From xypron.glpk@gmx.de Sun Jun 16 14:36:34 2013 Received: (at submit) by bugs.x2go.org; 16 Jun 2013 12:36:35 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED autolearn=ham version=3.3.2 Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) by ymir (Postfix) with ESMTP id B3C475DB17 for ; Sun, 16 Jun 2013 14:36:34 +0200 (CEST) Received: from mailout-de.gmx.net ([10.1.76.28]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0M94oF-1Ubnbj1yLl-00CNwf for ; Sun, 16 Jun 2013 14:36:34 +0200 Received: (qmail invoked by alias); 16 Jun 2013 12:36:34 -0000 Received: from ip-109-90-96-202.unitymediagroup.de (EHLO [192.168.123.29]) [109.90.96.202] by mail.gmx.net (mp028) with SMTP; 16 Jun 2013 14:36:34 +0200 X-Authenticated: #41704822 X-Provags-ID: V01U2FsdGVkX19k5XQT2b5kVW0Kw+achSwo8l3ziPOZ2N/PlRugN4 PiWSNvxdxKyOzY Message-ID: <51BDB150.4040306@gmx.de> Date: Sun, 16 Jun 2013 14:36:32 +0200 From: Heinrich Schuchardt User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12 MIME-Version: 1.0 To: submit@bugs.x2go.org Subject: Changed host key cannot be updated Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Y-GMX-Trusted: 0 Package: x2goclient Version: 4.0.0.3 Severity: normal Dear maintainer, from time to time the SSH key used for identification by a X2GO server may change. When trying to connect the server a pop up is shown: "Anmeldung fehlgeschlagen" "Host-Key des Servers hat sich geändert Er lautet jetzt: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 Aus Sicherheitsgründen wird die Verbindung abgebrochen" The user is left puzzled with what he should do next. There is no indication in which file there is a problem, e.g. ~/.ssh/known_hosts or %APPDATA%\ssh\known_hosts There is no indication which entry in this file is corrupted. Deleting file known_hosts is a bad idea because it may contain the keys for dozens of validated servers. There are examples of more informative output, e.g. from command line program ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00. Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending RSA key in /home/user/.ssh/known_hosts:1 RSA host key for 10.0.0.5 has changed and you have requested strict checking. Host key verification failed. Here I can identify the filename: /home/user/.ssh/known_hosts and the line of the the entry: 1 Manual editing of known_hosts is now possible but not too good an idea because it is error prone. A good solution is what you see in PuTTY. A warning pop up is shown and you get the choice to update file known_hosts. Best regards Heinrich Schuchardt From mike.gabriel@das-netzwerkteam.de Fri Jun 21 10:20:50 2013 Received: (at 241) by bugs.x2go.org; 21 Jun 2013 08:20:51 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id C1A5C5DB2C for <241@bugs.x2go.org>; Fri, 21 Jun 2013 10:20:50 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 4D09B9B8 for <241@bugs.x2go.org>; Fri, 21 Jun 2013 10:20:50 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 237B83BB30 for <241@bugs.x2go.org>; Fri, 21 Jun 2013 10:20:50 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8DXdNrw1nH+H for <241@bugs.x2go.org>; Fri, 21 Jun 2013 10:20:50 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id EB3B83BC1A for <241@bugs.x2go.org>; Fri, 21 Jun 2013 10:20:49 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id D3DAD3BB30 for <241@bugs.x2go.org>; Fri, 21 Jun 2013 10:20:49 +0200 (CEST) Received: by grimnir.das-netzwerkteam.de (Postfix, from userid 33) id 649693BBF5; Fri, 21 Jun 2013 10:20:49 +0200 (CEST) Received: from nocatv2.tng.de (nocatv2.tng.de [213.178.75.58]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 21 Jun 2013 10:20:49 +0200 Message-ID: <20130621102049.28992mah70gw8xr5@mail.das-netzwerkteam.de> X-Priority: 3 (Normal) Date: Fri, 21 Jun 2013 10:20:49 +0200 From: Mike Gabriel To: Heinrich Schuchardt , 241@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#241: Changed host key cannot be updated References: <51BDB150.4040306@gmx.de> In-Reply-To: <51BDB150.4040306@gmx.de> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_2hzrefx5vw0x"; protocol="application/pgp-signature"; micalg="pgp-sha1" Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.4) This message is in MIME format and has been PGP signed. --=_2hzrefx5vw0x Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Heinrich, On So 16 Jun 2013 14:36:32 CEST Heinrich Schuchardt wrote: > Dear maintainer, > > from time to time the SSH key used for identification by a X2GO =20 > server may change. > > When trying to connect the server a pop up is shown: > > "Anmeldung fehlgeschlagen" > "Host-Key des Servers hat sich ge=C3=A4ndert Er lautet jetzt: > 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 > Aus Sicherheitsgr=C3=BCnden wird die Verbindung abgebrochen" > > The user is left puzzled with what he should do next. > > There is no indication in which file there is a problem, e.g. > ~/.ssh/known_hosts > or > %APPDATA%\ssh\known_hosts > > There is no indication which entry in this file is corrupted. > > Deleting file known_hosts is a bad idea because it may contain the =20 > keys for dozens of validated servers. > > There are examples of more informative output, e.g. from command =20 > line program ssh: > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)= ! > It is also possible that a host key has just been changed. > The fingerprint for the RSA key sent by the remote host is > 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00. > Please contact your system administrator. > Add correct