[X2Go-User] Some basics questions
Hi, After some try, and a few problems, I made my connections possible, but I have some questions: 1) On the machine where I install ssh, I always disable, for security reason, the possibility to connect using the user password. After some unsuccessfull tries, I saw that to be able to connect, I must enable the connection with the password (on server side). Is-it normal ? I don't like a simple password protection. I prefer public key. 2) In my first tries, I had a curious message, and it was impossible to connect. The problem was in known-host. Deleting it done the trick, but analysing the difference between the previous and the one generated during x2go connection, I say a difference between records. When using ssh in console to connect, the record looks like this : |1|TaiGrqxL3igpSgVZ4Y6WahmwxEw=|M6tIFGIbg/ZQJI4HTLwLC55AAeY= ecdsa-sha2-nistp256 E2VjZHNhLX When connecting with x2go, looks like that: [192.168.1.53]:22461 ssh-rsa B3NzaC1yc2E . Now, with my last tests, if I have a first form of record, I have this message : The host key for this server was not found but anothertype of key exists. An attacker might have changed the default server key to trick your client into thinking the key does not exist yet. For security reasons, it is recommended to stop the connection attempt. Do you want to terminate the connection? Accepting, a new record is added to known host with the second form of record. I noticed that a record created by x2go in a fresh known_hosts is used without problem with ssh Why a such difference ? Will the ip address be updated during a future connection, as the provider changes our public IP for time to time ? 3) Using x2go graphic window, when I choose a profile to connect, x2go first present the box to enter the key, but user password hasn't yet been entered, so we must cancel the key box and the error box, and then enter the user password to have again the key box. This is very curious, and more curious, entering the key doesn't work, x2go always want me to enter the key. In fact, just cancelling this box and the connection is ok. I suppose it's due to known_host, but the way to connect is very strange. Thanks to help me to understand all this curious facts ... curious for my eyes, obviously ;) A+ -- Alain Aupeix http://jujuland.pagesperso-orange.fr/ http://pissobi-lacassagne.pagesperso-orange.fr/ U.buntu 12.04 | G.ramps 3.4.9-1 | H.arbour 3.2.0dev (2015-09-07 14:28) | HbIDE (Rev.316) | Five.Linux (r143) | Hw.Gui (2492) ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] Some basics questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Am 29.09.2015 um 15:51 schrieb Alain Aupeix: > Hi, > > After some try, and a few problems, I made my connections possible, > but I have some questions: > > 1) On the machine where I install ssh, I always disable, for > security reason, the possibility to connect using the user > password. After some unsuccessfull tries, I saw that to be able to > connect, I must enable the connection with the password (on server > side). > > Is-it normal ? I don't like a simple password protection. I prefer > public key. No, you can use Public Key authentication, either with or without an additional password on top, and either via a specified key file or via SSH auth agent. Please have a look at our Wiki. http://wiki.x2go.org/doku.php/doc:usage:x2goclient#getting_started_my_fi rst_session_profile > 2) In my first tries, I had a curious message, and it was > impossible to connect. The problem was in known-host. Deleting it > done the trick, but analysing the difference between the previous > and the one generated during x2go connection, I say a difference > between records. > > When using ssh in console to connect, the record looks like this : > > |1|TaiGrqxL3igpSgVZ4Y6WahmwxEw=|M6tIFGIbg/ZQJI4HTLwLC55AAeY= > ecdsa-sha2-nistp256 E2VjZHNhLX > > When connecting with x2go, looks like that: > > [192.168.1.53]:22461 ssh-rsa B3NzaC1yc2E . > > Now, with my last tests, if I have a first form of record, I have > this message : > > The host key for this server was not found but anothertype of key > exists. An attacker might have changed the default server key to > trick your client into thinking the key does not exist yet. > > For security reasons, it is recommended to stop the connection > attempt. > > Do you want to terminate the connection? > > > Accepting, a new record is added to known host with the second form > of record. > > I noticed that a record created by x2go in a fresh known_hosts is > used without problem with ssh > > > Why a such difference ? This is nothing X2Go-specific. Modern-day ssh implementations do not use a plaintext format for the known_hosts file any more. Please refer to the documentation of your Linux distribution. The key, in its hashed form, most likely contained a non-rsa key, maybe ecdsa or dsa, which is why SSH (not X2Go per se) prompts you to make a decision. > Will the ip address be updated during a future connection, as the > provider changes our public IP for time to time ? No. Each time you server receives a new IP, you will be asked to confirm the connection on the client. Again, nothing X2Go-specific, but rather plain SSH. The way around this is setting up a dynamic DNS entry, you might want to read up on that. > 3) Using x2go graphic window, when I choose a profile to connect, > x2go first present the box to enter the key, but user password > hasn't yet been entered, so we must cancel the key box and the > error box, and then enter the user password to have again the key > box. This is very curious, and more curious, entering the key > doesn't work, x2go always want me to enter the key. In fact, just > cancelling this box and the