X2Go Bug report logs - #765
Kex Error in X2Go client

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: promox <promox@gmx.com>

Date: Sat, 24 Jan 2015 12:55:02 UTC

Severity: normal

Found in version 4.0.3.1

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#765: Kex Error in X2Go client
Reply-To: rpr nospam <rpr.nospam@gmail.com>, 765@bugs.x2go.org
Resent-From: rpr nospam <rpr.nospam@gmail.com>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Thu, 08 Oct 2015 19:05:01 +0000
Resent-Message-ID: <handler.765.B765.144433091230532@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 765
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: 
Received: via spool by 765-submit@bugs.x2go.org id=B765.144433091230532
          (code B ref 765); Thu, 08 Oct 2015 19:05:01 +0000
Received: (at 765) by bugs.x2go.org; 8 Oct 2015 19:01:52 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
	RCVD_IN_DNSWL_BLOCKED,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from mail-io0-f174.google.com (mail-io0-f174.google.com [209.85.223.174])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 25AFE5DA80
	for <765@bugs.x2go.org>; Thu,  8 Oct 2015 21:01:51 +0200 (CEST)
Received: by ioii196 with SMTP id i196so68317402ioi.3
        for <765@bugs.x2go.org>; Thu, 08 Oct 2015 12:01:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=za5f3fskw42Nrk907iiNb3Z7h6cH69RBcKrQoiavqyQ=;
        b=jFIhwu6SQnAtNo87zqFROxoLcm1lKegsBTZm8n9Gizwjnth0mOX7cWqksFR4jiiJEd
         MyBdrbcuOp3F0P6CdDAa9riqFPZCi9W1ShuqUvrgNJcDMH1pmk7R5GTE3LydKYrFsIFj
         gH1hgZ3mQts9UNDDy1ZSlw2EmrsrCK9ZL7XaWwGhpaqf2hP8a8iSY9kS6EIWqlp9wcM/
         hY8VXsvzxq1f1TFN5unxpkm65M6xShwscgAeamM6ynzmZGN1WkY3BxbwI/PkiIB0KXHc
         GNcInwHsAGNyQHUCfI/xoSGTIXRHlnzRhb6J1tK4FRXlAW+qns0IcZus9p5tJvIK1rQ4
         ar/Q==
MIME-Version: 1.0
X-Received: by 10.107.10.140 with SMTP id 12mr10896042iok.160.1444330909525;
 Thu, 08 Oct 2015 12:01:49 -0700 (PDT)
Received: by 10.107.50.194 with HTTP; Thu, 8 Oct 2015 12:01:49 -0700 (PDT)
Date: Thu, 8 Oct 2015 21:01:49 +0200
Message-ID: <CAN-5ny=PC8wpw1kd_pngVjXAB1J4tEZt2P37UprxfhKaVa8sfQ@mail.gmail.com>
From: rpr nospam <rpr.nospam@gmail.com>
To: 765@bugs.x2go.org
Content-Type: text/plain; charset=UTF-8
Hi!

I also saw this issue while trying to connect with X2Go Client for
Windows (v. 4.0.5.0) to x2goserver (v. 4.0.1.19-0~1064~ubuntu14.04.1)
on a Linux Mint 17 machine.

The connection worked fine until the SSH server on the Linux machine
was reconfigured in order to harden it (see the recommendations in
https://stribika.github.io/2015/01/04/secure-secure-shell.html).

That reconfiguration allowed only the following host keys and key
exchange algorithms:

HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

The Elliptic Curve Digital Signature Algorithm (ECDSA) (and the
corresponding /etc/ssh/ssh_host_ecdsa_key) is not enabled because its
implementation may use a faulty pseudo-random number generator (i.e.
containing a back door created by NSA) as explained in some pages
referred by the aforementioned article.

After some investigation I found how to get rid of the error: in
C:\Users\username\ssh\known_hosts remove the line corresponding to the
x2goserver host and ecdsa-sha2-nistp256 key exchange algorithm:

x2goserver_host_address ecdsa-sha2-nistp256 ...

-- rpr.

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Nov 21 15:13:30 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.