X2Go Bug report logs - #68
X2goclient & OTP

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Pascal Vibet - ADACIS <pvibet@gmail.com>

Date: Sat, 1 Dec 2012 12:48:01 UTC

Severity: normal

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

Received: (at submit) by bugs.x2go.org; 1 Dec 2012 12:40:56 +0000
From pvibet@gmail.com  Sat Dec  1 13:40:56 2012
Received: from mail-ie0-f181.google.com (mail-ie0-f181.google.com [209.85.223.181])
	by ymir (Postfix) with ESMTPS id 3F2245DB16
	for <submit@bugs.x2go.org>; Sat,  1 Dec 2012 13:40:56 +0100 (CET)
Received: by mail-ie0-f181.google.com with SMTP id 16so2142568iea.12
        for <submit@bugs.x2go.org>; Sat, 01 Dec 2012 04:40:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=XkAi0iLhN9q5TMmv+IuevKoa6Ji5c0BqPuQ23xzRnkQ=;
        b=HNDydQUgGlqC0ab+qIPo/sJP8yV1WrIOl0knUHTHo5Uh4VNrCVtePq0YBKHH5sQEqf
         GOlngBryuQWc/Y8sFPUuYBPIxl1ll0xSu5gIStTt3O6ZR8q4BfjaZa0DIh+Q0zbctb/7
         HnnLjji8hUUYE4KULq/jTmmcoElvsp6Zr7HujjVxL3xOr5tYsRJAt5czmcJlsoL2Gg/W
         6fdoMbNCLiiOrIfVhn4P/KGm7qTLsGRZ2IlSihyB0CC1ze13sv0cg6srfAIjHJMKhgos
         T7d+XM3Ub8HXwv4bGLtQ1wltD3kkpysJRl0eLvt3b5db4okMMvnOi2WKMgdO8dbIneqz
         zU9A==
MIME-Version: 1.0
Received: by 10.50.41.165 with SMTP id g5mr1213581igl.66.1354365654065; Sat,
 01 Dec 2012 04:40:54 -0800 (PST)
Received: by 10.64.0.81 with HTTP; Sat, 1 Dec 2012 04:40:53 -0800 (PST)
Date: Sat, 1 Dec 2012 13:40:53 +0100
Message-ID: <CAPTrY-n1knNngCpSCRbm-jn7Bjq_48Svnd-ZNu4w1BUdcvDWYQ@mail.gmail.com>
Subject: X2goclient & OTP
From: Pascal Vibet - ADACIS <pvibet@gmail.com>
To: submit@bugs.x2go.org
Content-Type: multipart/alternative; boundary=14dae9340f6fb4e33604cfc9d32d
[Message part 1 (text/plain, inline)]
Package: x2goclient
Version: lucid - precise: amd64/i386 (ppa.launchpad), precise 3.99.0.5-1:
amd64/i386

I should use OTM authentification (One Time Password) like google
authentificator on my X2go server but it's impossible to mount shared
folder and/or local printer.

If i don't use OTP, i can see x2goclient connect twice to my server. First
time to login and second time, to shared folder and/or local printer
Dec  1 10:33:22 my_serveur sshd[22271]: Accepted password for pascal from
AAA.BBB.CCC.DDD port 36053 ssh2
Dec  1 10:33:22 my_serveur sshd[22271]: pam_unix(sshd:session): session
opened for user pascal by (uid=0)
Dec  1 10:33:36 my_serveur sshd[22707]: Accepted password for pascal from
AAA.BBB.CCC.DDD port 36057 ssh2
Dec  1 10:33:36 my_serveur sshd[22707]: pam_unix(sshd:session): session
opened for user pascal by (uid=0)

I i use OTP, password is valide one time. So, i can login on x2goserver but
i can not reuse the same password to shared folder:
Dec  1 10:37:26 my_serveur sshd[28415]: Accepted password for pascal from
AAA.BBB.CCC.DDD port 36062 ssh2
Dec  1 10:37:26 my_serveur sshd[28415]: pam_unix(sshd:session): session
opened for user pascal by (uid=0)
Dec  1 10:37:36 my_serveur sshd(pam_google_authenticator)[28839]: Trying to
reuse a previously used time-based code. Retry again in 30 seconds.
Warning! This might mean, you are currently subject to a man-in-the-middle
attack.
Dec  1 10:37:36 my_serveur sshd(pam_google_authenticator)[28839]: Invalid
verification code
Dec  1 10:37:36 my_serveur sshd[28839]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=toto.tata.titi.fr
user=pascal
Dec  1 10:37:39 my_serveur sshd[28839]: Failed password for pascal from
AAA.BBB.CCC.DDD port 36067 ssh2
Dec  1 10:37:39 my_serveur sshd[28839]: Received disconnect from
AAA.BBB.CCC.DDD: Bye Bye [preauth]

If X2goclient use multiplex ssh client option:
Host *
    ControlMaster auto
    ControlPath ~/.ssh/%r@%h:%p
First connection use password and create SSH socket file.
The second connection reuse first one and it can connect whithout
authentification.

In my test, X2goclient don't use some ssh client option.

Regards

Pascal Vibet
[Message part 2 (text/html, inline)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sun Jun 16 22:12:39 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.