Re: [X2Go-User] ssh error

[Vikas Rawal]

> Maybe try to start pyhoca-cli with "--add-to-known-hosts" parameter or
> move ~/.ssh/known_hosts ( just for test ) away.
> mv ~/.ssh/known_hosts ~/.ssh/known_hosts-`date -I`
>

Thank you. That was it.

Problem solved.

Vikas
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh error

[Juri Grabowski]

Hello,

On Sat, Oct 08, 2022 at 11:01:32AM +0530, Vikas Rawal wrote:
> I am getting a new error with pyhoca-cli:
> 
> paramiko.hostkeys.InvalidHostKey: ('192.168.0.127 ssh-rsa
> AABgQC7ZFjl2e+zxzL4wHBeHnntE5fno0AoGJJbI4IHmRbMmsM88bq9FLQlZ/UMB3NzaC1yc2EDAQABAA96lmxTgFLEBJWMD+Ye+3UMJlfrsYCkSAj3192.168.0.195
> ssh-ed25519
> C3NzaCDW/dw1lZDI1NTE5IHRAkIk0Yfsf1H/0i5xizVZ+UogtQ62ze0zeOnW',
> Error('Invalid base64-encoded string: number of data characters (133)
> cannot be 1 more than a multiple of 4'))
Maybe try to start pyhoca-cli with "--add-to-known-hosts" parameter or
move ~/.ssh/known_hosts ( just for test ) away.
mv ~/.ssh/known_hosts ~/.ssh/known_hosts-`date -I`
> I can ssh to the server and can use x2goclient without any problem.
> 
> Strangely, I get a similar error with xpra.
> 
> It seems to me that something has changed in a python library with a recent
> upgrade (since both pyhoca-cli and xpra worked without any problems
> earlier). But I can't seem to figure out what it is.
Can you please provide more information about your systems and updates?
Distribution of x2goserver: Debian 11, RHEL 9 ?
SSH-version on x2goserver: 1:8.4p1-5+deb11u1 ?
Distribution of pyhoca-cli: 
paramiko version on pyhoca-cli client: 2.7.2-1 ?
Which recent upgrade did you mean? from which software in which version
to which new version?

Best Regards,
Juri Grabowski
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] SSH warnings

[Jérôme Redouté]

Thank you for the suggestion, but it does not fix the warning.

I've disabled audio

print is set to PDF viewing (can't be disabled)

and I've tried tu use an external X server also

but the warning still pops up at X2go launch

Best

Jerome

Le 14/09/2022 à 17:04, Ulrich Sibiller a écrit :
IIRC this is for the connection back from the server to the client and 
is used for file sharing and maybe also sound and printing. I guess if 
you disable these the error will be gone. That is of course not a 
feasible fix for all situations. Needs to be fixed in x2goclient.


Can you please open a bug?

Thx,

Uli



Jérôme Redouté  schrieb am Mi., 14. Sep. 
2022, 16:20:


Yes but this is not persistant. The file seems to be regenerated
at x2go
launch

Le 14/09/2022 à 15:47, Ulrich Sibiller a écrit :
> Have you tried removing the mentioned line from the config file?
It's
> C:\Users\morej\.x2go\etc\sshd_config.
>
> Uli
>
> On Wed, Sep 14, 2022 at 3:03 PM Jérôme Redouté
 wrote:
>> Hello
>>
>> my X2GO shows warning at launch in a terminal window:
>>
>> /cygdrive/C/Users/morej/.x2go/etc/sshd_config line 3:
Deprecated option
>> UsePrivilegeSeparation
>>
>> how can I fix it?
>>
>> here are my OS specifs:
>>
>> Édition    Windows 11 Professionnel
>> Version    22H2
>> Installé le    ‎12/‎05/‎2022
>> Build du système d’exploitation    22622.598
>> Numéro de série    025764401657
>> Expérience    Windows Feature Experience Pack 1000.22634.1000.0
>>
>> Thank you for your help
>>
>> jerome
>>
>>
>> ___
>> x2go-user mailing list
>> x2go-user@lists.x2go.org
>> https://lists.x2go.org/listinfo/x2go-user

-- 
==

Jérôme Redouté
Ph.D. - Ingénieur de Recherche - Université Claude Bernard - Lyon1
Responsable imageur TEP-TDM
CERMEP - Imagerie du vivant
59 Bd Pinel. 69677 Bron - FRANCE
tel : 33 (0)4 72 68 86 18 (bureau)
tel : 33 (0)4 72 68 86 00 (standard)
fax : 33 (0)4 72 68 86 10
==