host key in /home/user/.ssh/known_hosts to get rid of =20 > this message. > Offending RSA key in /home/user/.ssh/known_hosts:1 > RSA host key for 10.0.0.5 has changed and you have requested strict checki= ng. > Host key verification failed. > > Here I can identify the filename: /home/user/.ssh/known_hosts > and the line of the the entry: 1 > > Manual editing of known_hosts is now possible but not too good an =20 > idea because it is error prone. > > A good solution is what you see in PuTTY. A warning pop up is shown =20 > and you get the choice to update file known_hosts. > > Best regards The above surely is a good point to discuss first before implementing. Obviously, such a replace-host-key button would improve usability in =20 case host key changes occur. However, if someone captured DNS and replaced my X2Go server by an =20 agressive X2Go server, I (as developer) surely want to protect the =20 user from simply klicking ,,Yeah, ok man... replace that host key... =20 and can we go on then please...''. The SSH-unexperienced user (i.e. probably nearly everyone in the =20 windows world) will then just simply click ,,replace host key''. So, for me this kind of replace-host-key dialog should at least have a =20 double confirmation check dialog: Are you sure to replace... -> Are =20 you really sure???. That kind of thing. Heinrich: if you could come up with a patch for this issue, it would =20 surely speed up an inclusion of your requested feature. @all: comments, opinions on such a new feature? Mike --=20 DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf= b --=_2hzrefx5vw0x Content-Type: application/pgp-signature Content-Description: Digitale PGP-Unterschrift Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAABAgAGBQJRxAzhAAoJEJr0azAldxsx0YkP/ie4V6/plXQE4YBzKssxeLt0 z+ztVjUQDE9xGCQNvdLYpzcm/ojztUmJ53wKgu9wLn6uKcDer3acvSBhVduSSEqB i3DZLczmRUl2P0wk37P8AR5UZb+4m/sBN8sEDizPUAnUpLCTnlMhM4afbEbQ56C7 49i3oeJL9Uu5GG5c5O1UcY5l2NVMupeLDpac0OJNcsKbRXNxamIu90g6GhMeHEtd 2i5EkEqnboM3ntGEseP203utLrAEGqF+ez0ztkJx9VMNLntib145fQ6N8AUfnuI7 T3y7GPJq1wvjS/kIb7jtGMX/OrRRKHjr9rNnMyXrjVQ7bY54T432Ghz9P35rAeV4 iUL49BVj664Ij5OUM385wEr7PhoSEy7sd157bkNYMO2FlpFX0YYLwBUhO0hz7AKL VkJX0JoktYncQtviT6BybxaW21UtLwPJZBC8YVRgFVBG2Wll8A3axObmOVqkJZz3 t6/vemS3bd0CTyql+TuGim6tfZhnEt1FRDQYaEs1CvoLSeCVO8YaS1Qt0Qwf1slI FLGm66Y0yI+hqxeQU3Cb1iKk9q/4fWDvSx0MMQOpCEojr42jP03v2i8L3rRa2rV3 T+mq9L6b2WwwN3p56HcS79tnD7S9xeiru/6Zbc+6gk92ibPOjwY5eNQjQaNzLvfQ BYThWqbxuK+9K72l7HZW =xsB/ -----END PGP SIGNATURE----- --=_2hzrefx5vw0x-- From mike.gabriel@das-netzwerkteam.de Fri Jun 21 10:53:25 2013 Received: (at 241) by bugs.x2go.org; 21 Jun 2013 08:53:26 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 87DD73BDED for <241@bugs.x2go.org>; Fri, 21 Jun 2013 10:53:25 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 4EE1A9B8 for <241@bugs.x2go.org>; Fri, 21 Jun 2013 10:53:25 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 430303BBF4 for <241@bugs.x2go.org>; Fri, 21 Jun 2013 10:53:25 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h3gpnwA+GmAU for <241@bugs.x2go.org>; Fri, 21 Jun 2013 10:53:25 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 1F49E3BBFE for <241@bugs.x2go.org>; Fri, 21 Jun 2013 10:53:25 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 07CAE3BBF4 for <241@bugs.x2go.org>; Fri, 21 Jun 2013 10:53:25 +0200 (CEST) Received: by grimnir.das-netzwerkteam.de (Postfix, from userid 33) id BE73E3BBFE; Fri, 21 Jun 2013 10:53:24 +0200 (CEST) Received: from nocatv2.tng.de (nocatv2.tng.de [213.178.75.58]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 21 Jun 2013 10:53:24 +0200 Message-ID: <20130621105324.16925ind0za903us@mail.das-netzwerkteam.de> X-Priority: 3 (Normal) Date: Fri, 21 Jun 2013 10:53:24 +0200 From: Mike Gabriel To: 241@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#241: Bug#241: Changed host key cannot be updated References: <51BDB150.4040306@gmx.de> <20130621102049.28992mah70gw8xr5@mail.das-netzwerkteam.de> <51C411E4.9000204@stefanbaur.de> In-Reply-To: <51C411E4.9000204@stefanbaur.de> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_5g3b2zz512mc"; protocol="application/pgp-signature"; micalg="pgp-sha1" Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.4) This message is in MIME format and has been PGP signed. --=_5g3b2zz512mc Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit Hi Stefan, hi Heinrich, On Fr 21 Jun 2013 10:42:12 CEST Stefan Baur wrote: > Am 21.06.2013 10:20, schrieb Mike Gabriel: > >> @all: comments, opinions on such a new feature? > > This has been discussed previously on the list - I believe it was > before the introduction of X2Go-BTS, which is why there's no > bug/ticket regarding it. > Subject was: "Feature Request: update ssh public key fingerprint > from within x2goclient" > Date: 2012-02-17 14:41 > Message-ID: <4F3E58FE.1050502@stefanbaur.de> > > We need to find a middle ground between the current "No soup for > you!" and the way-too-easy "Update host key [Y]/n" prompt. > > My suggestion back then was: > "I would like to suggest adding an option to remove/update the key > from within the X2Go-Client. However, to avoid "user click-through", > it should be somewhere in the menu, and the popup message should be > amended with a note pointing to that menu." This sounds like a nice solution. Heinrich, are you willing to work on this new feature? As you have also worked on the https proxy support code, I guess you are capable to perform this task ;-). Otherwise, we will keep this wishlist request