1 (amd64)
Package source: ppa:x2go/stable
Server x2goserver Version: (
Server x2goserver-xsession Version: (
Server nx-libs Version: (2:
Matteo Panella

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Mon Sep 25 10:25:17 2023; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.