[X2Go-Dev] Bug#1520: Proxy-Server - SSH - strong Cipher crash x2Go-Client
I can confirm this issue in my own environment as well. X2Go server version is 4.1.0.3-9.el7 running on CentOS 7. Affected users are running X2Go client version 4.1.2.2 on Windows 10 (though this may affect other Windows versions as well). We forced the use of the aes128-ctr cipher yesterday on our cluster login nodes to resolve a security issue raised by our security team. To do this, we added the following line to our SSH server config file: Ciphers aes128-ctr After making this change, several users running the X2Go client on Windows 10 could no longer connect. We found this bug report, and subsequently reverted the above change, which resolved the issue. Please note that Linux clients appeared to be unaffected by this issue; I was able to connect from a workstation running X2Go client version 4.1.2.2 on Ubuntu Linux 20.04 without any issues. -- Adam Dorsey NOAA RDHPCS Systems Administrator Site Lead CSRA / RedLine Performance Solutions, LLC NOAA NESCC 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 office: (304) 367-2882 cell: (304) 685-9345 adam.dor...@noaa.gov ___ x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#1520: Proxy-Server - SSH - strong Cipher crash x2Go-Client
A quick update for this bug: Today I tested the same scenario (Cipher aes128-ctr) on our test cluster using the latest Windows snapshot client, version 4.1.2.3-2021.07.13-df4a8ec. The issue as described in this bug report is still present. Thanks, Adam On Fri, Mar 19, 2021 at 2:28 PM Adam Dorsey - NOAA Affiliate < adam.dor...@noaa.gov> wrote: > I can confirm this issue in my own environment as well. X2Go server > version is 4.1.0.3-9.el7 running on CentOS 7. Affected users are running > X2Go client version 4.1.2.2 on Windows 10 (though this may affect other > Windows versions as well). > > We forced the use of the aes128-ctr cipher yesterday on our cluster login > nodes to resolve a security issue raised by our security team. To do this, > we added the following line to our SSH server config file: > > Ciphers aes128-ctr > > After making this change, several users running the X2Go client on Windows > 10 could no longer connect. We found this bug report, and subsequently > reverted the above change, which resolved the issue. > > Please note that Linux clients appeared to be unaffected by this issue; I > was able to connect from a workstation running X2Go client version 4.1.2.2 > on Ubuntu Linux 20.04 without any issues. > > -- > Adam Dorsey > NOAA RDHPCS Systems Administrator Site Lead > CSRA / RedLine Performance Solutions, LLC > > NOAA NESCC > 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 > office: (304) 367-2882 > cell: (304) 685-9345 > adam.dor...@noaa.gov > -- Adam Dorsey NOAA RDHPCS Systems Administrator Site Lead CSRA / RedLine Performance Solutions, LLC NOAA NESCC 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 office: (304) 367-2882 cell: (304) 685-9345 adam.dor...@noaa.gov ___ x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#1557: Bug#1557: Windows client crashes when connecting to RHEL8
Hans,
I wonder if this is the same issue that is described in bug report #1520 (
https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1520). Can you try the
workaround from that bug report?
Thanks,
Adam
On Wed, Aug 25, 2021 at 6:03 AM Hans Peter Verne
wrote:
> Package: x2goclient
> Version: 4.1.2.2
>
> Hello, devs!
>
> I'm afraid this is not a very precise bug report. Any assistance in
> how to investigate this is appreciated.
>
> We're running x2goclient 4.1.2.2 on Windows-10 machines, this has served
> us well up to now. With our new RedHat Enterprise Server 8.4 in
> production,
> we see the client crashing very often.
>
> When the client crashes, it does so shortly after trying to log in to a
> new or existing session. The clients "show details" window pane is
> activated,
> but the client dies before anything can be seen there.
