From unknown Mon Apr 27 20:24:46 2026 MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#68 closed by Mike Gabriel (Google Authenticator feature added in X2Go Client 4.0.2.0) Message-ID: References: <20140607132731.Horde.tB-igSVZcXMCaYl1ponjNg7@mail.das-netzwerkteam.de> X-X2go-PR-Message: they-closed 68 X-X2go-PR-Package: x2goclient X-X2go-PR-Source: x2goclient Date: Sat, 07 Jun 2014 13:30:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1402147802-16136-0" This is a multi-part message in MIME format... ------------=_1402147802-16136-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the x2goclient package: #68: X2goclient & OTP It has been closed by Mike Gabriel . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Mike Gabriel by replying to this email. --=20 68: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=3D68 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1402147802-16136-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 68) by bugs.x2go.org; 7 Jun 2014 13:27:32 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 12C3C5DB24 for <68@bugs.x2go.org>; Sat, 7 Jun 2014 15:27:32 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id C5088DC9 for <68@bugs.x2go.org>; Sat, 7 Jun 2014 15:27:31 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id B639B3BB4C for <68@bugs.x2go.org>; Sat, 7 Jun 2014 15:27:31 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g+AbPpeHCUNx for <68@bugs.x2go.org>; Sat, 7 Jun 2014 15:27:31 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 8B96D3BA44 for <68@bugs.x2go.org>; Sat, 7 Jun 2014 15:27:31 +0200 (CEST) Received: from p5B284403.dip0.t-ipconnect.de (p5B284403.dip0.t-ipconnect.de [91.40.68.3]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Sat, 07 Jun 2014 13:27:31 +0000 Date: Sat, 07 Jun 2014 13:27:31 +0000 Message-ID: <20140607132731.Horde.tB-igSVZcXMCaYl1ponjNg7@mail.das-netzwerkteam.de> From: Mike Gabriel To: 68@bugs.x2go.org Subject: Google Authenticator feature added in X2Go Client 4.0.2.0 User-Agent: Internet Messaging Program (IMP) H5 (6.1.7) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 91.40.68.3 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 Iceweasel/29.0.1 Content-Type: multipart/signed; boundary="=_0YW1gEI55C165g738dWOFA1"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_0YW1gEI55C165g738dWOFA1 Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Control: close -1 Hi Pascal, the GA OTP support has been added since X2Go Client 4.0.2.0. It also=20=20 supports=20client-side folder sharing and printing for GA authenticated=20= =20 sessions. Greets, Mike --=20 DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_0YW1gEI55C165g738dWOFA1 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJTkxNDAAoJEJr0azAldxsxoqkP/1hLOUwjYHWMSq4rGXMzlugu Rot/aDVv75flj0mYx561UgjDtZX8QoeVa8L5gGfL5L9Zd3UyD698GV8B6tHxGjnl 7383WAf/CQDrmYNimJlCi3A8ElycRlWjJ3vtErt9237BbrK8rEbUYrvCQK3Ylfwf ACx91F1QIbXTeorwNY1qA4jTOGubsof/qYa8pkNjSKTq3FXPvDAeBQbTQa+zy8lk 64+8yXdQ8jaAxRCcDnVt++0UbNECwM+4Z5vEnbKF0paHepUduZqw7iZpzZKJWbnf 3vMelleX3h0/5zbSrE76DjR2L4l4tE+HneSPcDXnC4ORATOVssqBC/6M1azN+VmO 67cmKaDLW9rDd+4oHRU3EeKCudptsFEkb7LnDYPrissLIgwpGNL+RXB5bClYat9o VX/JNz3rcVDH8uDj9Sxz7mwsx7ZEFmQ6fSXAVEMTwCqpSmwuNLZddjNzbCWWco7q LBnm2Gyw600sHtg3xuLjf+gViogRQKYL6WZ4LC6FQ97yCnSgrKfNI+KpW3d2gf/n 88O4tijO9vYarFxvXGhQXS7BJGOJDDTi8sMF/ZstYud9S3rsac+6PeMhw/HoSTB2 rwCenQdL5d3m+y1Z+N7Xj1ahxqhBXT2yqqj5Oat255Kv18AAcwrWieJGLJ+QOjdX REixTo+eYtGMYDQMKVQE =agXP -----END PGP SIGNATURE----- --=_0YW1gEI55C165g738dWOFA1-- ------------=_1402147802-16136-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 