on the list, but do not expect a prompt solution for this. Thanks+Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_5g3b2zz512mc Content-Type: application/pgp-signature Content-Description: Digitale PGP-Unterschrift Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAABAgAGBQJRxBSEAAoJEJr0azAldxsxQHEP+wUVZGqe9FPKRIJtZIofWY7Q 71LNS1f55HZ3nDHH/Tc96g0VphGbtvMAXXlwY6ZMjUVk4wHj9R1GmDmvJqnHlfBM 7im9QzcrbzrgF6IgIWAapKc5At+tL37WX9jR/rIgxXz8uLGMQ/NLBX7P8XbTifdn nNlCfRhuQBibm4oNdREKzxta2WRdapTeYIPsykpUeKzo5MLYjh2xQSNXsaStPanr uBJZfUV2S6yZ1f7You3K/EPYUB7BP19o9Q3EsF7Ca9NVMeiHmirtLJdqYPUlHcg1 GkNwTY5brf0r6PtpPWucimHlpYYq9LYTSZLJAdemSEmuzuiRN3vYhCAyXivs3px9 ukxBQ+ZiLh5DSJu76fVdJWEZMy9Aecgl3JM2zgzxJoi6QxdTw/0v7G042s7BUGsF 5SAHSHhetkjVRnjq6WPx4sjqYLpMs6f3cRQegj72jp5KHrPsphrQGzTdzKfxZxZn J6nCn4pUBIdexff8sO4FqYIEdbEvAn4X6aNXs335HT0PXGsx+bJzuFUsEtZXg/fw KSZavDwzEbmM/LoKXgyPL9Z6fdTLet2ZpLrq8lmmTa0jtDzfWSBkpcHUxRwzwul0 NGKbA2wH1CS0V27WsV3DD7m9ntalGbOOY3eoGP+nNxSWT30duLcBUPZw7JBL0UvA /uEi/1tuCM9P4VnaDJIk =HN2L -----END PGP SIGNATURE----- --=_5g3b2zz512mc-- From newsgroups.mail2@stefanbaur.de Fri Jun 21 10:54:26 2013 Received: (at 241) by bugs.x2go.org; 21 Jun 2013 08:54:26 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham version=3.3.2 X-Greylist: delayed 753 seconds by postgrey-1.34 at ymir; Fri, 21 Jun 2013 10:54:26 CEST Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by ymir (Postfix) with ESMTP id 363773BDED for <241@bugs.x2go.org>; Fri, 21 Jun 2013 10:54:26 +0200 (CEST) Received: from [192.168.0.3] (HSI-KBW-149-172-200-27.hsi13.kabel-badenwuerttemberg.de [149.172.200.27]) by mrelayeu.kundenserver.de (node=mreu4) with ESMTP (Nemesis) id 0MITed-1Urt7u1L7H-003ixY; Fri, 21 Jun 2013 10:41:53 +0200 Message-ID: <51C411E4.9000204@stefanbaur.de> Date: Fri, 21 Jun 2013 10:42:12 +0200 From: Stefan Baur User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: x2go-dev@lists.berlios.de, 241@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#241: Bug#241: Changed host key cannot be updated References: <51BDB150.4040306@gmx.de> <20130621102049.28992mah70gw8xr5@mail.das-netzwerkteam.de> In-Reply-To: <20130621102049.28992mah70gw8xr5@mail.das-netzwerkteam.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:rTCAG/VQiS3OGvYTU9s29Y0aZVvRHnvlrRi4GDsMtYM Qh53wAvKRxxp1F8+fOKBafvbr3kgbC1moqJeL+HQrHt4JTjohx nTao67vE7WgHw9rD2Wn/MAJ/DEg6grbr436voI1fX+z97ESLFc nS/56w6QN9JH5k+ZtMQxbZP806JI7V9wpCGmu95PdA3XGBNQSa dEXzvDHo3jW7gonUvMSQwDQ9wNXxdh21sk3SJuS8lBo4GS1RV8 lHX+1ZWdO5V0jqhReRgJnNvcwbngW2oovqXMf8V4Bf5QqofhYf TDHOwBu5Je0B8rE6TcGoHAdKSwx5WrKOVa1k9g+mOLkuJA++ED /8QC7nnWt2qhCdaCSrt6GTyCgHKmp7ejrdE/wJfW+ Am 21.06.2013 10:20, schrieb Mike Gabriel: > @all: comments, opinions on such a new feature? This has been discussed previously on the list - I believe it was before the introduction of X2Go-BTS, which is why there's no bug/ticket regarding it. Subject was: "Feature Request: update ssh public key fingerprint from within x2goclient" Date: 2012-02-17 14:41 Message-ID: <4F3E58FE.1050502@stefanbaur.de> We need to find a middle ground between the current "No soup for you!" and the way-too-easy "Update host key [Y]/n" prompt. My suggestion back then was: "I would like to suggest adding an option to remove/update the key from within the X2Go-Client. However, to avoid "user click-through", it should be somewhere in the menu, and the popup message should be amended with a note pointing to that menu." -Stefan From xypron.glpk@gmx.de Sat Jun 22 16:47:28 2013 Received: (at 241) by bugs.x2go.org; 22 Jun 2013 14:47:28 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,URIBL_BLOCKED autolearn=ham version=3.3.2 X-Greylist: delayed 452 seconds by postgrey-1.34 at ymir; Sat, 22 Jun 2013 16:47:28 CEST Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by ymir (Postfix) with ESMTP id 0F0A63BDED for <241@bugs.x2go.org>; Sat, 22 Jun 2013 16:47:28 +0200 (CEST) Received: from Workstation4.fritz.box ([109.90.96.202]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MVrQS-1UoE8V1HY0-00X5Ya; Sat, 22 Jun 2013 16:34:55 +0200 From: xypron.glpk@gmx.de To: mike.gabriel@das-netzwerkteam.de Cc: 241@bugs.x2go.org, Heinrich Schuchardt Subject: [PATCH 22/22] Re: [X2Go-Dev] Bug#241: Changed host key cannot be updated Date: Sat, 22 Jun 2013 16:34:46 +0200 Message-Id: <1371911686-15060-1-git-send-email-xypron.glpk@gmx.de> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <20130621102049.28992mah70gw8xr5@mail.das-netzwerkteam.de> References: <20130621102049.28992mah70gw8xr5@mail.das-netzwerkteam.de> X-Provags-ID: V03:K0:SRCB/CJ+rv0+gMtopTDJ8JN9Ck2CO0XeYq1Xqpvw2UFE/w/d7Up +YCeIrsTuHhngStuqQA0WGaUW4wRA4BhTcax5Oz/XFz7ZwH2al9tY9i52mCp84fCwPJ9WpE r4AFmLRv0VQ2cNFo70TEpykhlYxU6PqzRPZrlUZ5JzDoub6M5PbHr33gTdbKkPhKX31FtVm kVEg3jFilBVf1f75B2yzw== From: Heinrich Schuchardt The appended patch allows to updated changed host keys. It does not include the necessary changes for the translations. Best regards Heinrich Schuchardt Signed-off-by: Heinrich Schuchardt --- onmainwindow.cpp | 67 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 46 insertions(+), 21 deletions(-) diff --git a/onmainwindow.cpp b/onmainwindow.cpp index b707d84..d0993f2 100644 --- a/onmainwindow.cpp +++ b/onmainwindow.cpp @@ -2953,33 +2953,58 @@ void ONMainWindow::slotSshServerAuthError ( int error, QString sshMessage, SshMa { case SSH_SERVER_KNOWN_CHANGED: errMsg=tr ( "Host key for server changed.\nIt is now: " ) +sshMessage+"\n"+ - tr ( "For security reasons, connection will be stopped" ); - connection->writeKnownHosts(false); - connection->wait(); - if(sshConnection && sshConnection !