From unknown Wed Apr 08 04:53:43 2026 X-Loop: owner@bugs.x2go.org Subject: Bug#832: X2Go Client in broker mode wiath autologin enabled expects transmission of private SSH key file Reply-To: Mike Gabriel , 832@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Mon, 30 Mar 2015 04:30:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 832 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: Received: via spool by submit@bugs.x2go.org id=B.142768971317720 (code B); Mon, 30 Mar 2015 04:30:01 +0000 Received: (at submit) by bugs.x2go.org; 30 Mar 2015 04:28:33 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 85C2E5DAC6 for ; Mon, 30 Mar 2015 06:28:31 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 28AD5A78 for ; Mon, 30 Mar 2015 06:28:31 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 45C903C05A for ; Mon, 30 Mar 2015 06:28:30 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PAAC9ElKB1Cl for ; Mon, 30 Mar 2015 06:28:30 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 0C8813BD8E for ; Mon, 30 Mar 2015 06:28:28 +0200 (CEST) Received: from bifrost.das-netzwerkteam.de (bifrost.das-netzwerkteam.de [178.62.101.154]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Mon, 30 Mar 2015 04:28:28 +0000 Date: Mon, 30 Mar 2015 04:28:28 +0000 Message-ID: <20150330042828.Horde.tSTkDXxv7oTRt-8A7NdwtQ1@mail.das-netzwerkteam.de> From: Mike Gabriel To: submit@bugs.x2go.org User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: de,en Organization: DAS-NETZWERKTEAM X-Originating-IP: 178.62.101.154 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_lwNaJfuD7SEZE0_YAz-eGg5"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_lwNaJfuD7SEZE0_YAz-eGg5 Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: x2goclient Severity: important Version: 4.0.4.0 If brokerage with autologin is in use (a very common broker setup),=20=20 the=20current client<->broker communication design in X2Go Client is=20=20 that=20the broker creates a SSH pubkey/privkey pair and transmits the=20=20 private=20key to the client. Never should we transmit private key files over the wire!!! The X2Go Session Broker is already able to accept pubkey files from=20=20 the=20client side and deploy those pubkeys appropriately. In Python=20=20 X2Go,=20this is already used. X2Go Client should switch here: create pubkey/privkey pair on=20=20 client-side,=20push the pubkey to the broker and have it temporarily=20=20 deployed=20from there to the X2Go Server where the next session login is=20= =20 scheduled=20by the broker. Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_lwNaJfuD7SEZE0_YAz-eGg5 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJVGNDrAAoJEJr0azAldxsxyOIP/i5Op4k2zlWgrc7GTrp0Ymiu yPcaH7p/H5Tkrr08BHOTep03BEBdDO7jsa0YXSySkSzGTbzd4RXcNfmSSS8iTNOc kjtorWDqXRtPyHe8pb45O++eUnyJSF/SVZkB8gVZDvofdeoqaRErk4xHuiP+PUcp Chnyv+iOw2D6Z8rIV08N+oebvZEOA8eie1zlhg8y3iluwboGOpdfLyUs8RQB4Ofu sk+XNWFta0HCxQrx4Y+0ThjbP56ULhNP8LeGZbsPWcrp7/7lPgMWK1ft3U+VIpGf Qxm8j6aqFwK5qovUsxE9nY/14s+G8gZ299SrhK9I5gIcy1MMgOAA4eaCTMnmrvzm p8ioJATEgQZSCLS6BecFKYW1yHGakXJFTZCiNSJMkw3//NYUGeUMO0faEm9e+Z1d p+2tO5bNGRXA5LY+ptqNC5M34F89CtqWZEJdtxcsLOBVlz6V9kRpnc5tJDIZYPLz U9QsVPM6Rl5cw5h8efionS6EjqM6ap5ckwDdtlDgiA+47Qryd1wceGYUeoT6YvzS cDcYC50vFGd6wFQLJ/wcHbQ7bIVfj5MrKiMPAwZmvUahP/DhUoNY8AwI1VyzBGVU el+4E2DsmgSkW+kjBoqZQl0wII6g3/cs4Hau/0WsMv6Utg3QHhwR0NVkhvEcZeb0 YBseEUBEI0TKh8J8tw1e =V2QD -----END PGP SIGNATURE----- --=_lwNaJfuD7SEZE0_YAz-eGg5--