>
> On the server, just these entries in the system logs appears:
>
> Aug 05 14:42:56 mimi.uio.no sshd[2421324]: Connection from
> 2001:700:100:4028:9462:e3c7:21c5:ec1c port 49763 on 2001:700:100:118::101
> port 22
> Aug 05 14:42:59 mimi.uio.no sshd[2421324]: Connection reset by
> 2001:700:100:4028:9462:e3c7:21c5:ec1c port 49763 [preauth]
>
> If I disable IPv6:
>
> Aug 05 14:45:30 mimi.uio.no sshd[2421601]: Connection from 193.157.161.44
> port 57619 on 129.240.118.101 port 22
> Aug 05 14:45:33 mimi.uio.no sshd[2421601]: Connection reset by
> 193.157.161.44 port 57619 [preauth]
>
> Note the absence of the "Fail password for ..." log entry. It looks like
> it never gets to even try authenticating.
>
> There is no problem logging in with putty from the same client machine,
> both with IPv6 and IPv4. Neither have I had this problem (at least
> not so frequent) with the Linux client.
>
> The server is running sshd and x2goserver from the RHEL8/EPEL repos,
> packages openssh-server-8.0p1-6 and x2goserver-4.1.0.3-9, respectively.
>
> I eventually tried to run sshd -ddd on the server and catch the output.
> The typescripts are attached (slightly edited): one where the client
> crashed;
> and one where it didn't (but couldn't authenticate, bad password). I'm no
> expert on ssh, but it seems like the difference appears after the key
> exchange
> ("KEX done"), when the instance that crashed never reaches the bit with
> userauth-request.
>
> I also tried "setenforce 0" on the server, i.e. disable SELinux, but the
> client still crashed.
>
> As it is, I can't clearly provide a procedure to reproduce the problem,
> as it doesn't always happen.
>
> If more information is required, or there are suggested steps to take,
> please let me know.
>
>
> Thanks in advance, and best regards,
> --
> Hans Peter Verne -- IT-drift Geofag.
>
> In 1934, Van der Lubbe was beheaded in a German prison yard. In 1967, a
> court
> in West Berlin overturned the 1933 verdict, and posthumously changed Van
> der
> Lubbe's sentence to eight years in prison. -- "Reichstag fire" on
> Wikipedia.
> ___
> x2go-dev mailing list
> x2go-dev@lists.x2go.org
> https://lists.x2go.org/listinfo/x2go-dev
>
--
Adam Dorsey
NOAA RDHPCS Systems Administrator Site Lead
CSRA / RedLine Performance Solutions, LLC
NOAA NESCC
1000 Galliher Drive, Suite 333, Fairmont, WV 26554
office: (304) 367-2882
cell: (304) 685-9345
adam.dor...@noaa.gov
___
x2go-dev mailing list
x2go-dev@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#1520: Bug#1520: Proxy-Server - SSH - strong Cipher crash x2Go-Client
I used the process described in bug 1557 today to attempt to capture debug
information. I didn't get anything useful, and no clues as to why the X2Go
client is crashing with strong ciphers.
x2go-INFO-1> "Starting X2Go Client 4.1.2.3..."
x2go-WARNING-1> English language requested, not loading translator.
x2go-WARNING-1> English language requested, not loading translator.
x2go-DEBUG-../src/onmainwindow.cpp:10902> Getting X.Org Server settings.
x2go-INFO-3> "Started X2Go Client."
x2go-DEBUG-../src/onmainwindow.cpp:626> "$HOME=C:/Users/Adam"
x2go-DEBUG-../src/onmainwindow.cpp:2359> Reading 1 sessions from config
file.
x2go-DEBUG-../src/onmainwindow.cpp:13415> libssh not initialized yet.
