From unknown Thu Mar 28 18:43:20 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#732: X2Go Client falls back to SSH pub/priv key auth if GSSAPI fails Reply-To: Mike Gabriel , 732@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Fri, 09 Jan 2015 23:25:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 732 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: Received: via spool by submit@bugs.x2go.org id=B.14208457316441 (code B); Fri, 09 Jan 2015 23:25:01 +0000 Received: (at submit) by bugs.x2go.org; 9 Jan 2015 23:22:11 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id DC8FF5DEAA for ; Sat, 10 Jan 2015 00:22:09 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id AC1EA327C for ; Sat, 10 Jan 2015 00:22:09 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id A2AAB3C841 for ; Sat, 10 Jan 2015 00:22:09 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WWHAd9whrHtR for ; Sat, 10 Jan 2015 00:22:09 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 3EB753C7CB for ; Sat, 10 Jan 2015 00:22:09 +0100 (CET) Received: from bifrost.das-netzwerkteam.de (bifrost.das-netzwerkteam.de [178.62.101.154]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 09 Jan 2015 23:22:09 +0000 Date: Fri, 09 Jan 2015 23:22:09 +0000 Message-ID: <20150109232209.Horde.K3bH1TajHmQvYqeZ0-zvaA1@mail.das-netzwerkteam.de> From: Mike Gabriel To: submit@bugs.x2go.org User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 178.62.101.154 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_xAhRA4GITImwalWlQL1ytg1"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_xAhRA4GITImwalWlQL1ytg1 Content-Type: multipart/mixed; boundary="=_Ll16CFLt5mVfn9JSEewC3w1" This message is in MIME format. --=_Ll16CFLt5mVfn9JSEewC3w1 Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes Content-Disposition: inline Package: x2goclient Severity: important Version: 4.0.3.1 I have not yet obtained a Kerberos ticket via kinit... I have an SSH private key protected with a passphrase... My X2Go session profile configuration for SSH auth is: key= krblogin=true autologin=false krbdelegation=false I expect authentication to fail (reporting that my ticket cache is empty or such). What happens is this: """ x2go-INFO-1> "Starting x2goclient..." x2go-WARNING-1> "Can't load translator: :/x2goclient_c" x2go-WARNING-2> "Can't load translator: :/qt_C" x2go-DEBUG-../onmainwindow.cpp:1203> Removing apps from tray x2go-DEBUG-../onmainwindow.cpp:1171> Plugging apps in tray. x2go-INFO-3> "Started x2goclient." x2go-DEBUG-../onmainwindow.cpp:490> "$HOME=/home/mike" x2go-DEBUG-../onmainwindow.cpp:2118> Reading 72 sessions from config file. QPixmap::scaled: Pixmap is a null pixmap x2go-DEBUG-../onmainwindow.cpp:2663> Starting session via smartcard, ssh-agent or kerberos token. x2go-DEBUG-../onmainwindow.cpp:1203> Removing apps from tray x2go-INFO-8> "Starting connection to server: :" x2go-DEBUG-../onmainwindow.cpp:2697> Start new ssh connection to server:"":"" krbLogin: true x2go-DEBUG-../sshmasterconnection.cpp:198> starting ssh connection with kerberos authentication x2go-DEBUG-../sshmasterconnection.cpp:206> SshMasterConnection, instance SshMasterConnection(0x1f0b670) created