1 Dec 2012 12:40:56 +0000 Received: from mail-ie0-f181.google.com (mail-ie0-f181.google.com [209.85.223.181]) by ymir (Postfix) with ESMTPS id 3F2245DB16 for ; Sat, 1 Dec 2012 13:40:56 +0100 (CET) Received: by mail-ie0-f181.google.com with SMTP id 16so2142568iea.12 for ; Sat, 01 Dec 2012 04:40:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=XkAi0iLhN9q5TMmv+IuevKoa6Ji5c0BqPuQ23xzRnkQ=; b=HNDydQUgGlqC0ab+qIPo/sJP8yV1WrIOl0knUHTHo5Uh4VNrCVtePq0YBKHH5sQEqf GOlngBryuQWc/Y8sFPUuYBPIxl1ll0xSu5gIStTt3O6ZR8q4BfjaZa0DIh+Q0zbctb/7 HnnLjji8hUUYE4KULq/jTmmcoElvsp6Zr7HujjVxL3xOr5tYsRJAt5czmcJlsoL2Gg/W 6fdoMbNCLiiOrIfVhn4P/KGm7qTLsGRZ2IlSihyB0CC1ze13sv0cg6srfAIjHJMKhgos T7d+XM3Ub8HXwv4bGLtQ1wltD3kkpysJRl0eLvt3b5db4okMMvnOi2WKMgdO8dbIneqz zU9A== MIME-Version: 1.0 Received: by 10.50.41.165 with SMTP id g5mr1213581igl.66.1354365654065; Sat, 01 Dec 2012 04:40:54 -0800 (PST) Received: by 10.64.0.81 with HTTP; Sat, 1 Dec 2012 04:40:53 -0800 (PST) Date: Sat, 1 Dec 2012 13:40:53 +0100 Message-ID: Subject: X2goclient & OTP From: Pascal Vibet - ADACIS To: submit@bugs.x2go.org Content-Type: multipart/alternative; boundary=14dae9340f6fb4e33604cfc9d32d --14dae9340f6fb4e33604cfc9d32d Content-Type: text/plain; charset=UTF-8 Package: x2goclient Version: lucid - precise: amd64/i386 (ppa.launchpad), precise 3.99.0.5-1: amd64/i386 I should use OTM authentification (One Time Password) like google authentificator on my X2go server but it's impossible to mount shared folder and/or local printer. If i don't use OTP, i can see x2goclient connect twice to my server. First time to login and second time, to shared folder and/or local printer Dec 1 10:33:22 my_serveur sshd[22271]: Accepted password for pascal from AAA.BBB.CCC.DDD port 36053 ssh2 Dec 1 10:33:22 my_serveur sshd[22271]: pam_unix(sshd:session): session opened for user pascal by (uid=0) Dec 1 10:33:36 my_serveur sshd[22707]: Accepted password for pascal from AAA.BBB.CCC.DDD port 36057 ssh2 Dec 1 10:33:36 my_serveur sshd[22707]: pam_unix(sshd:session): session opened for user pascal by (uid=0) I i use OTP, password is valide one time. So, i can login on x2goserver but i can not reuse the same password to shared folder: Dec 1 10:37:26 my_serveur sshd[28415]: Accepted password for pascal from AAA.BBB.CCC.DDD port 36062 ssh2 Dec 1 10:37:26 my_serveur sshd[28415]: pam_unix(sshd:session): session opened for user pascal by (uid=0) Dec 1 10:37:36 my_serveur sshd(pam_google_authenticator)[28839]: Trying to reuse a previously used time-based code. Retry again in 30 seconds. Warning! This might mean, you are currently subject to a man-in-the-middle attack. Dec 1 10:37:36 my_serveur sshd(pam_google_authenticator)[28839]: Invalid verification code Dec 1 10:37:36 my_serveur sshd[28839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=toto.tata.titi.fr user=pascal Dec 1 10:37:39 my_serveur sshd[28839]: Failed password for pascal from AAA.BBB.CCC.DDD port 36067 ssh2 Dec 1 10:37:39 my_serveur sshd[28839]: Received disconnect from AAA.BBB.CCC.DDD: Bye Bye [preauth] If X2goclient use multiplex ssh client option: Host * ControlMaster auto ControlPath ~/.ssh/%r@%h:%p First connection use password and create SSH socket file. The second connection reuse first one and it can connect whithout authentification. In my test, X2goclient don't use some ssh client option. Regards Pascal Vibet --14dae9340f6fb4e33604cfc9d32d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Package: x2goclient
Version: lucid - precise: amd64/i386 (pp= a.launchpad), precise 3.99.0.5-1: amd64/i386