Initializing.
x2go-DEBUG-../src/pulsemanager.cpp:369> pulseaudio --version
returned:"pulseaudio 13.0
"
x2go-DEBUG-../src/onmainwindow.cpp:10805> Starting helper servers for
Windows ...
x2go-DEBUG-../src/onmainwindow.cpp:10972>
"/cygdrive/C/Users/Adam/.x2go/var" cygwin var path
x2go-DEBUG-../src/onmainwindow.cpp:11060>
"C:/Users/Adam/.x2go/etc/sshd_config created."
x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost.
x2go-DEBUG-../src/onmainwindow.cpp:2853> Creating QPixmap with session
icon: '":/img/icons/128x128/x2gosession.png"'.
x2go-DEBUG-../src/pulsemanager.cpp:227> pulse started with arguments
("--exit-idle-time=-1", "-n", "-F",
"C:\Users\Adam\.x2go\pulse\config.pa", "-p", "C:\Program Files
(x86)\x2goclient\pulse\lib\pulse-13.0\modules",
"--log-level=debug", "--verbose",
"--log-target=file:C:\Users\Adam\.x2go\pulse\pulse.log") - waiting for it
to
finish...
x2go-DEBUG-../src/onmainwindow.cpp:10489> Port is free: 7022
x2go-DEBUG-../src/onmainwindow.cpp:11411> Logging cygwin sshd to:
"C:/Users/Adam/.x2go/sshLogs/p12616.log"
x2go-DEBUG-../src/onmainwindow.cpp:11425> Creating desktop: x2go_Adam
x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost.
x2go-DEBUG-../src/onmainwindow.cpp:10495> Port already in use: 7022
x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost.
x2go-DEBUG-../src/onmainwindow.cpp:10495> Port already in use: 7022
x2go-DEBUG-../src/onmainwindow.cpp:11522> User mode OpenSSH server started
successfully.
x2go-INFO-8> "Starting connection to server: localhost:49199"
x2go-DEBUG-../src/onmainwindow.cpp:2954> Starting new ssh connection to
server:"localhost":"49199" krbLogin: false
x2go-DEBUG-../src/sshmasterconnection.cpp:168> SshMasterConnection, host
"localhost"; port 49199; user "Adam.Dorsey";
useproxy false; proxyserver ""; proxyport 22
x2go-DEBUG-../src/sshmasterconnection.cpp:248> Starting SSH connection
without Kerberos authentication.
x2go-DEBUG-../src/sshmasterconnection.cpp:250> SshMasterConnection,
instance SshMasterConnection(0x548e2a8) created.
x2go-DEBUG-../src/sshmasterconnection.cpp:492> SshMasterConnection,
instance SshMasterConnection(0x548e2a8) entering
thread.
x2go-DEBUG-../src/sshmasterconnection.cpp:573> Setting SSH directory to
C:/Users/Adam/ssh
x2go-DEBUG-../src/sshmasterconnection.cpp:795> Session port before config
file parse: 49199
x2go-DEBUG-../src/sshmasterconnection.cpp:805> Session port after config
file parse: 49199
On Tue, Aug 17, 2021 at 11:45 AM Adam Dorsey - NOAA Affiliate <
adam.dor...@noaa.gov> wrote:
> A quick update for this bug:
>
> Today I tested the same scenario (Cipher aes128-ctr) on our test cluster
> using the latest Windows snapshot client, version
> 4.1.2.3-2021.07.13-df4a8ec. The issue as described in this bug report is
> still present.
>
> Thanks,
> Adam
>
> On Fri, Mar 19, 2021 at 2:28 PM Adam Dorsey - NOAA Affiliate <
> adam.dor...@noaa.gov> wrote:
>
>> I can confirm this issue in my own environment as well. X2Go server
>> version is 4.1.0.3-9.el7 running on CentOS 7. Affected users are running
>> X2Go client version 4.1.2.2 on Windows 10 (though this may affect other
>> Windows versions as well).
>>
>> We forced the use of the aes128-ctr cipher yesterday on our cluster login
>> nodes to resolve a security issue raised by our security team. To do this,
>> we added the following line to our SSH server config file:
>>
>> Ciphers aes128-ctr
>>
>> After making this change, several users running the X2Go client on
>> Windows 10 could no longer connect. We found this bug report, and
>> subsequently reverted the above change, which resolved the issue.
>>
>> Please note that Linux clients appeared to be unaffected by this issue; I
>> was able to connect from a workstation running X2Go client version 4.1.2.2
>> on Ubuntu Linux 20.04 without any issues.
&g