=connection) + tr ( "This can be an indication of a man-in-the-middle attack.\n" + "Somebody might be eavesdropping on you.\n" + "For security reasons, it is recommended to stop the connection.\n" + "Do you want to terminate the connection?\n" ); + if ( !QMessageBox::warning( 0, tr( "Host key verification failed" ), + errMsg, tr( "Yes" ), tr( "No" ) ) != 0) + { + connection->writeKnownHosts(false); + connection->wait(); + if(sshConnection && sshConnection !=connection) + { + sshConnection->wait(); + delete sshConnection; + } + slotSshUserAuthError ( tr ( "Host key verification failed" ) ); + sshConnection=0; + return; + } + else { - sshConnection->wait(); - delete sshConnection; + errMsg = tr( "If you accept the new host key the security of your " + "connection may be compromised.\n" + "Do you want to update the host key?" ); } - sshConnection=0; - slotSshUserAuthError ( errMsg ); - return; - + break; case SSH_SERVER_FOUND_OTHER: errMsg=tr ( "The host key for this server was not found but an other" - "type of key exists.An attacker might change the default server key to" - "confuse your client into thinking the key does not exist" ); - connection->writeKnownHosts(false); - connection->wait(); - if(sshConnection && sshConnection !=connection) + "type of key exists. An attacker might change the default server key to " + "confuse your client into thinking the key does not exist. \n" + "For security reasons, it is recommended to stop the connection.\n" + "Do you want to terminate the connection?\n"); + if ( !QMessageBox::warning( 0, tr( "Host key verification failed" ), + errMsg, tr( "Yes" ), tr( "No" ) ) != 0) + { + connection->writeKnownHosts(false); + connection->wait(); + if(sshConnection && sshConnection !=connection) + { + sshConnection->wait(); + delete sshConnection; + } + slotSshUserAuthError ( tr ( "Host key verification failed" ) ); + sshConnection=0; + return; + } + else { - sshConnection->wait(); - delete sshConnection; + errMsg = tr( "If you accept the new host key the security of your " + "connection may be compromised.\n" + "Do you want to update the host key?" ); } - sshConnection=0; - slotSshUserAuthError ( errMsg ); - return ; - + break; case SSH_SERVER_ERROR: connection->writeKnownHosts(false); connection->wait(); -- 1.7.10.4 From nable.maininbox@googlemail.com Sat Jun 22 19:09:11 2013 Received: (at 241) by bugs.x2go.org; 22 Jun 2013 17:09:11 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail-bk0-f51.google.com (mail-bk0-f51.google.com [209.85.214.51]) by ymir (Postfix) with ESMTPS id 7B9693BDED for <241@bugs.x2go.org>; Sat, 22 Jun 2013 19:09:11 +0200 (CEST) Received: by mail-bk0-f51.google.com with SMTP id ji1so3729654bkc.24 for <241@bugs.x2go.org>; Sat, 22 Jun 2013 10:09:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=tzFQcwqi3DvkhVigdJI8aNsqgJfwciCHWXygme7s90E=; b=mOhA5CNP6ncqfgsTxAfr2mYNEjhU0sdN/GGunKG9x0u20m7xTTx/0Gfupqp2ZV7+tQ Y8vWqH4LDRzs8/UqJuCVP6O9+CfjK3WeGOIfymrfSkMjd1d2CN0c6b7JQkMldVuCmUiQ j1c1j4IplMiXadPK0A8tlZ1T3l2WOeitnlppdF7jLNSpKIFZVEkBGOW9Qg6i6acXpIoF oLBJaIP7WyIgMU8rt65bZOuORZHbsFdqBBi8wkRZQj/g3o547frKbHsFRtGuErrrhNR/ qzxYlyxSBB45eUfxc0e+Jrd4DvfBHiV5scdrg8gWANW7B5deYnlXsRPEMJ4lTszIs+yI tplA== MIME-Version: 1.0 X-Received: by 10.205.4.132 with SMTP id oc4mr2592721bkb.171.1371920951086; Sat, 22 Jun 2013 10:09:11 -0700 (PDT) Received: by 10.204.235.194 with HTTP; Sat, 22 Jun 2013 10:09:11 -0700 (PDT) In-Reply-To: <1371911686-15060-1-git-send-email-xypron.glpk@gmx.de> References: <20130621102049.28992mah70gw8xr5@mail.das-netzwerkteam.de> <1371911686-15060-1-git-send-email-xypron.glpk@gmx.de> Date: Sat, 22 Jun 2013 21:09:11 +0400 Message-ID: Subject: Re: [X2Go-Dev] Bug#241: [PATCH 22/22] Re: Bug#241: Changed host key cannot be updated From: Nable 80 To: xypron.glpk@gmx.de, 241@bugs.x2go.org, x2go-dev@lists.berlios.de Content-Type: text/plain; charset=ISO-8859-1 > + if ( !QMessageBox::warning( 0, tr( "Host key verification failed" ), > + errMsg, tr( "Yes" ), tr( "No" ) ) != 0) I think that using `!' in the beginning and `!=' in the end is a great idea to confuse everybody, including those who have written this piece of code. Or did I understood these lines in a wrong way (here is some irony) ? From mike@das-netzwerkteam.de Wed Jun 26 00:43:36 2013 Received: (at control) by bugs.x2go.org; 25 Jun 2013 22:43:36 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 264285DB1E for ; Wed, 26 Jun 2013 00:43:36 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id D3CD8BC7 for ; Wed, 26 Jun 2013 00:43:35 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id C77DF3BA4B for ; Wed, 26 Jun 2013 00:43:35 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCF5SnTwmYDa for ; Wed, 26 Jun 2013 00:43:35 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 695C33B934 for ; Wed, 26 Jun 2013 00:43:35 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 471CC3BA4B for ; Wed, 26 Jun 2013 00:43:35 +0200 (CEST) Received: from minobo.