--
==
Jérôme Redouté
Ph.D. - Ingénieur de Recherche - Université Claude Bernard - Lyon1
Responsable imageur TEP-TDM
CERMEP - Imagerie du vivant
59 Bd Pinel. 69677 Bron - FRANCE
tel : 33 (0)4 72 68 86 18 (bureau)
tel : 33 (0)4 72 68 86 00 (standard)
fax : 33 (0)4 72 68 86 10
==
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] SSH warnings

[Ulrich Sibiller]

IIRC this is for the connection back from the server to the client and is
used for file sharing and maybe also sound and printing. I guess if you
disable these the error will be gone. That is of course not a feasible fix
for all situations. Needs to be fixed in x2goclient.

Can you please open a bug?

Thx,

Uli



Jérôme Redouté  schrieb am Mi., 14. Sep. 2022,
16:20:

> Yes but this is not persistant. The file seems to be regenerated at x2go
> launch
>
> Le 14/09/2022 à 15:47, Ulrich Sibiller a écrit :
> > Have you tried removing the mentioned line from the config file? It's
> > C:\Users\morej\.x2go\etc\sshd_config.
> >
> > Uli
> >
> > On Wed, Sep 14, 2022 at 3:03 PM Jérôme Redouté 
> wrote:
> >> Hello
> >>
> >> my X2GO shows warning at launch in a terminal window:
> >>
> >> /cygdrive/C/Users/morej/.x2go/etc/sshd_config line 3: Deprecated option
> >> UsePrivilegeSeparation
> >>
> >> how can I fix it?
> >>
> >> here are my OS specifs:
> >>
> >> ÉditionWindows 11 Professionnel
> >> Version22H2
> >> Installé le‎12/‎05/‎2022
> >> Build du système d’exploitation22622.598
> >> Numéro de série025764401657
> >> ExpérienceWindows Feature Experience Pack 1000.22634.1000.0
> >>
> >> Thank you for your help
> >>
> >> jerome
> >>
> >>
> >> ___
> >> x2go-user mailing list
> >> x2go-user@lists.x2go.org
> >> https://lists.x2go.org/listinfo/x2go-user
>
> --
> ==
> Jérôme Redouté
> Ph.D. - Ingénieur de Recherche - Université Claude Bernard - Lyon1
> Responsable imageur TEP-TDM
> CERMEP - Imagerie du vivant
> 59 Bd Pinel. 69677 Bron - FRANCE
> tel : 33 (0)4 72 68 86 18 (bureau)
> tel : 33 (0)4 72 68 86 00 (standard)
> fax : 33 (0)4 72 68 86 10
> ==
>
>
>
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] SSH warnings

[Jérôme Redouté]

Yes but this is not persistant. The file seems to be regenerated at x2go 
launch


Le 14/09/2022 à 15:47, Ulrich Sibiller a écrit :

Have you tried removing the mentioned line from the config file? It's
C:\Users\morej\.x2go\etc\sshd_config.

Uli

On Wed, Sep 14, 2022 at 3:03 PM Jérôme Redouté  wrote:

Hello

my X2GO shows warning at launch in a terminal window:

/cygdrive/C/Users/morej/.x2go/etc/sshd_config line 3: Deprecated option
UsePrivilegeSeparation

how can I fix it?

here are my OS specifs:

ÉditionWindows 11 Professionnel
Version22H2
Installé le‎12/‎05/‎2022
Build du système d’exploitation22622.598
Numéro de série025764401657
ExpérienceWindows Feature Experience Pack 1000.22634.1000.0

Thank you for your help

jerome


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user


--
==
Jérôme Redouté
Ph.D. - Ingénieur de Recherche - Université Claude Bernard - Lyon1
Responsable imageur TEP-TDM
CERMEP - Imagerie du vivant
59 Bd Pinel. 69677 Bron - FRANCE
tel : 33 (0)4 72 68 86 18 (bureau)
tel : 33 (0)4 72 68 86 00 (standard)
fax : 33 (0)4 72 68 86 10
==


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] SSH warnings

[Ulrich Sibiller]

Have you tried removing the mentioned line from the config file? It's
C:\Users\morej\.x2go\etc\sshd_config.

