From unknown Mon Apr 27 20:23:53 2026
X-Loop: git-admin@x2go.org
Subject: Bug#68: X2goclient & OTP
Reply-To: Pascal Vibet - ADACIS <pvibet@gmail.com>, 68@bugs.x2go.org
Resent-From: Pascal Vibet - ADACIS <pvibet@gmail.com>
Resent-To: x2go-dev@lists.berlios.de
Resent-CC: X2Go Developers <x2go-dev@lists.berlios.de>
X-Loop: git-admin@x2go.org
Resent-Date: Sat, 01 Dec 2012 12:48:01 +0000
Resent-Message-ID: <handler.68.B.135436565611508@bugs.x2go.org>
Resent-Sender: git-admin@x2go.org
X-X2Go-PR-Message: report 68
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: 
Received: via spool by submit@bugs.x2go.org id=B.135436565611508
          (code B); Sat, 01 Dec 2012 12:48:01 +0000
Received: (at submit) by bugs.x2go.org; 1 Dec 2012 12:40:56 +0000
Received: from mail-ie0-f181.google.com (mail-ie0-f181.google.com [209.85.223.181])
	by ymir (Postfix) with ESMTPS id 3F2245DB16
	for <submit@bugs.x2go.org>; Sat,  1 Dec 2012 13:40:56 +0100 (CET)
Received: by mail-ie0-f181.google.com with SMTP id 16so2142568iea.12
        for <submit@bugs.x2go.org>; Sat, 01 Dec 2012 04:40:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=XkAi0iLhN9q5TMmv+IuevKoa6Ji5c0BqPuQ23xzRnkQ=;
        b=HNDydQUgGlqC0ab+qIPo/sJP8yV1WrIOl0knUHTHo5Uh4VNrCVtePq0YBKHH5sQEqf
         GOlngBryuQWc/Y8sFPUuYBPIxl1ll0xSu5gIStTt3O6ZR8q4BfjaZa0DIh+Q0zbctb/7
         HnnLjji8hUUYE4KULq/jTmmcoElvsp6Zr7HujjVxL3xOr5tYsRJAt5czmcJlsoL2Gg/W
         6fdoMbNCLiiOrIfVhn4P/KGm7qTLsGRZ2IlSihyB0CC1ze13sv0cg6srfAIjHJMKhgos
         T7d+XM3Ub8HXwv4bGLtQ1wltD3kkpysJRl0eLvt3b5db4okMMvnOi2WKMgdO8dbIneqz
         zU9A==
MIME-Version: 1.0
Received: by 10.50.41.165 with SMTP id g5mr1213581igl.66.1354365654065; Sat,
 01 Dec 2012 04:40:54 -0800 (PST)
Received: by 10.64.0.81 with HTTP; Sat, 1 Dec 2012 04:40:53 -0800 (PST)
Date: Sat, 1 Dec 2012 13:40:53 +0100
Message-ID: <CAPTrY-n1knNngCpSCRbm-jn7Bjq_48Svnd-ZNu4w1BUdcvDWYQ@mail.gmail.com>
From: Pascal Vibet - ADACIS <pvibet@gmail.com>
To: submit@bugs.x2go.org
Content-Type: multipart/alternative; boundary=14dae9340f6fb4e33604cfc9d32d

--14dae9340f6fb4e33604cfc9d32d
Content-Type: text/plain; charset=UTF-8

Package: x2goclient
Version: lucid - precise: amd64/i386 (ppa.launchpad), precise 3.99.0.5-1:
amd64/i386

I should use OTM authentification (One Time Password) like google
authentificator on my X2go server but it's impossible to mount shared
folder and/or local printer.

If i don't use OTP, i can see x2goclient connect twice to my server. First
time to login and second time, to shared folder and/or local printer
Dec  1 10:33:22 my_serveur sshd[22271]: Accepted password for pascal from
AAA.BBB.CCC.DDD port 36053 ssh2
Dec  1 10:33:22 my_serveur sshd[22271]: pam_unix(sshd:session): session
opened for user pascal by (uid=0)
Dec  1 10:33:36 my_serveur sshd[22707]: Accepted password for pascal from
AAA.BBB.CCC.DDD port 36057 ssh2
Dec  1 10:33:36 my_serveur sshd[22707]: pam_unix(sshd:session): session
opened for user pascal by (uid=0)