connection is ok. I suppose it's due to > known_host, but the way to connect is very strange. This is due to a setup error on your side, probably due to not following the instructions and choosing a combination of options that do not really make sense for your setup. If you authenticate via password, there's no need to enter a path to a key file, nor to check "try auto-login". On the other hand, if you intend to authenticate via public key, you should either: - - have a running SSH auth agent with the key already loaded (please *do not* specify a path and file name to your keyfile in that case), or - - set a valid path and name for the keyfile (which needs to have the proper restrictive ownership/group and permission settings to be accepted - usually youruser:youruser and 600) For public key authentication, you should not enter a password in the user/password box at all. If you're using an SSH auth agent, there will be no prompt for the password, even if your keyfile is protected with one, as you already entered the password when loading the key into the agent, and it remains unencrypted there (that being the idea of having an SSH auth agent - not having to re-type the password over and over). If you're not using an SSH auth agent, and a password-protected keyfile, you will receive a pop-up dialog box prompting you to enter the password for the key *after* you clicked the button. Again, *do not* enter a password directly in the field under the username field when using this authentication method. - -Stefan - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -BEGIN PGP SIGNATURE- Version: GnuPG v2
Re: [X2Go-User] Some basics questions
Hi, Thanks for your answers, i now can connect without problem on the machines I tested. I have now 2 little problems: 1) When editing a profile, when I save by ok, x2goClient closes (I have checked all the parameters to hide in notification zone) I use Ubuntu 12.04 and gnome fallback 2) I have a server (laptop) which have a screen of 1440x900. My desktop computer has two 1280x1024 When I connect to the local session, All the values I tried to have an size with no deformation failed. I tried something like 1200x700, and other values, 1440x900, and it seems it is always the same value, about 1280x930 It's not a big problem, but a little unpleasant No problem with :50 where the window is about 1280x990, but the screen of the session seems to be created like this, and the background is adapted and no unpleasant modification. Thanks A+ -- - Alain Aupeix http://jujuland.pagesperso-orange.fr/ http://pissobi-lacassagne.pagesperso-orange.fr/ - U.buntu 12.04 | G.ramps 3.4.9-1 | H.arbour 3.2.0dev (2015-09-07 14:28) | HbIDE (Rev.316) | Five.Linux (r143) | Hw.Gui (2492) - ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] Some basics questions
I don't understand what the remote and local screen size has to do with each other. Remotely I use an 1680x1050 screen, locally I sometimes bring a 1600x1200 (old 3x4) monitor. When I plug it into DVI Linux automatically sizes the screen correctly. Remotely I use System->Hardware->Monitors to set the resolution I want but I'm using Mate rather than Gnome Fallback. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Tue, 29 Sep 2015, Alain Aupeix wrote: Date: Tue, 29 Sep 2015 19:22:39 +0200 From: Alain Aupeix <alain.aup...@wanadoo.fr> To: Stefan Baur <x2go-m...@baur-itcs.de>, x2go-user@lists.x2go.org Subject: Re: [X2Go-User] Some basics questions Hi, Thanks for your answers, i now can connect without problem on the machines I tested. I have now 2 little problems: 1) When editing a profile, when I save by ok, x2goClient closes (I have checked all the parameters to hide in notification zone) I use Ubuntu 12.04 and gnome fallback 2) I have a server (laptop) which have a screen of 1440x900. My desktop computer has two 1280x1024 When I connect to the local session, All the values I tried to have an size with no deformation failed. I tried something like 1200x700, and other values, 1440x900, and it seems it is always the same value, about 1280x930 It's not a big problem, but a little unpleasant No problem with :50 where the window is about 1280x990, but the screen of the session seems to be created like this, and the background is adapted and no unpleasant modification. Thanks A+ -- - Alain Aupeix http://jujuland.pagesperso-orange.fr/ http://pissobi-lacassagne.pagesperso-orange.fr/ - U.buntu 12.04 | G.ramps 3.4.9-1 | H.arbour 3.2.0dev (2015-09-07 14:28) | HbIDE (Rev.316) | Five.Linux (r143) | Hw.Gui (2492) - ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] Some basics questions
Le 29/09/2015 20:12, Robert Dinse a écrit : I don't understand what the remote and local screen size has to do with each other. Remotely I use an 1680x1050 screen, locally I sometimes bring a 1600x1200 (old 3x4) monitor. When I plug it into DVI Linux automatically sizes the screen correctly. Remotely I use System->Hardware->Monitors to set the resolution I want but I'm using Mate rather than Gnome Fallback. I just compare with what I have with ssvnc where the proportions are respected (but the entire screen isn't displayed without scrolling), and using a ratio (0.85, in my case) done the trick. It's perfect. The problem occurs principally on :0, where I don't want (and can't) change the size of the server I say that can modify the size of window, but I don't understand the reason of this parameter in filter if it's not used. Thanks A+ -- Alain Aupeix http://jujuland.pagesperso-orange.fr/ http://pissobi-lacassagne.pagesperso-orange.fr/ U.buntu 12.04 | G.ramps 3.4.9-1 | H.arbour 3.2.0dev (2015-09-07 14:28) | HbIDE (Rev.316) | Five.Linux (r143) | Hw.Gui (2492) ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