Uli

On Wed, Sep 14, 2022 at 3:03 PM Jérôme Redouté  wrote:
>
> Hello
>
> my X2GO shows warning at launch in a terminal window:
>
> /cygdrive/C/Users/morej/.x2go/etc/sshd_config line 3: Deprecated option
> UsePrivilegeSeparation
>
> how can I fix it?
>
> here are my OS specifs:
>
> ÉditionWindows 11 Professionnel
> Version22H2
> Installé le‎12/‎05/‎2022
> Build du système d’exploitation22622.598
> Numéro de série025764401657
> ExpérienceWindows Feature Experience Pack 1000.22634.1000.0
>
> Thank you for your help
>
> jerome
>
>
> ___
> x2go-user mailing list
> x2go-user@lists.x2go.org
> https://lists.x2go.org/listinfo/x2go-user
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh to anode failing from inside of a x2go session

[Josep Manel Andrés Moscardó]

That was exactly it Thanks a lot.

It was weird, since I would say that I had it working before, and I
don't remember any change going on the infrastructure.

But thanks a lot.



On 13/11/18 16:14, Stefan Baur wrote:

Am 13.11.18 um 15:49 schrieb Josep Manel Andrés Moscardó:

Hi,
I have a connection to a x2go server (slurm login node) that works fine,
but my issue is that when I open a terminal and try to ssh into a node
it just hangs until it times out.

Is there any restriction for it?

I am connecting to the x2go server using password or ssh key, and trying
to ssh to the node using ssh key or password, it doesn't matter.

Thanks.


Using a key file isn't trivial in this situation.  I would suggest
making your first attempts using a regular username/password combinations.

First, try pinging the destination server from within the X2Go session.

If you can't ping it, the problem might not be with SSH but with an
underlying network (mis)configuration).  Running traceroute and looking
at/posting the output can't hurt, either.

Also, crank up the verbosity level of the ssh client inside the X2Go
session like so:

ssh -vvv user@host

You might also want to try to ping with larger packet sizes, like so:

ping -s 1500 host

if a regular ping works, but it fails when specifying "-s 1500", it
might be an MTU issue.  Start decreasing the number until you can get a
successful ping through, then set the MTU on the interface to that value.

-Stefan



--
Josep Manel Andrés Moscardó
Systems Engineer, IT Operations
EMBL Heidelberg
T +49 6221 387-8394



smime.p7s
Description: S/MIME Cryptographic Signature
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh to anode failing from inside of a x2go session

[Stefan Baur]

Am 13.11.18 um 15:49 schrieb Josep Manel Andrés Moscardó:
> Hi,
> I have a connection to a x2go server (slurm login node) that works fine,
> but my issue is that when I open a terminal and try to ssh into a node
> it just hangs until it times out.
> 
> Is there any restriction for it?
> 
> I am connecting to the x2go server using password or ssh key, and trying
> to ssh to the node using ssh key or password, it doesn't matter.
> 
> Thanks.

Using a key file isn't trivial in this situation.  I would suggest
making your first attempts using a regular username/password combinations.

First, try pinging the destination server from within the X2Go session.

If you can't ping it, the problem might not be with SSH but with an
underlying network (mis)configuration).  Running traceroute and looking
at/posting the output can't hurt, either.

Also, crank up the verbosity level of the ssh client inside the X2Go
session like so:

ssh -vvv user@host

You might also want to try to ping with larger packet sizes, like so:

ping -s 1500 host

if a regular ping works, but it fails when specifying "-s 1500", it
might be an MTU issue.  Start decreasing the number until you can get a
successful ping through, then set the MTU on the interface to that value.

-Stefan

-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] SSH

[Robert Dinse]

 Well, I just built the latest and greatest ssh:
OpenSSH_7.6p1, OpenSSL 1.0.2g  1 Mar 2016 and that fixed the segfault but
did not fix the x2go error.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
   Knowledgeable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

On Fri, 2 Mar 2018, Robert Dinse wrote:


Date: Fri, 2 Mar 2018 02:40:09 -0800 (PST)
From: Robert Dinse 
To: "x2go-user@lists.x2go.org" 
Subject: [X2Go-User] SSH


Looks like my ssh is hurt:

[256092.528160] SshMasterConnec[4630]: segfault at dd ip 7fc61a459eec sp 
7fc5ee2b8928 error 4 in libssh.so.4.4.2[7fc61a433000+6d000]


[256163.639990] SshMasterConnec[5083]: segfault at dd ip 7fa0a3453eec sp 
7fa0772ee928 error 4 in libssh.so.4.4.2[7fa0a342d000+6d000]


This might be my issue rather than x2go, but it never happens when I do
a straight ssh session.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
  Knowledgeable human assistance, not telephone trees or script readers.
See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Orion Poplawski]

On 10/06/2017 12:57 AM, Ulrich Sibiller wrote:

