From unknown Fri Mar 29 15:31:14 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#765: More Info Reply-To: Michael DePaulo , 765@bugs.x2go.org Resent-From: Michael DePaulo Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Sat, 16 May 2015 12:10:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 765 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: Received: via spool by 765-submit@bugs.x2go.org id=B765.143177808524353 (code B ref 765); Sat, 16 May 2015 12:10:01 +0000 Received: (at 765) by bugs.x2go.org; 16 May 2015 12:08:05 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, T_DKIM_INVALID autolearn=ham version=3.3.2 Received: from mail-ob0-f174.google.com (mail-ob0-f174.google.com [209.85.214.174]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 7BE0B5DA82 for <765@bugs.x2go.org>; Sat, 16 May 2015 14:08:03 +0200 (CEST) Received: by obblk2 with SMTP id lk2so95496228obb.0 for <765@bugs.x2go.org>; Sat, 16 May 2015 05:08:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=vcfnPkmAaX92Oyq0Oz/vf3+QroYtUtd0YvRJqUW/syk=; b=mJxWIU4+hblaE/kkUK0WdX9YVekqc8Ei+ZUJSbB+yb/8fO9FH5eeuuoz9VK6MIMQZ5 cFEsD8GZEzrSHsqHwSeRZzYxI+010Xe+ERf7Hmv4FRAQsezP1MW/GA2+wuW57SkmDLW2 +rlIK/fQuxZMR4SLPoh4JecoIIY0L3s1X2QCuLnTDVGVCpthreD0oEEaDczggkFBnzGK JRLDdyl7ZxJDAJWHmidP8DBaStNhuKjl42wndwHD5D0PaSGJLnYJO2w3jy61VeaUhu6A CyK1oNn99bMkJ8uvBhkiR+G9GKF92/KzP5Iw260v5gXdaO8+ao5mTBcDuYycexgnTlqS YMmw== MIME-Version: 1.0 X-Received: by 10.60.84.65 with SMTP id w1mr12511025oey.2.1431778081541; Sat, 16 May 2015 05:08:01 -0700 (PDT) Received: by 10.202.88.195 with HTTP; Sat, 16 May 2015 05:08:01 -0700 (PDT) Date: Sat, 16 May 2015 08:08:01 -0400 Message-ID: From: Michael DePaulo To: 765@bugs.x2go.org Content-Type: text/plain; charset=UTF-8 There are multiple ways to reproduce this bug. For example: 1. Let the server and x2goclient exchange an ecdsa key. Configure the server to only use rsa keys. Then attempt to connect with x2goclient. (This is what happened in the original bug report.) (This will happen when someone configures a server for FIPS compliance.) (Note that if both an rsa key and an ecdsa key are available, an ecdsa key will be exchanged.) 2. Let the server and x2goclient exchange an rsa key. Configure the server to only use ecdsa keys. Then attempt to connect with x2goclient. (This will produce the inverse error message.) 3. Let the server and x2goclient exchange an ecdsa key. Replace that key with an ecdsa key of a different length. Then attempt to connect with x2goclient. What will not reproduce this bug is configuring a server to only use rsa keys, and then connecting with x2goclient for the 1st time. (Which will exchange an rsa key.)