From unknown Thu Mar 28 09:41:11 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#966: Banner issue update Reply-To: "Cherry, Andrew J." , 966@bugs.x2go.org Resent-From: "Cherry, Andrew J." Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Tue, 29 Aug 2017 17:05:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 966 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: Received: via spool by 966-submit@bugs.x2go.org id=B966.15040260235309 (code B ref 966); Tue, 29 Aug 2017 17:05:01 +0000 Received: (at 966) by bugs.x2go.org; 29 Aug 2017 17:00:23 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=3.0 tests=BAYES_20,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 57EBE5DACF for <966@bugs.x2go.org>; Tue, 29 Aug 2017 19:00:16 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8xfFd03UJ3zF for <966@bugs.x2go.org>; Tue, 29 Aug 2017 19:00:03 +0200 (CEST) X-Greylist: delayed 466 seconds by postgrey-1.35 at ymir.das-netzwerkteam.de; Tue, 29 Aug 2017 19:00:03 CEST Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 238BE5DACE for <966@bugs.x2go.org>; Tue, 29 Aug 2017 19:00:02 +0200 (CEST) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailrelay.anl.gov (Postfix) with ESMTPS id 7A822200032 for <966@bugs.x2go.org>; Tue, 29 Aug 2017 11:52:12 -0500 (CDT) X-IronPort-AV: E=Sophos;i="5.41,445,1498539600"; d="scan'208";a="164257768" Received: from hybrid-george.anl.gov (HELO GEORGE.anl.gov) ([146.137.81.15]) by mailgateway.anl.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 29 Aug 2017 11:52:12 -0500 Received: from gcc01-dm2-obe.outbound.protection.outlook.com (23.103.198.49) by hybridexchange.anl.gov (146.137.81.15) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 29 Aug 2017 11:52:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ArgonneDOE.onmicrosoft.com; s=selector1-alcf-anl-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=0ilPaVwpon2t7SDVJLZWJQ4G+Eg8f2DBTxdey5ek2tk=; b=ZigbZ2QDwDNebGvNh9aRO0Tmlxis26zoa09hpbL8P87EJbZXGpFdVt1lrQbSFOlYfFnHmspib4eD+toXbexgB4tZrnsALrdDeDhhWIoqjDvygeq+2NpCsdYDZLCO0tUKCw1bNXhSya83JWlgsdmBBbCM51ENKFmnEi7lgowzn7Q= Received: from BN3PR09MB0401.namprd09.prod.outlook.com (10.160.115.21) by BN3PR09MB0401.namprd09.prod.outlook.com (10.160.115.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.13.10; Tue, 29 Aug 2017 16:52:09 +0000 Received: from BN3PR09MB0401.namprd09.prod.outlook.com ([10.160.115.21]) by BN3PR09MB0401.namprd09.prod.outlook.com ([10.160.115.21]) with mapi id 15.20.0013.010; Tue, 29 Aug 2017 16:52:09 +0000 From: "Cherry, Andrew J." To: "966@bugs.x2go.org" <966@bugs.x2go.org> Thread-Topic: Banner issue update Thread-Index: AQHTIOcnJ12TQgEw8kug353BsJcRzQ== Date: Tue, 29 Aug 2017 16:52:08 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=acherry@alcf.anl.gov; x-originating-ip: [69.141.60.239] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;BN3PR09MB0401;20:AoQs49OiAZsSyQyq/nX+FaX4D0pUpg3z56qZMhGywexGEgFatHa5HdMLyYUr4iGCG4F6rbcweA387XK6tcy3fhkj6ZCdMCjBGTH0wklPAbLZ6o4bghZKc+wmsmLTQg+4ENG9ZyNoInCOTJdKbSQy/3qhZp23P8JGKezGxSYWH7M= x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-forefront-antispam-report: SFV:SKI;SCL:-1;SFV:NSPM;SFS:(10009020)(6009001)(189002)(199003)(97736004)(14454004)(68736007)(86362001)(5640700003)(25786009)(189998001)(6116002)(102836003)(3846002)(3660700001)(2351001)(15650500001)(3280700002)(551544002)(83716003)(2501003)(110136004)(99286003)(2906002)(6916009)(42882006)(53936002)(9686003)(6512007)(6506006)(6436002)(6486002)(77096006)(305945005)(54356999)(7736002)(50986999)(81156014)(81166006)(8676002)(7116003)(5660300001)(33656002)(3480700004)(36756003)(8936002)(2900100001)(478600001)(66066001)(101416001)(82746002)(105586002)(106356001);DIR:OUT;SFP:1101;SCL:1;SRVR:BN3PR09MB0401;H:BN3PR09MB0401.namprd09.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; x-ms-office365-filtering-correlation-id: 76a2138f-f6bc-48ae-6a10-08d4eefe499f x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:BN3PR09MB0401; x-ms-traffictypediagnostic: BN3PR09MB0401: x-exchange-antispam-report-test: UriScan:(192374486261705); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(6041248)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123560025)(20161123558100)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:BN3PR09MB0401;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:BN3PR09MB0401; x-forefront-prvs: 0414DF926F received-spf: None (protection.outlook.com: alcf.anl.gov does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-ID: <44A92D9BBCA3834181DBAEA196BAD647@namprd09.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Aug 2017 16:52:08.9589 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 0cfca185-25f7-49e3-8ae7-704d5326e285 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR09MB0401 X-OriginatorOrg: alcf.anl.gov I've done some additional testing, prompted by your mention of the banner b= eing configured using the Banner option in sshd_config. It turns out we ar= e *not* using the sshd config option -- instead, we are displaying the bann= er using the pam_echo module, configured with the following line in /etc/pa= m.d/sshd: auth optional pam_echo.so file=3D/etc/issue.net What I've found so far is that the same /etc/issue.net plays nice with x2go= when configured via the Banner option, but causes an auth failure when con= figured using pam_echo.so. I'm going to do some more digging to see if I can figure out what the diffe= rence is. Oddly, if I cut/paste the output from the OpenSSH client (on Lin= ux) up to and including the Password: prompt, and do a diff between the two= , they are byte-for-byte identical. By the way, the reason we use pam_echo.so instead of the Banner option is b= ecause we actually have two banners -- /etc/issue/net for the standard secu= rity boilerplate which is always displayed, and /etc/issue.alcf which is no= rmally empty but is populated with information during our scheduled mainten= ance windows when logins are disabled. However, I've confirmed that the pr= oblem still occurs even if I configure pam_echo.so to only display /etc/iss= ue.net -Andrew