On Fri, Oct 6, 2017 at 3:12 AM, Mihai Moldovan  wrote:


On 09/28/2017 01:49 PM, Max A. wrote:

I'm using a x2go server on CentOS 6.9 (the latest version from EPEL,
4.0.1.20), clients use Windows XP/7 and the latest version of X2Go
Client (4.1.0.0-2017.03.11). Each time the client connects,
ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts with
the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key "-f C:



I explicitly decided against that. For more information and the rationale for
this change, refer to the release announcement:
http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html


The release announcement talks about 2048-bit keys being generated
while this indicates that even stronger keys are being used (which in
turn increases the time to create them). I think for slow clients this
is too much. At least the admin should be able to decide about the
required security, not the maintainer.

So what about staying as is by default but providing a possibility to
pre-generate keys for those connections.

Uli


What about ed25519 keys?

 https://stribika.github.io/2015/01/04/secure-secure-shell.html

About 30-60 times faster to create on my fairly fast machine.

Unfortunately EL6 era machines don't support them.

--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Stefan Baur]

Am 06.10.2017 um 15:07 schrieb Walid MOGHRABI:
>> I haven't tested it myself yet, but some devs suggested that slow 
>> session startup (as opposed to slow booting to login screen) may be 
>> caused by homedirs stored on NFS. 
>> Might be worth adding a test account that has a homedir "native" to the 
>> server, and if that brings a significant speed increase, trying out 
>> other networked filesystems like glusterfs. 
> Might be possible, NFS migh probably add a few latency but I wouldn't 
> recommend using GlusterFS instead, it is far slower due to the voulme beeing 
> mounted through Fuse.
> I already did many testing on GlusterFS for our internal usage and it is by 
> far slower than NFS.
> CephFS (file sharing "nfs like" filesystem provided by Ceph on top of it's 
> storage capabilities, as opposed to the "usual" block mode it provides) could 
> be worth trying but I didn't had the opportunity to do some testing by now.
> Anyway, I think it should be at most comparable to NFS, not really faster.

See, you "think", but you haven't verified it in comparison to a local
homedir.  As I said, I haven't either, but it was a hint from some of
the devs to look out for that.  So maybe we just have to live with a
slower session startup if networked homedirs are part of the equation;
testers to confirm or dismiss this theory are welcome. ;-)

Kind Regards,
Stefan Baur

-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243



signature.asc
Description: OpenPGP digital signature
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Walid MOGHRABI]

> I haven't tested it myself yet, but some devs suggested that slow 
> session startup (as opposed to slow booting to login screen) may be 
> caused by homedirs stored on NFS. 
> Might be worth adding a test account that has a homedir "native" to the 
> server, and if that brings a significant speed increase, trying out 
> other networked filesystems like glusterfs. 

Might be possible, NFS migh probably add a few latency but I wouldn't recommend 
using GlusterFS instead, it is far slower due to the voulme beeing mounted 
through Fuse.
I already did many testing on GlusterFS for our internal usage and it is by far 
slower than NFS.
CephFS (file sharing "nfs like" filesystem provided by Ceph on top of it's 
storage capabilities, as opposed to the "usual" block mode it provides) could 
be worth trying but I didn't had the opportunity to do some testing by now.
Anyway, I think it should be at most comparable to NFS, not really faster.

Regards,
Walid Moghrabi

TRAVAUX.COM
BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403
13591 AIX EN PROVENCE CEDEX 3

- Mail original - 

De: "Stefan Baur" <x2go-m...@baur-itcs.de> 
À: "Walid MOGHRABI" <w.moghr...@servicemagic.eu> 
Cc: x2go-user@lists.x2go.org 
Envoyé: Vendredi 6 Octobre 2017 13:33:43 
Objet: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client 
starts 

Am 06.10.2017 um 13:29 schrieb Walid MOGHRABI: 
> I agree especially in the case of the TCE where we're targeting ThinClients 
> that are generaly quite low on specs (mostly ATOM or celeron based). 
> Anyway,time to open the session is a bit too slow to my taste, I would agree 
> but this is not unbearable. 
> RDP on the other hand is extremely fast at opening the session but if I 
> remember well, it uses a secured channel with encryption (but not through 
> SSH) so, what are they using to connect that fast without compromising 
> security too much ? 
> 
> On the other hand, I have a problem with the client beeing very slow to quit 
> but this is another subject, I'll fill a bug report for that later. 

