X2Go Bug report logs - #732
X2Go Client falls back to SSH pub/priv key auth if GSSAPI fails

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Fri, 9 Jan 2015 23:25:01 UTC

Severity: important

Found in version 4.0.3.1

Fix blocked by 733: SSH GSSAPI: use master+slave sockets

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#732: X2Go Client falls back to SSH pub/priv key auth if GSSAPI fails
Reply-To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 732@bugs.x2go.org
Resent-From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Fri, 09 Jan 2015 23:25:01 +0000
Resent-Message-ID: <handler.732.B.14208457316441@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 732
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: 
Received: via spool by submit@bugs.x2go.org id=B.14208457316441
          (code B); Fri, 09 Jan 2015 23:25:01 +0000
Received: (at submit) by bugs.x2go.org; 9 Jan 2015 23:22:11 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED
	autolearn=ham version=3.3.2
Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id DC8FF5DEAA
	for <submit@bugs.x2go.org>; Sat, 10 Jan 2015 00:22:09 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98])
	by freya.das-netzwerkteam.de (Postfix) with ESMTPS id AC1EA327C
	for <submit@bugs.x2go.org>; Sat, 10 Jan 2015 00:22:09 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id A2AAB3C841
	for <submit@bugs.x2go.org>; Sat, 10 Jan 2015 00:22:09 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id WWHAd9whrHtR for <submit@bugs.x2go.org>;
	Sat, 10 Jan 2015 00:22:09 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 3EB753C7CB
	for <submit@bugs.x2go.org>; Sat, 10 Jan 2015 00:22:09 +0100 (CET)
Received: from bifrost.das-netzwerkteam.de (bifrost.das-netzwerkteam.de
 [178.62.101.154]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP;
 Fri, 09 Jan 2015 23:22:09 +0000
Date: Fri, 09 Jan 2015 23:22:09 +0000
Message-ID: <20150109232209.Horde.K3bH1TajHmQvYqeZ0-zvaA1@mail.das-netzwerkteam.de>
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: submit@bugs.x2go.org
User-Agent: Internet Messaging Program (IMP) H5 (6.2.2)
Accept-Language: en,de
Organization: DAS-NETZWERKTEAM
X-Originating-IP: 178.62.101.154
X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101
 Firefox/32.0 Iceweasel/32.0
Content-Type: multipart/signed; boundary="=_xAhRA4GITImwalWlQL1ytg1";
 protocol="application/pgp-signature"; micalg=pgp-sha1
MIME-Version: 1.0
[Message part 1 (text/plain, inline)]
Package: x2goclient
Severity: important
Version: 4.0.3.1

I have not yet obtained a Kerberos ticket via kinit...

I have an SSH private key protected with a passphrase...

My X2Go session profile configuration for SSH auth is:

key=
krblogin=true
autologin=false
krbdelegation=false

I expect authentication to fail (reporting that my ticket cache is  
empty or such).

What happens is this:

"""
x2go-INFO-1> "Starting x2goclient..."
x2go-WARNING-1> "Can't load translator: :/x2goclient_c"
x2go-WARNING-2> "Can't load translator: :/qt_C"
x2go-DEBUG-../onmainwindow.cpp:1203> Removing apps from tray
x2go-DEBUG-../onmainwindow.cpp:1171> Plugging apps in tray.
x2go-INFO-3> "Started  x2goclient."
x2go-DEBUG-../onmainwindow.cpp:490> "$HOME=/home/mike"
x2go-DEBUG-../onmainwindow.cpp:2118> Reading 72 sessions from config file.
QPixmap::scaled: Pixmap is a null pixmap
x2go-DEBUG-../onmainwindow.cpp:2663> Starting session via smartcard,  
ssh-agent or kerberos token.
x2go-DEBUG-../onmainwindow.cpp:1203> Removing apps from tray
x2go-INFO-8> "Starting connection to server: <host>:<port>"
x2go-DEBUG-../onmainwindow.cpp:2697> Start new ssh connection to  
server:"<host>":"<port>" krbLogin: true
x2go-DEBUG-../sshmasterconnection.cpp:198> starting ssh connection  
with kerberos authentication

x2go-DEBUG-../sshmasterconnection.cpp:206> SshMasterConnection,  
instance SshMasterConnection(0x1f0b670)  created
x2go-DEBUG-../sshmasterconnection.cpp:442> SshMasterConnection,  
instance SshMasterConnection(0x1f0b670)  entering thread
x2go-DEBUG-../sshmasterconnection.cpp:478> libSsh not inited yet, initting

x2go-DEBUG-../sshmasterconnection.cpp:789> cserverAuth

x2go-DEBUG-../sshmasterconnection.cpp:804> state: 1

x2go-DEBUG-../sshmasterconnection.cpp:1153> starting ssh:"ssh -o  
GSSApiAuthentication=yes mike@<host> -p <port> -o  
PasswordAuthentication=no sh -c 'echo  
X2GODATABEGIN:df7fa883-5dc3-4623-b9dd-16b62f069fc5; whoami; echo  
X2GODATAEND:df7fa883-5dc3-4623-b9dd-16b62f069fc5;'"

Enter passphrase for key '/home/mike/.ssh/id_rsa':
"""

X2Go Client waits for me entering my SSH private key password while  
setting up the SSH master connection.

This should not happen... Authentication should fail and a proper  
error message (GSSAPI requires a valid Kerberos ticket cache or  
similar) should be reported.

Mike


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Digitale_PGP_Signatur (application/pgp-signature, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sat Apr 20 18:54:49 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.