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 100163B934 for ; Wed, 26 Jun 2013 00:43:35 +0200 (CEST) Received: by minobo.das-netzwerkteam.de (Postfix, from userid 1000) id 62917F846B; Tue, 25 Jun 2013 23:26:06 +0200 (CEST) To: control@bugs.x2go.org Subject: Message-Id: <20130625212606.62917F846B@minobo.das-netzwerkteam.de> Date: Tue, 25 Jun 2013 23:26:06 +0200 (CEST) From: mike@das-netzwerkteam.de (Mike Gabriel) tag #241 patch thanks From mike.gabriel@das-netzwerkteam.de Fri Jul 19 18:31:26 2013 Received: (at 241) by bugs.x2go.org; 19 Jul 2013 16:31:26 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 558545DB0A for <241@bugs.x2go.org>; Fri, 19 Jul 2013 18:31:26 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 1757DBDB for <241@bugs.x2go.org>; Fri, 19 Jul 2013 18:31:26 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 7D2943BAA6 for <241@bugs.x2go.org>; Fri, 19 Jul 2013 18:31:25 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eG2OVJAjYbIz for <241@bugs.x2go.org>; Fri, 19 Jul 2013 18:31:25 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 599AC3BC02 for <241@bugs.x2go.org>; Fri, 19 Jul 2013 18:31:25 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 3A56E3BAA6 for <241@bugs.x2go.org>; Fri, 19 Jul 2013 18:31:25 +0200 (CEST) Received: by grimnir.das-netzwerkteam.de (Postfix, from userid 33) id E188A3BB76; Fri, 19 Jul 2013 18:31:24 +0200 (CEST) Received: from m-047.informatik.uni-kiel.de (m-047.informatik.uni-kiel.de [134.245.254.47]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 19 Jul 2013 18:31:24 +0200 Message-ID: <20130719183124.90596l0jauhaquak@mail.das-netzwerkteam.de> X-Priority: 3 (Normal) Date: Fri, 19 Jul 2013 18:31:24 +0200 From: Mike Gabriel To: xypron.glpk@gmx.de Cc: 241@bugs.x2go.org Subject: Re: [PATCH 22/22] Re: [X2Go-Dev] Bug#241: Changed host key cannot be updated References: <20130621102049.28992mah70gw8xr5@mail.das-netzwerkteam.de> <1371911686-15060-1-git-send-email-xypron.glpk@gmx.de> In-Reply-To: <1371911686-15060-1-git-send-email-xypron.glpk@gmx.de> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_6gu1xh7e41cs"; protocol="application/pgp-signature"; micalg="pgp-sha1" Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.4) This message is in MIME format and has been PGP signed. --=_6gu1xh7e41cs Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit Hi Heinrich, On Sa 22 Jun 2013 16:34:46 CEST wrote: > From: Heinrich Schuchardt > > The appended patch allows to updated changed host keys. > > It does not include the necessary changes for the translations. > > Best regards > > Heinrich Schuchardt > > Signed-off-by: Heinrich Schuchardt > --- > onmainwindow.cpp | 67 > +++++++++++++++++++++++++++++++++++++----------------- > 1 file changed, 46 insertions(+), 21 deletions(-) > > diff --git a/onmainwindow.cpp b/onmainwindow.cpp > index b707d84..d0993f2 100644 > --- a/onmainwindow.cpp > +++ b/onmainwindow.cpp > [...] I just realized that I have not reacted to this one yet. As the patch introduces changes on translatable strings, this patch will only be applied after release 4.0.1.1. Thanks for this piece of work. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_6gu1xh7e41cs Content-Type: application/pgp-signature Content-Description: Digitale PGP-Unterschrift Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAABAgAGBQJR6WncAAoJEJr0azAldxsxhS0P/34HGdVYv58z7hDMHJaMgzY8 phSGi2jU1EThbz0Idd3zLrnXOsauipoFIUMlFEBad8GkYcZHiONfvHalDVA62sCM DwwBKzwBTKVRDqbdUkIEZv2ynYHZ13PKcNDAeLIgzwMEhgyBbZ3h/3bGhJDOzRje 5xwlVYCyaCBBKz1RrPymfxF8tx4c1lHLF//cDYLU0v6/tX2ZPZ5tW5JcsCYhALPF Nwkt2cdijy4ICmjDpANxwuhUZuE0dFli9bQYtGwTAS41W37ryjwt03jRqDW/jpZz c7J4az5c93VwWi+1ep46UMr4kLTnMhY4ll/aKyn+vMMYBA5BueEu9l+CnfqLTb+L vpPR73VJSAHkSMeSdvjtJKjA7oLKbNYng/H2VFuJXa6w4EJrTjMsWQSk2MTFgnZ/ 23nQ6PEBcSnYlEYuT96F+4EKhx1kjC6/MBtthR1UFqhVVuO3ElEjEmkC88yuqBJX gE9Iq3F71C7+x0VJ2poSWl6i7OEzuu4DRF6TKUda+9V81IuJTf3Lp+jMq1nyQMkQ M7+gQLZ2jlzHVR4qv2bkTgRXtCkr0KRG6flKoz/Lpn/du3BVuuUY7oJvOGwY3N4l s6BVUgp5ffX3Y8NHgG4uZdOKLLmG1yX2Cvbh5KLEbcPE1LmMD/Qdrj2e9a2fC+Z2 jkbin7ygar4dXzmSbYOa =VAQz -----END PGP SIGNATURE----- --=_6gu1xh7e41cs-- From mallwase@vut.ac.za Tue Jul 23 11:07:29 2013 Received: (at 241) by bugs.x2go.org; 23 Jul 2013 09:07:30 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: * X-Spam-Status: No, score=1.3 required=5.0 tests=HTML_MESSAGE,LOTS_OF_MONEY, RCVD_IN_DNSWL_BLOCKED,RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.2 X-Greylist: delayed 325 seconds by postgrey-1.34 at ymir; Tue, 23 Jul 2013 11:07:29 CEST Received: from vut-tmg.internal.vut.ac.za (unknown [196.21.157.3]) by ymir (Postfix) with ESMTPS id 0D5535DB15 for <241@bugs.x2go.org>; Tue, 23 Jul 2013 11:07:29 +0200 (CEST) Received: from vut-exchCASHT01.internal.vut.ac.za (196.21.64.36) by vut-tmg.internal.vut.ac.za (196.21.64.149) with Microsoft SMTP Server (TLS) id 14.1.438.0; Tue, 23 Jul 2013 11:09:51 +0200 Received: from VUT-EXCHMBX02.internal.vut.ac.za ([169.254.2.191]) by vut-exchCASHT01.internal.vut.ac.za ([196.21.64.36]) with mapi id 14.02.0298.004; Tue, 23 Jul 2013 11:02:02 +0200 From: mallwase moloi Subject: My last wish Thread-Topic: My last wish Thread-Index: Ac6HgxXDULRRIHhMTV2jtR3X3k0gdw== Date: Tue, 23 Jul 2013 09:02:00 +0000 Message-ID: Accept-Language: en-ZA, en-US Content-Language: en-ZA X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [196.21.64.149] Content-Type: multipart/alternative; boundary="_000_B31455E3E676624F8E1C0EF48CEAF0BC277CDF78VUTEXCHMBX02int_" MIME-Version: 1.0 To: Undisclosed recipients:; --_000_B31455E3E676624F8E1C0EF48CEAF0BC277CDF78VUTEXCHMBX02int_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Although, I am not comfortable discussing the content of my mail on the Int= ernet owing to lots of unsolicited/Spam mails on the net nowadays. Anyway my message is that I hav= e made up my mind to will my late Husband's funds to you so that you can use it for charity duties and= good work to humanity in your country. The amount is 4 million Dollars. Please get back to me on my = personal and secured email address for further information. My secured email address is: mallwasemoloi= 101@live.co.uk God bless you. Mrs. Mallwase Moloi. --_000_B31455E3E676624F8E1C0EF48CEAF0BC277CDF78VUTEXCHMBX02int_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Although, I am not comfortable discussing the content of my mail on the = Internet owing to lots of

