X2Go Bug report logs - #241
Changed host key cannot be updated

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Date: Sun, 16 Jun 2013 12:48:01 UTC

Severity: normal

Tags: patch, pending

Found in version 4.0.0.3

Fixed in version 4.0.1.2

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


Message #25 received at 241@bugs.x2go.org (full text, mbox):

Received: (at 241) by bugs.x2go.org; 22 Jun 2013 14:47:28 +0000
From xypron.glpk@gmx.de  Sat Jun 22 16:47:28 2013
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE,URIBL_BLOCKED autolearn=ham version=3.3.2
X-Greylist: delayed 452 seconds by postgrey-1.34 at ymir; Sat, 22 Jun 2013 16:47:28 CEST
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18])
	by ymir (Postfix) with ESMTP id 0F0A63BDED
	for <241@bugs.x2go.org>; Sat, 22 Jun 2013 16:47:28 +0200 (CEST)
Received: from Workstation4.fritz.box ([109.90.96.202]) by mail.gmx.com
 (mrgmx101) with ESMTPSA (Nemesis) id 0MVrQS-1UoE8V1HY0-00X5Ya; Sat, 22 Jun
 2013 16:34:55 +0200
From: xypron.glpk@gmx.de
To: mike.gabriel@das-netzwerkteam.de
Cc: 241@bugs.x2go.org,
	Heinrich Schuchardt <xypron.glpk@gmx.de>
Subject: [PATCH 22/22] Re: [X2Go-Dev] Bug#241: Changed host key cannot be updated
Date: Sat, 22 Jun 2013 16:34:46 +0200
Message-Id: <1371911686-15060-1-git-send-email-xypron.glpk@gmx.de>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <20130621102049.28992mah70gw8xr5@mail.das-netzwerkteam.de>
References: <20130621102049.28992mah70gw8xr5@mail.das-netzwerkteam.de>
X-Provags-ID:  V03:K0:SRCB/CJ+rv0+gMtopTDJ8JN9Ck2CO0XeYq1Xqpvw2UFE/w/d7Up
 +YCeIrsTuHhngStuqQA0WGaUW4wRA4BhTcax5Oz/XFz7ZwH2al9tY9i52mCp84fCwPJ9WpE
 r4AFmLRv0VQ2cNFo70TEpykhlYxU6PqzRPZrlUZ5JzDoub6M5PbHr33gTdbKkPhKX31FtVm
 kVEg3jFilBVf1f75B2yzw==
From: Heinrich Schuchardt <xypron.glpk@gmx.de>

The appended patch allows to updated changed host keys.

It does not include the necessary changes for the translations.

Best regards

Heinrich Schuchardt

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 onmainwindow.cpp |   67 +++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 46 insertions(+), 21 deletions(-)

diff --git a/onmainwindow.cpp b/onmainwindow.cpp
index b707d84..d0993f2 100644
--- a/onmainwindow.cpp
+++ b/onmainwindow.cpp
@@ -2953,33 +2953,58 @@ void ONMainWindow::slotSshServerAuthError ( int error, QString sshMessage, SshMa
     {
     case SSH_SERVER_KNOWN_CHANGED:
         errMsg=tr ( "Host key for server changed.\nIt is now: " ) +sshMessage+"\n"+
-               tr ( "For security reasons, connection will be stopped" );
-        connection->writeKnownHosts(false);
-        connection->wait();
-        if(sshConnection && sshConnection !=connection)
+               tr ( "This can be an indication of a man-in-the-middle attack.\n"
+                    "Somebody might be eavesdropping on you.\n"
+                    "For security reasons, it is recommended to stop the connection.\n"
+                    "Do you want to terminate the connection?\n" );
+        if ( !QMessageBox::warning( 0, tr( "Host key verification failed" ),
+                errMsg, tr( "Yes" ), tr( "No" ) ) != 0)
+            {
+            connection->writeKnownHosts(false);
+            connection->wait();
+            if(sshConnection && sshConnection !=connection)
+            {
+                sshConnection->wait();
+                delete sshConnection;
+            }
+            slotSshUserAuthError ( tr ( "Host key verification failed" ) );
+            sshConnection=0;
+            return;
+        }
+        else
         {
-            sshConnection->wait();
-            delete sshConnection;
+            errMsg = tr( "If you accept the new host key the security of your "
+                         "connection may be compromised.\n"
+                         "Do you want to update the host key?" );
         }
-        sshConnection=0;
-        slotSshUserAuthError ( errMsg );
-        return;
-
+        break;
     case SSH_SERVER_FOUND_OTHER:
         errMsg=tr ( "The host key for this server was not found but an other"
-                    "type of key exists.An attacker might change the default server key to"
-                    "confuse your client into thinking the key does not exist" );
-        connection->writeKnownHosts(false);
-        connection->wait();
-        if(sshConnection && sshConnection !=connection)
+                    "type of key exists. An attacker might change the default server key to "
+                    "confuse your client into thinking the key does not exist. \n"
+                    "For security reasons, it is recommended to stop the connection.\n"
+                    "Do you want to terminate the connection?\n");
+        if ( !QMessageBox::warning( 0, tr( "Host key verification failed" ),
+                errMsg, tr( "Yes" ), tr( "No" ) ) != 0)
+            {
+            connection->writeKnownHosts(false);
+            connection->wait();
+            if(sshConnection && sshConnection !=connection)
+            {
+                sshConnection->wait();
+                delete sshConnection;
+            }
+            slotSshUserAuthError ( tr ( "Host key verification failed" ) );
+            sshConnection=0;
+            return;
+        }
+        else
         {
-            sshConnection->wait();
-            delete sshConnection;
+            errMsg = tr( "If you accept the new host key the security of your "
+                         "connection may be compromised.\n"
+                         "Do you want to update the host key?" );
         }
-        sshConnection=0;
-        slotSshUserAuthError ( errMsg );
-        return ;
-
+        break;
     case SSH_SERVER_ERROR:
         connection->writeKnownHosts(false);
         connection->wait();
-- 
1.7.10.4


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sat May 25 11:33:55 2019; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.