From acherry@alcf.anl.gov  Fri Nov 20 18:00:03 2015
Received: (at submit) by bugs.x2go.org; 20 Nov 2015 17:00:05 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED
	autolearn=ham version=3.3.2
X-Greylist: delayed 527 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Fri, 20 Nov 2015 18:00:02 CET
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 005B85DA4F
	for <submit@bugs.x2go.org>; Fri, 20 Nov 2015 18:00:02 +0100 (CET)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28])
	(using TLSv1.2 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by mailrelay.anl.gov (Postfix) with ESMTPS id 2E5732000B0
	for <submit@bugs.x2go.org>; Fri, 20 Nov 2015 10:51:13 -0600 (CST)
X-IronPort-AV: E=Sophos;i="5.20,323,1444712400"; 
   d="scan'208";a="100892236"
Received: from hybrid-luckman.anl.gov (HELO LUCKMAN.anl.gov) ([146.137.81.14])
  by mailgateway.anl.gov with ESMTP/TLS/AES256-SHA; 20 Nov 2015 10:51:13 -0600
Received: from wat.localdomain (146.137.81.4) by smtp.anl.gov (146.137.81.37)
 with Microsoft SMTP Server (TLS) id 14.3.248.2; Fri, 20 Nov 2015 10:50:55
 -0600
From: Andrew Cherry <acherry@alcf.anl.gov>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 20 Nov 2015 11:50:49 -0500
Subject: x2goclient SSH fails with keyboard-interactive + banner
To: <submit@bugs.x2go.org>
Message-ID: <E0B09660-1A90-429E-913C-D4F0D60B7414@alcf.anl.gov>
MIME-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
X-Mailer: Apple Mail (2.3096.5)

Package: x2goclient
Version: 4.0.5.1

On our systems, security policy requires us to use OTP tokens for login, =
which means that all SSH connections are keyboard-interactive.  In =
addition, we use /etc/issue.net to print a warning banner before the SSH =
password prompt.  When x2goclient connects, the string variable =
containing the output for the password prompt ('pr' in =
sshmasterconnection.cpp) includes the banner as well, and since the =
check for "Password: " is a strict equality check, the password prompt =
is not recognized.

The simple patch below seems to do the trick to get around this issue:


--- sshmasterconnection.cpp	2015-11-20 11:37:44.000000000 -0500
+++ /Users/acherry/sshmasterconnection.cpp	2015-11-20 =
11:37:24.000000000 -0500
@@ -866,7 +866,7 @@
             x2goDebug<<"Prompt[0]: |"<<prompt<<"|"<<endl;
 #endif
             QString pr=3Dprompt;
-            if(pr=3D=3D"Password: ")
+            if(pr.endsWith("Password: "))
             {
 #ifdef DEBUG
                 x2goDebug<<"Password request"<<endl;
@@ -874,7 +874,7 @@
                 =
ssh_userauth_kbdint_setanswer(my_ssh_session,0,pass.toAscii());
                 return userChallengeAuth();
             }
-            if(pr=3D=3D"Verification code: ")
+            if(pr.endsWith("Verification code: "))
             {
 #ifdef DEBUG
                 x2goDebug<<"Verification code request"<<endl;