unsolicited/Spam mails on the net nowadays. Anyway my message is that I = have made up my mind to will my

late Husband's funds  to you so that you can use it for charity&nbs= p; duties and good work to humanity in

your country. The amount is 4 million Dollars. Please get back to me on = my personal and secured email 

address for further information. My secured email address is: mallwasemoloi101@live.co.uk
God bless you.
Mrs. Mallwase Moloi.

--_000_B31455E3E676624F8E1C0EF48CEAF0BC277CDF78VUTEXCHMBX02int_-- From x2go@ymir Mon Sep 30 21:07:45 2013 Received: (at 241) by bugs.x2go.org; 30 Sep 2013 19:07:53 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir (Postfix, from userid 1005) id 4B91A5DB21; Mon, 30 Sep 2013 21:07:45 +0200 (CEST) From: Mike Gabriel To: 241-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 241@bugs.x2go.org Subject: X2Go issue (in src:x2goclient) has been marked as pending for release Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Mailer: http://snipr.com/post-receive-tag-pending Message-Id: <20130930190745.4B91A5DB21@ymir> Date: Mon, 30 Sep 2013 21:07:45 +0200 (CEST) tag #241 pending fixed #241 4.0.1.2 thanks Hello, X2Go issue #241 (src:x2goclient) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=f376e1c The issue will most likely be fixed in src:x2goclient (4.0.1.2). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit f376e1c9e9e1b145b4ed1f2cb8a32b64ffe5f4bf Author: Heinrich Schuchardt Date: Mon Sep 30 21:07:25 2013 +0200 Handle SSH host key changes more elegantly and allow user interaction if such a host key change occurs. (Fixes: #241). diff --git a/debian/changelog b/debian/changelog index 0b6aa9e..6360efe 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,6 +11,11 @@ x2goclient (4.0.1.2-0~x2go2) UNRELEASED; urgency=low config file. This allows choosing the default display for shadow sessions. + [ Heinrich Schuchardt ] + * New upstream version (4.0.1.2): + - Handle SSH host key changes more elegantly and allow user interaction + if such a host key change occurs. (Fixes: #241). + -- Mike Gabriel Wed, 11 Sep 2013 12:17:43 +0200 x2goclient (4.0.1.1-0~x2go1) unstable; urgency=low From x2go@ymir Tue Dec 17 15:55:21 2013 Received: (at 241) by bugs.x2go.org; 17 Dec 2013 14:56:17 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir (Postfix, from userid 1005) id 03A625DB26; Tue, 17 Dec 2013 15:55:20 +0100 (CET) From: Mike Gabriel To: 241-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 241@bugs.x2go.org Subject: X2Go issue (in src:x2goclient) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20131217145521.03A625DB26@ymir> Date: Tue, 17 Dec 2013 15:55:20 +0100 (CET) close #241 thanks Hello, we are very hopeful that X2Go issue #241 reported by you has been resolved in the new release (4.0.1.2) of the X2Go source project »src:x2goclient«. You can view the complete changelog entry of src:x2goclient (4.0.1.2) below, and you can use the following link to view all the code changes between this and the last release of src:x2goclient. http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=34591fd62844b2b955e6a4bf3cf44d4759c5e44c;hp=d5ff7886ae22a1e36541570e7095fac9860af6e8 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2goclient. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2goclient Version: 4.0.1.2-0x2go2 Status: RELEASE Date: Tue, 17 Dec 2013 15:21:38 +0100 Fixes: 139 230 241 311 315 316 328 333 Changes: x2goclient (4.0.1.2-0x2go2) RELEASED; urgency=low . [ Mike Gabriel ] * New upstream version (4.0.1.2): - Provide Keywords: key in .desktop file. - Add NSIS packaging files for win32 builds to source tree. (Files provided by Oleksandr Shneyder, thanks!!!). - Rename win32 desktop and startmenu icon from "X2goClient" to "X2Go Client". - Store broker HTTPS certificate exceptions in $HOME/.x2go/ssl/exceptions (before: $HOME/ssl/exceptions). (Fixes: #328). - Perform sanity checks on data that comes in from X2Go Servers. Prohibit the execution of arbitrary code via the ~/.bashrc file. (Fixes: #333). - Add option --broker-cacertfile. Allow usage of non-system-wide installed (self-signed) SSL certificate chains for https (SSL) session broker connections. (Fixes: #311). - Update man page for new --tray-icon cmdline option. - Update man page for --broker-url. Explain the syntax of . - Properly handle (=expand) the "~" character in key filenames. (Brought to attention by Eldamir on IRC. Thanks!). - Expand tilde operator for all other file paths handed over to X2Go Client via sessions file or cmdline parameter. - Syntax fix of x2goclient.desktop file. - Test for various file locations of the pulseaudio cookie file. - Allow patching of qmake-qt4 executable path in Makefile. - Make qmake-qt4 and lrelease path in Makefile easily replacable (as RHEL-5 does not have those tools in $PATH). - Make sure that build_client and build_plugin are not build with parallel make. - Make x2goplugin-provider installable via Makefile. * Pull-in packaging changes from Debian. * debian/source/format: + Switch to format 1.0. * x2goclient.spec: + Ship x2goclient.spec (RPM package definitions) in upstream project. (Thanks to the Fedora package maintainers). + Clear (Fedora package) changelog. + Make package build on Fedora/EPEL versions that do not have the qtbrowserplugin package. + For EPEL-5 builds: replace full path to qmake-qt4 and lrelease. + Split up package into bin:packages: x2goclient, x2goplugin, x2goplugin-provider. + Make sure lrelease-qt4 is executed (not just lrelease). . [ Ricardo Díaz Martín ] * New upstream versino (4.0.1.2): - Strip whitespaces off of user name, host name and other strings when loading / saving session profiles.