I sho= uld use OTM authentification (One Time Password) like google authentificato= r on my X2go server but it's impossible to mount shared folder and/or l= ocal printer.

If i don't use OTP, i can see x2goclient connect tw= ice to my server. First time to login and second time, to shared folder and= /or local printer
Dec =C2=A01 10:33:22 my_serveur sshd[22271]: Ac= cepted password for pascal from AAA.BBB.CCC.DDD port 36053 ssh2
Dec =C2=A01 10:33:22 my_serveur sshd[22271]: pam_unix(sshd:session): s= ession opened for user pascal by (uid=3D0)
Dec =C2=A01 10:33:36 m= y_serveur sshd[22707]: Accepted password for pascal from AAA.BBB.CCC.DDD po= rt 36057 ssh2
Dec =C2=A01 10:33:36 my_serveur sshd[22707]: pam_unix(sshd:session): s= ession opened for user pascal by (uid=3D0)

I i use= OTP, password is valide one time. So, i can login on x2goserver but i can = not reuse the same password to shared folder:
Dec =C2=A01 10:37:26 my_serveur sshd[28415]: Accepted password for pas= cal from AAA.BBB.CCC.DDD port 36062 ssh2
Dec =C2=A01 10:37:26 my_= serveur sshd[28415]: pam_unix(sshd:session): session opened for user pascal= by (uid=3D0)
Dec =C2=A01 10:37:36 my_serveur sshd(pam_google_authenticator)[28839]:= Trying to reuse a previously used time-based code. Retry again in 30 secon= ds. Warning! This might mean, you are currently subject to a man-in-the-mid= dle attack.
Dec =C2=A01 10:37:36 my_serveur sshd(pam_google_authenticator)[28839]:= Invalid verification code
Dec =C2=A01 10:37:36 my_serveur sshd[2= 8839]: pam_unix(sshd:auth): authentication failure; logname=3D uid=3D0 euid= =3D0 tty=3Dssh ruser=3D rhost=3Dtoto.t= ata.titi.fr =C2=A0user=3Dpascal
Dec =C2=A01 10:37:39 my_serveur sshd[28839]: Failed password for pasca= l from AAA.BBB.CCC.DDD port 36067 ssh2
Dec =C2=A01 10:37:39 my_se= rveur sshd[28839]: Received disconnect from AAA.BBB.CCC.DDD: Bye Bye [preau= th]

If X2goclient use multiplex ssh client option:<= /div>
Host *
=C2=A0 =C2=A0 ControlMaster auto
=C2= =A0 =C2=A0 ControlPath ~/.ssh/%r@%h:%p
First connection u= se password and create SSH socket file.=C2=A0
The second connectio= n reuse first one and it can connect whithout authentification.

In my test,= X2goclient don't use some ssh client option.

Regards

Pascal= Vibet
--14dae9340f6fb4e33604cfc9d32d-- ------------=_1402147802-16136-0--