From unknown Fri Mar 29 02:00:22 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#290: SSH key based authentication problems Reply-To: Matthias Kauer , 290@bugs.x2go.org Resent-From: Matthias Kauer Resent-To: x2go-dev@lists.berlios.de Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Wed, 28 Aug 2013 21:33:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 290 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: confirmed Received: via spool by 290-submit@bugs.x2go.org id=B290.137772490610098 (code B ref 290); Wed, 28 Aug 2013 21:33:02 +0000 Received: (at 290) by bugs.x2go.org; 28 Aug 2013 21:21:46 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,HTML_MESSAGE, URIBL_BLOCKED autolearn=ham version=3.3.2 X-Greylist: delayed 563 seconds by postgrey-1.34 at ymir; Wed, 28 Aug 2013 23:21:45 CEST Received: from fra07-inx04.webhod.de (fra07-inx04.webhod.de [212.224.89.152]) by ymir (Postfix) with ESMTPS id 777235DB1C for <290@bugs.x2go.org>; Wed, 28 Aug 2013 23:21:45 +0200 (CEST) X-No-Relay: not in my network X-No-Relay: not in my network Received: from [192.168.123.189] (e181003244.adsl.alicedsl.de [85.181.3.244]) by fra07-inx04.webhod.de (Postfix) with ESMTPSA id 09F38D20687; Wed, 28 Aug 2013 23:12:43 +0200 (CEST) Message-ID: <521E67B6.2030605@matthiaskauer.com> Date: Wed, 28 Aug 2013 23:12:22 +0200 From: Matthias Kauer User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: Mike Gabriel , 290@bugs.x2go.org References: <20130827123401.1559208fzp3qfrtl@mail.das-netzwerkteam.de> In-Reply-To: <20130827123401.1559208fzp3qfrtl@mail.das-netzwerkteam.de> Content-Type: multipart/alternative; boundary="------------050307080702090806020902" This is a multi-part message in MIME format. --------------050307080702090806020902 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hi Mike, thanks for the confirmation and the submission. If anyone is interested, one thing I did for now, to address this issue was to allow password-based access from my LAN addresses as described here: http://askubuntu.com/questions/101670/how-can-i-allow-ssh-password-authentication-from-only-certain-ip-addresses (Note that the match block should be at the end of sshd_config file as it affects all statements below it if I understand it correctly) Use a |Match| block in |/etc/ssh/sshd_config|. |PasswordAuthentication no Match address 192.0.2.0/24 PasswordAuthentication yes | Best, Matthias On 27/8/2013 12:34 PM, Mike Gabriel wrote: > Package: x2goclient > Tags: confirmed > Version: 4.0.1.0 > Severity: important > x-debbugs-cc: software@matthiaskauer.com > > I myself have also observed the issue reported by Matthias. Adding > this as a bug. This should get fixed before the release of 4.0.1.1. > > Mike > > ----- Weitergeleitete Nachricht von software@matthiaskauer.com ----- > Datum: Mon, 26 Aug 2013 23:54:55 +0200 > Von: Matthias Kauer > Betreff: [X2Go-User] Login via ~/.ssh/authorized_keys fails > An: x2go-user@lists.berlios.de > > Hi, > I am looking for input on how to set up an ssh key-based authentication. > > I generated an RSA key pair with puttygen and added it to > ~/.ssh/authorized_keys2 => confirmed that I can login with putty. > Now, I specify the same private key in x2goclient (windows). I enter my > password and I am then prompted for the password of the ssh key. I enter > it and the same ssh key password prompt reappears. This seems to be an > infinite loop. When I cancel it, I get a message saying that only > publickey is supported as login method (which corresponds to my > sshd_config settings). > > I then tried renaming ~/.ssh/authorized_keys and using a DSA key pair. > putty still works as expected with both of these alternatives. > x2goclient still shows the same problems however. It only lets me login > if I adapt my sshd_config and authenticate via user / password > combination. > > Is this a known limitation? > What is the best way to achieve high security? Can I limit the x2go > connections to only LAN IPs (without restricting the pure ssh > connections)? > > Best Wishes, > Matthias Kauer > _______________________________________________ > X2Go-User mailing list > X2Go-User@lists.berlios.de > https://lists.berlios.de/mailman/listinfo/x2go-user > > > ----- Ende der weitergeleiteten Nachricht ----- > > --------------050307080702090806020902 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit Hi Mike,
thanks for the confirmation and the submission.

If anyone is interested, one thing I did for now, to address this issue was to allow password-based access from my LAN addresses as described here: http://askubuntu.com/questions/101670/how-can-i-allow-ssh-password-authentication-from-only-certain-ip-addresses (Note that the match block should be at the end of sshd_config file as it affects all statements below it if I understand it correctly)

Use a Match block in /etc/ssh/sshd_config.

PasswordAuthentication no

Match address 192.0.2.0/24
    PasswordAuthentication yes
Best,
Matthias

On 27/8/2013 12:34 PM, Mike Gabriel wrote:
Package: x2goclient
Tags: confirmed
Version: 4.0.1.0
Severity: important
x-debbugs-cc: software@matthiaskauer.com

I myself have also observed the issue reported by Matthias. Adding this as a bug. This should get fixed before the release of 4.0.1.1.

Mike

----- Weitergeleitete Nachricht von software@matthiaskauer.com -----
     Datum: Mon, 26 Aug 2013 23:54:55 +0200
       Von: Matthias Kauer <software@matthiaskauer.com>
   Betreff: [X2Go-User] Login via ~/.ssh/authorized_keys fails
        An: x2go-user@lists.berlios.de

Hi,
I am looking for input on how to set up an ssh key-based authentication.

I generated an RSA key pair with puttygen and added it to
~/.ssh/authorized_keys2 => confirmed that I can login with putty.
Now, I specify the same private key in x2goclient (windows). I enter my
password and I am then prompted for the password of the ssh key. I enter
it and the same ssh key password prompt reappears. This seems to be an
infinite loop. When I cancel it, I get a message saying that only
publickey is supported as login method (which corresponds to my
sshd_config settings).

I then tried renaming ~/.ssh/authorized_keys and using a DSA key pair.
putty still works as expected with both of these alternatives.
x2goclient still shows the same problems however. It only lets me login
if I adapt my sshd_config and authenticate via user / password combination.

Is this a known limitation?
What is the best way to achieve high security? Can I limit the x2go
connections to only LAN IPs (without restricting the pure ssh connections)?

Best Wishes,
Matthias Kauer
_______________________________________________
X2Go-User mailing list
X2Go-User@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/x2go-user


----- Ende der weitergeleiteten Nachricht -----



--------------050307080702090806020902--