(Fixes: #315). - New option --tray-icon. Force showing the tray icon, even for hidden sessions. Also allow creation of .desktop files with --tray-icon optionally being enabled. (Fixes: #316). - Update Spanish translation. . [ Oleksandr Shneyder ] * New upstream version (4.0.1.2): - Support for keys "shadowuser" "shadowdisplay" and "shadowmode" in config file. This allows choosing the default display for shadow sessions. - Support for GSSApi(Kerberos 5) authentication. Using ssh/scp commands on Linux and Mac and plink/pscp on Windows. - Support for ChallengeResponseAuthentication (Google Authenticator) - Setting main window focus on mac (Fixes: #139). - Additional check if authentication with GSSApi successfull - c121b7e2d3d83abdc2d7a29637bc3294e38b2ec3 broke checking if remote command produce only stderr and not stdout. It made x2goclient crash if x2gostartagent send LIMIT error. Current commit fixes this issue. - SshMasterConnection should use current user name if no user name is specified in session settings - GSSApi(Kerberos 5) authentication for sshproxy and sshbroker - fixed GSSApi(Kerberos 5) authentication for sshproxy and sshbroker on windows . [ Heinrich Schuchardt ] * New upstream version (4.0.1.2): - Handle SSH host key changes more elegantly and allow user interaction if such a host key change occurs. (Fixes: #241). . [ Michael DePaulo ] * New upstream version (4.0.1.2): - win32: Add uninstall information to Add/Remove Programs. (Fixes: #230). From unknown Fri Mar 29 14:03:45 2024 MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#241 closed by Mike Gabriel (X2Go issue (in src:x2goclient) has been marked as closed) Message-ID: References: <20131217145521.03A625DB26@ymir> X-X2go-PR-Keywords: pending patch X-X2go-PR-Message: they-closed 241 X-X2go-PR-Package: x2goclient X-X2go-PR-Source: x2goclient Date: Tue, 17 Dec 2013 15:03:07 +0000 Content-Type: multipart/mixed; boundary="----------=_1387292587-10958-0" This is a multi-part message in MIME format... ------------=_1387292587-10958-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the x2goclient package: #241: Changed host key cannot be updated It has been closed by Mike Gabriel . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Mike Gabriel by replying to this email. --=20 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1387292587-10958-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at control) by bugs.x2go.org; 17 Dec 2013 14:56:09 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: by ymir (Postfix, from userid 1005) id 03A625DB26; Tue, 17 Dec 2013 15:55:20 +0100 (CET) From: Mike Gabriel To: 241-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 241@bugs.x2go.org Subject: X2Go issue (in src:x2goclient) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20131217145521.03A625DB26@ymir> Date: Tue, 17 Dec 2013 15:55:20 +0100 (CET) close #241 thanks Hello, we are very hopeful that X2Go issue #241 reported by you has been resolved in the new release (4.0.1.2) of the X2Go source project »src:x2goclient«. You can view the complete changelog entry of src:x2goclient (4.0.1.2) below, and you can use the following link to view all the code changes between this and the last release of src:x2goclient. http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=34591fd62844b2b955e6a4bf3cf44d4759c5e44c;hp=d5ff7886ae22a1e36541570e7095fac9860af6e8 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2goclient. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2goclient Version: 4.0.1.2-0x2go2 Status: RELEASE Date: Tue, 17 Dec 2013 15:21:38 +0100 Fixes: 139 230 241 311 315 316 328 333 Changes: x2goclient (4.0.1.2-0x2go2) RELEASED; urgency=low . [ Mike Gabriel ] * New upstream version (4.0.1.2): - Provide Keywords: key in .desktop file. - Add NSIS packaging files for win32 builds to source tree. (Files provided by Oleksandr Shneyder, thanks!!!). - Rename win32 desktop and startmenu icon from "X2goClient" to "X2Go Client". - Store broker HTTPS certificate exceptions in $HOME/.x2go/ssl/exceptions (before: $HOME/ssl/exceptions). (Fixes: #328). - Perform sanity checks on data that comes in from X2Go Servers. Prohibit the execution of arbitrary code via the ~/.bashrc file. (Fixes: #333). - Add option --broker-cacertfile. Allow usage of non-system-wide installed (self-signed) SSL certificate chains for https (SSL) session broker connections. (Fixes: #311). - Update man page for new --tray-icon cmdline option. - Update man page for --broker-url. Explain the syntax of . - Properly handle (=expand) the "~" character in key filenames. (Brought to attention by Eldamir on IRC. Thanks!). - Expand tilde operator for all other file paths handed over to X2Go Client via sessions file or cmdline parameter. - Syntax fix of x2goclient.desktop file. - Test for various file locations of the pulseaudio cookie file. - Allow patching of qmake-qt4 executable path in Makefile. - Make qmake-qt4 and lrelease path in Makefile easily replacable (as RHEL-5 does not have those