X2Go Bug report logs - #68
X2goclient & OTP

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Pascal Vibet - ADACIS <pvibet@gmail.com>

Date: Sat, 1 Dec 2012 12:48:01 UTC

Severity: normal

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log

🔗 View this message in rfc822 format

MIME-Version: 1.0
X-Mailer: MIME-tools 5.502 (Entity 5.502)
X-Loop: owner@bugs.x2go.org
From: owner@bugs.x2go.org (X2Go Bug Tracking System)
Subject: Bug#68 closed by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
 (Google Authenticator feature added in X2Go Client 4.0.2.0)
Message-ID: <handler.68.b68.140214765216006.notifdone@bugs.x2go.org>
References: <20140607132731.Horde.tB-igSVZcXMCaYl1ponjNg7@mail.das-netzwerkteam.de>
X-X2go-PR-Message: they-closed 68
X-X2go-PR-Package: x2goclient
X-X2go-PR-Source: x2goclient
Date: Sat, 07 Jun 2014 13:30:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1402147802-16136-0"

[Message part 1 (text/plain, inline)]
This is an automatic notification regarding your Bug report
which was filed against the x2goclient package:

#68: X2goclient & OTP

It has been closed by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>.

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Mike Gabriel <mike.gabriel@das-netzwerkteam.de> by
replying to this email.


-- 
68: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=68
X2Go Bug Tracking System
Contact owner@bugs.x2go.org with problems

[Message part 2 (message/rfc822, inline)]
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 68@bugs.x2go.org
Subject: Google Authenticator feature added in X2Go Client 4.0.2.0
Date: Sat, 07 Jun 2014 13:27:31 +0000
[Message part 3 (text/plain, inline)]
Control: close -1

Hi Pascal,

the GA OTP support has been added since X2Go Client 4.0.2.0. It also  
supports client-side folder sharing and printing for GA authenticated  
sessions.

Greets,
Mike
-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

[Message part 4 (application/pgp-signature, inline)]
[Message part 5 (message/rfc822, inline)]
From: Pascal Vibet - ADACIS <pvibet@gmail.com>
To: submit@bugs.x2go.org
Subject: X2goclient & OTP
Date: Sat, 1 Dec 2012 13:40:53 +0100
[Message part 6 (text/plain, inline)]
Package: x2goclient
Version: lucid - precise: amd64/i386 (ppa.launchpad), precise 3.99.0.5-1:
amd64/i386

I should use OTM authentification (One Time Password) like google
authentificator on my X2go server but it's impossible to mount shared
folder and/or local printer.

If i don't use OTP, i can see x2goclient connect twice to my server. First
time to login and second time, to shared folder and/or local printer
Dec  1 10:33:22 my_serveur sshd[22271]: Accepted password for pascal from
AAA.BBB.CCC.DDD port 36053 ssh2
Dec  1 10:33:22 my_serveur sshd[22271]: pam_unix(sshd:session): session
opened for user pascal by (uid=0)
Dec  1 10:33:36 my_serveur sshd[22707]: Accepted password for pascal from
AAA.BBB.CCC.DDD port 36057 ssh2
Dec  1 10:33:36 my_serveur sshd[22707]: pam_unix(sshd:session): session
opened for user pascal by (uid=0)

I i use OTP, password is valide one time. So, i can login on x2goserver but
i can not reuse the same password to shared folder:
Dec  1 10:37:26 my_serveur sshd[28415]: Accepted password for pascal from
AAA.BBB.CCC.DDD port 36062 ssh2
Dec  1 10:37:26 my_serveur sshd[28415]: pam_unix(sshd:session): session
opened for user pascal by (uid=0)
Dec  1 10:37:36 my_serveur sshd(pam_google_authenticator)[28839]: Trying to
reuse a previously used time-based code. Retry again in 30 seconds.
Warning! This might mean, you are currently subject to a man-in-the-middle
attack.
Dec  1 10:37:36 my_serveur sshd(pam_google_authenticator)[28839]: Invalid
verification code
Dec  1 10:37:36 my_serveur sshd[28839]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=toto.tata.titi.fr
user=pascal
Dec  1 10:37:39 my_serveur sshd[28839]: Failed password for pascal from
AAA.BBB.CCC.DDD port 36067 ssh2
Dec  1 10:37:39 my_serveur sshd[28839]: Received disconnect from
AAA.BBB.CCC.DDD: Bye Bye [preauth]

If X2goclient use multiplex ssh client option:
Host *
    ControlMaster auto
    ControlPath ~/.ssh/%r@%h:%p
First connection use password and create SSH socket file.
The second connection reuse first one and it can connect whithout
authentification.

In my test, X2goclient don't use some ssh client option.

Regards

Pascal Vibet

[Message part 7 (text/html, inline)]

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Apr 19 11:52:15 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.