I i use OTP, password is valide one time. So, i can login on x2goserver but
i can not reuse the same password to shared folder:
Dec  1 10:37:26 my_serveur sshd[28415]: Accepted password for pascal from
AAA.BBB.CCC.DDD port 36062 ssh2
Dec  1 10:37:26 my_serveur sshd[28415]: pam_unix(sshd:session): session
opened for user pascal by (uid=0)
Dec  1 10:37:36 my_serveur sshd(pam_google_authenticator)[28839]: Trying to
reuse a previously used time-based code. Retry again in 30 seconds.
Warning! This might mean, you are currently subject to a man-in-the-middle
attack.
Dec  1 10:37:36 my_serveur sshd(pam_google_authenticator)[28839]: Invalid
verification code
Dec  1 10:37:36 my_serveur sshd[28839]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=toto.tata.titi.fr
user=pascal
Dec  1 10:37:39 my_serveur sshd[28839]: Failed password for pascal from
AAA.BBB.CCC.DDD port 36067 ssh2
Dec  1 10:37:39 my_serveur sshd[28839]: Received disconnect from
AAA.BBB.CCC.DDD: Bye Bye [preauth]

If X2goclient use multiplex ssh client option:
Host *
    ControlMaster auto
    ControlPath ~/.ssh/%r@%h:%p
First connection use password and create SSH socket file.
The second connection reuse first one and it can connect whithout
authentification.

In my test, X2goclient don't use some ssh client option.

Regards

Pascal Vibet

--14dae9340f6fb4e33604cfc9d32d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div>Package: x2goclient</div><div>Version: lucid - precise: amd64/i386 (pp=
a.launchpad), precise 3.99.0.5-1: amd64/i386</div><div><br></div><div>I sho=
uld use OTM authentification (One Time Password) like google authentificato=
r on my X2go server but it&#39;s impossible to mount shared folder and/or l=
ocal printer.</div>
<div><br></div><div>If i don&#39;t use OTP, i can see x2goclient connect tw=
ice to my server. First time to login and second time, to shared folder and=
/or local printer</div><div>Dec =C2=A01 10:33:22 my_serveur sshd[22271]: Ac=
cepted password for pascal from AAA.BBB.CCC.DDD port 36053 ssh2</div>
<div>Dec =C2=A01 10:33:22 my_serveur sshd[22271]: pam_unix(sshd:session): s=
ession opened for user pascal by (uid=3D0)</div><div>Dec =C2=A01 10:33:36 m=
y_serveur sshd[22707]: Accepted password for pascal from AAA.BBB.CCC.DDD po=
rt 36057 ssh2</div>
<div>Dec =C2=A01 10:33:36 my_serveur sshd[22707]: pam_unix(sshd:session): s=
ession opened for user pascal by (uid=3D0)</div><div><br></div><div>I i use=
 OTP, password is valide one time. So, i can login on x2goserver but i can =
not reuse the same password to shared folder:</div>
<div>Dec =C2=A01 10:37:26 my_serveur sshd[28415]: Accepted password for pas=
cal from AAA.BBB.CCC.DDD port 36062 ssh2</div><div>Dec =C2=A01 10:37:26 my_=
serveur sshd[28415]: pam_unix(sshd:session): session opened for user pascal=
 by (uid=3D0)</div>
<div>Dec =C2=A01 10:37:36 my_serveur sshd(pam_google_authenticator)[28839]:=
 Trying to reuse a previously used time-based code. Retry again in 30 secon=
ds. Warning! This might mean, you are currently subject to a man-in-the-mid=
dle attack.</div>
<div>Dec =C2=A01 10:37:36 my_serveur sshd(pam_google_authenticator)[28839]:=
 Invalid verification code</div><div>Dec =C2=A01 10:37:36 my_serveur sshd[2=
8839]: pam_unix(sshd:auth): authentication failure; logname=3D uid=3D0 euid=
=3D0 tty=3Dssh ruser=3D rhost=3D<a href=3D"http://toto.tata.titi.fr">toto.t=
ata.titi.fr</a> =C2=A0user=3Dpascal</div>
<div>Dec =C2=A01 10:37:39 my_serveur sshd[28839]: Failed password for pasca=
l from AAA.BBB.CCC.DDD port 36067 ssh2</div><div>Dec =C2=A01 10:37:39 my_se=
rveur sshd[28839]: Received disconnect from AAA.BBB.CCC.DDD: Bye Bye [preau=
th]</div>
<div><br></div><div id=3D"">If X2goclient use multiplex ssh client option:<=
/div><div>Host *</div><div>=C2=A0 =C2=A0 ControlMaster auto</div><div>=C2=
=A0 =C2=A0 ControlPath ~/.ssh/%r@%h:%p</div><div id=3D"">First connection u=
se password and create SSH socket file.=C2=A0</div>
<div id=3D"aeaoofnhgocdbnbeljkmbjdmhbcokfdb-mousedown">The second connectio=
n reuse first one and it can connect whithout authentification.</div><div i=
d=3D"aeaoofnhgocdbnbeljkmbjdmhbcokfdb-mousedown"><br></div><div>In my test,=
 X2goclient don&#39;t use some ssh client option.</div>
<div id=3D""><br></div><div id=3D"">Regards</div><div><br></div><div>Pascal=
 Vibet</div>

--14dae9340f6fb4e33604cfc9d32d--