x2go-DEBUG-../sshmasterconnection.cpp:442> SshMasterConnection, instance SshMasterConnection(0x1f0b670) entering thread x2go-DEBUG-../sshmasterconnection.cpp:478> libSsh not inited yet, initting x2go-DEBUG-../sshmasterconnection.cpp:789> cserverAuth x2go-DEBUG-../sshmasterconnection.cpp:804> state: 1 x2go-DEBUG-../sshmasterconnection.cpp:1153> starting ssh:"ssh -o GSSApiAuthentication=yes mike@ -p -o PasswordAuthentication=no sh -c 'echo X2GODATABEGIN:df7fa883-5dc3-4623-b9dd-16b62f069fc5; whoami; echo X2GODATAEND:df7fa883-5dc3-4623-b9dd-16b62f069fc5;'" Enter passphrase for key '/home/mike/.ssh/id_rsa': """ X2Go Client waits for me entering my SSH private key password while setting up the SSH master connection. This should not happen... Authentication should fail and a proper error message (GSSAPI requires a valid Kerberos ticket cache or similar) should be reported. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_Ll16CFLt5mVfn9JSEewC3w1 Content-Type: application/pgp-signature; name=Digitale_PGP_Signatur Content-Disposition: attachment; size=836; filename=Digitale_PGP_Signatur Content-Transfer-Encoding: base64 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NClZlcnNpb246IEdudVBHIHYxDQoNCmlRSWNC QUFCQWdBR0JRSlVzR0hpQUFvSkVKcjBhekFsZHhzeDRUSVAvM3dZaE1Mckk5MDFqWGgrQ0diNElS VkoNCjJOZFhUUXpoWDAveS9lL05rOXNmU3JQdjlyeVdCMFlBc3gzblJTbHFhUE9KK2owK01jM1dZ alFWOUllVkVUUDYNCmxGYi9zZzdzRzBLVkhaUC9LTmhBQS9KVFFVYkMxRzJSQ0Y5SDB1OUVWT1px Ykl6OS9yR2NkcmpzMFlGQkpTbVUNCnB0dmUyM3ppSzVEcXRRcnQ2REYwRDlCaG1OUlp6NGJEamNZ alBaNmtDR2FTb0Q1WURmaE02ejRSekFFTGZwYTgNCnR6cjVKZzFNQlRWemZQR0FRZ1dLekJVdm5I clY5K2lrMWloNldIZk9TVkVpbWNmV09rVndDWjEvYkF1TEs5UHcNCm84bnNsQnErdm8rSlROaW1Z UGRDVVdQYnhnYW85elhZeGNTUUU2eDAzeU5xWnVIQ3dOMzRsYTRBL1dOMzRiOXUNClQ2REhqZTRq UlQvWHZ4Nml1alROZXhnSEVpTEV2TXhIWFZYNjVxN2QvNy9yOXY3WE1GU0s3WWtwZnBCcGZRamgN CmhhKy9aT1BCcGhQaHIxNGhrSnVjOEtXdDNmWlpva3FhVkxORkR2RFJkK3RpNFJONDZRS29xQi93 alpYdGF2UDINCmdHc2lySDRCc0paNHFjVTNMd2N3bUpYbWdOejcvSXZLMFQ2YVIzT1prM0I3TWIy bWNiZEZBS3pxam04Zm4xMzANCitLYkxQdEtReGQvVGpQOWNzUElVYzc5QlA0OGNudkFmNnQvME5w aVpXMStsSmQ3Z0lMNUorUHJqQVc0TzFVWXgNCkRpVUgrN01XNUtUY3g1bWIzR3BqU25ndXRsaVdK N2pRdE5wRDVHVnpRaEpGMWEwNFF4QlhWMU9OY0FZdFIyRXENCkprUjMyMmh2NkRNeG5lTFZuYm5a DQo9SnZDag0KLS0tLS1FTkQgUEdQIFNJR05BVFVSRS0tLS0tDQo= --=_Ll16CFLt5mVfn9JSEewC3w1-- --=_xAhRA4GITImwalWlQL1ytg1 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJUsGKhAAoJEJr0azAldxsx0OAP/33N51Dc6phcQwcvYBSQZQw1 AtZTu7xBjowsRjq9qLoRyDlcDexi0w1MG3F7GotpUdud1Mo9Tck54nnfc+uQapXq E2by7kSL+e1Pfh6j5wea5v2ulFPRkImjiWrX+ktb++B8VCmZNRX/LuBhfWRDNH+h 8FEBnO/Ugy1+7SZAyciLkdsw+lPkYfe7ZcwHio61rvuvRGfdseKbuMce54xs/7FA auhZVq7a7icMcwa/YQAX+AvznOPAERo5xbse0LnjKsg/Wb0hFb6bG5Tohx5eoxmY utc6028OftVn10yC+zvIUHciZlK4ukD9MRXYmygDNX2OZLjow1aLsq0GPx35w9Q6 /KAKQUqZ3RIDqKfuS/LTfQ+5GB6AxFnVDIZnln+BqumRHwRBWzaq7NpBwlDUyIko KcX2BIEPjgGVsi6c0hMUunja9z+zvV6TQUjElj9s5j+bzy8pZFHDLc4RDNYvviqs +OSZNTO8t9lSeeq0qyth9qy2jj80A41jh/6p+r9971wpqC8KV1nMFrtGtMO93y4l tBnWF7tZ+4y6dqpZfmO3LpTkXJdLtVQHB7dy5eAmcLB4BLO5MlQPsZkecDykPqra P9kR7XCnboUTiEdxxwG62+3YsV5A8dgw94vMaQJz57WbUeMCt8lUN8tbnkylerB7 HKJyzJ54FKicvRaqYSaD =R6x5 -----END PGP SIGNATURE----- --=_xAhRA4GITImwalWlQL1ytg1--