tools in $PATH). - Make sure that build_client and build_plugin are not build with parallel make. - Make x2goplugin-provider installable via Makefile. * Pull-in packaging changes from Debian. * debian/source/format: + Switch to format 1.0. * x2goclient.spec: + Ship x2goclient.spec (RPM package definitions) in upstream project. (Thanks to the Fedora package maintainers). + Clear (Fedora package) changelog. + Make package build on Fedora/EPEL versions that do not have the qtbrowserplugin package. + For EPEL-5 builds: replace full path to qmake-qt4 and lrelease. + Split up package into bin:packages: x2goclient, x2goplugin, x2goplugin-provider. + Make sure lrelease-qt4 is executed (not just lrelease). . [ Ricardo Díaz Martín ] * New upstream versino (4.0.1.2): - Strip whitespaces off of user name, host name and other strings when loading / saving session profiles.(Fixes: #315). - New option --tray-icon. Force showing the tray icon, even for hidden sessions. Also allow creation of .desktop files with --tray-icon optionally being enabled. (Fixes: #316). - Update Spanish translation. . [ Oleksandr Shneyder ] * New upstream version (4.0.1.2): - Support for keys "shadowuser" "shadowdisplay" and "shadowmode" in config file. This allows choosing the default display for shadow sessions. - Support for GSSApi(Kerberos 5) authentication. Using ssh/scp commands on Linux and Mac and plink/pscp on Windows. - Support for ChallengeResponseAuthentication (Google Authenticator) - Setting main window focus on mac (Fixes: #139). - Additional check if authentication with GSSApi successfull - c121b7e2d3d83abdc2d7a29637bc3294e38b2ec3 broke checking if remote command produce only stderr and not stdout. It made x2goclient crash if x2gostartagent send LIMIT error. Current commit fixes this issue. - SshMasterConnection should use current user name if no user name is specified in session settings - GSSApi(Kerberos 5) authentication for sshproxy and sshbroker - fixed GSSApi(Kerberos 5) authentication for sshproxy and sshbroker on windows . [ Heinrich Schuchardt ] * New upstream version (4.0.1.2): - Handle SSH host key changes more elegantly and allow user interaction if such a host key change occurs. (Fixes: #241). . [ Michael DePaulo ] * New upstream version (4.0.1.2): - win32: Add uninstall information to Add/Remove Programs. (Fixes: #230). ------------=_1387292587-10958-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 16 Jun 2013 12:36:35 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED autolearn=ham version=3.3.2 Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) by ymir (Postfix) with ESMTP id B3C475DB17 for ; Sun, 16 Jun 2013 14:36:34 +0200 (CEST) Received: from mailout-de.gmx.net ([10.1.76.28]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0M94oF-1Ubnbj1yLl-00CNwf for ; Sun, 16 Jun 2013 14:36:34 +0200 Received: (qmail invoked by alias); 16 Jun 2013 12:36:34 -0000 Received: from ip-109-90-96-202.unitymediagroup.de (EHLO [192.168.123.29]) [109.90.96.202] by mail.gmx.net (mp028) with SMTP; 16 Jun 2013 14:36:34 +0200 X-Authenticated: #41704822 X-Provags-ID: V01U2FsdGVkX19k5XQT2b5kVW0Kw+achSwo8l3ziPOZ2N/PlRugN4 PiWSNvxdxKyOzY Message-ID: <51BDB150.4040306@gmx.de> Date: Sun, 16 Jun 2013 14:36:32 +0200 From: Heinrich Schuchardt User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12 MIME-Version: 1.0 To: submit@bugs.x2go.org Subject: Changed host key cannot be updated Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Y-GMX-Trusted: 0 Package: x2goclient Version: 4.0.0.3 Severity: normal Dear maintainer, from time to time the SSH key used for identification by a X2GO server may change. When trying to connect the server a pop up is shown: "Anmeldung fehlgeschlagen" "Host-Key des Servers hat sich geändert Er lautet jetzt: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 Aus Sicherheitsgründen wird die Verbindung abgebrochen" The user is left puzzled with what he should do next. There is no indication in which file there is a problem, e.g. ~/.ssh/known_hosts or %APPDATA%\ssh\known_hosts There is no indication which entry in this file is corrupted. Deleting file known_hosts is a bad idea because it may contain the keys for dozens of validated servers. There are examples of more informative output, e.g. from command line program ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00. Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending RSA key in /home/user/.ssh/known_hosts:1 RSA host key for 10.0.0.5 has changed and you have requested strict checking. Host key verification failed. Here I can identify the filename: /home/user/.ssh/known_hosts and the line of the the entry: 1 Manual editing of known_hosts is now possible but not too good an idea because it is error prone. A good solution is what you see in PuTTY. A warning pop up is shown and you get the choice to update file known_hosts. Best regards Heinrich Schuchardt ------------=_1387292587-10958-0-- From unknown Fri Mar 29 14:03:45 2024 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@bugs.x2go.org From: Debbugs Internal Request Subject: Internal Control Message-Id: Bug archived. Date: Mi, 15 Jan 2014 06:24:01 +0000 User-Agent: Fakemail v42.6.9 # A New Hope # A long time ago, in a galaxy far, far away # something happened. # # Magically this resulted in the following # action being taken, but this fake control # message doesn't tell you why it happened # # The action: # Bug archived. thanks # This fakemail brought to you by your local debbugs # administrator