I haven't tested it myself yet, but some devs suggested that slow 
session startup (as opposed to slow booting to login screen) may be 
caused by homedirs stored on NFS. 
Might be worth adding a test account that has a homedir "native" to the 
server, and if that brings a significant speed increase, trying out 
other networked filesystems like glusterfs. 

Kind Regards, 
Stefan Baur 

-- 
BAUR-ITCS UG (haftungsbeschränkt) 
Geschäftsführer: Stefan Baur 
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
---
DISCLAIMER: This e-mail is private and confidential and may contain proprietary 
or legally privileged information. It is for the intended recipient only. If 
you have received this email in error, please notify the author by replying to 
it and then destroy it. If you are not the intended recipient you must not use, 
disclose, distribute, copy, print or rely on this e-mail or any attachment. 
Thank you
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Robert Dinse]

 Stefan I apologize but I thought my 12 year old hardware was really past
obsolete but it keeps chunking on somehow so it hasn't been replaced.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
   Knowledgeable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

On Fri, 6 Oct 2017, Stefan Baur wrote:


Date: Fri, 6 Oct 2017 12:24:45 +0200
From: Stefan Baur <x2go-m...@baur-itcs.de>
To: x2go-user@lists.x2go.org
Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the
client starts

Robert,

Please do not mock other users just because they have what you consider
inferior hardware.
Some people are stuck with old hardware for whatever reason, and there
are many reasons that qualify as valid.

Kind Regards,
Stefan Baur
X2Go Project/Community Manager

Am 06.10.2017 um 11:13 schrieb Robert Dinse:


 Your laptop is slower than my 12 year old computer?  Running
Windows 3.11
per chance?

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

 Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
   Knowledgeable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

On Fri, 6 Oct 2017, Max A. wrote:


Date: Fri, 6 Oct 2017 12:06:09 +0300
From: Max A. <lith...@mail.ru>
Cc: x2go users <x2go-user@lists.x2go.org>
Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time
the
    client starts

on my old laptop the connection takes at least 15 seconds, I would be
glad if it happens faster




 Ok, in any case, it took my 12 year old workstation 5 seconds to
connect.
Are we not perhaps splitting hairs?


-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and
Hosting.
   Knowledgeable human assistance, not telephone trees or script
readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800)
246-6874.

On Fri, 6 Oct 2017, Ulrich Sibiller wrote:


Date: Fri, 6 Oct 2017 09:35:29 +0200
From: Ulrich Sibiller <ul...@gmx.de>
To: Robert Dinse <nan...@eskimo.com>
Cc: Mihai Moldovan <io...@ionic.de>, x2go users
<x2go-user@lists.x2go.org>
Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every
time the
    client starts

On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse <nan...@eskimo.com> wrote:


 By doing so you weaken security for sites providing this
capability.


Yes, maybe, maybe not. Think about sites that have strict rules about
keys. Or sites having to use specific key types. Or RSA being
compromised. Currently there's nothing an admin can do.

It's the site's administrator that has to decide about that. The tool
can provide a default but the admin must be enabled to change it if
desired.

Uli


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user



___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user




--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Robert Dinse]

 My machine is also 2005 vintage.  Bu tnot celeron based.  This is rather
like the argument of whether or not to retain weak encryption on https so
that Windows 95 users can still use it.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
   Knowledgeable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

On Fri, 6 Oct 2017, Max A. wrote:


Date: Fri, 6 Oct 2017 13:20:52 +0300
From: Max A. <lith...@mail.ru>
To: x2go users <x2go-user@lists.x2go.org>
Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the
client starts

Acer Aspire 3613LC, Celeron M 370, 2 GB RAM, 2005 year. Users do not have 
such ancient computers, but the delay of 5 seconds annoys many.


 Your laptop is slower than my 12 year old computer?  Running Windows 
3.11

per chance?


-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.

   Knowledgeable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

On Fri, 6 Oct 2017, Max A. wrote:


Date: Fri, 6 Oct 2017 12:06:09 +0300
From: Max A. <lith...@mail.ru>
Cc: x2go users <x2go-user@lists.x2go.org>
Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the
    client starts

on my old laptop the connection takes at least 15 seconds, I would be glad 
if it happens faster





 Ok, in any case, it took my 12 year old workstation 5 seconds to 
connect.

Are we not perhaps splitting hairs?



-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and 
Hosting.

   Knowledgeable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 
246-6874.


On Fri, 6 Oct 2017, Ulrich Sibiller wrote:


Date: Fri, 6 Oct 2017 09:35:29 +0200
From: Ulrich Sibiller <ul...@gmx.de>
To: Robert Dinse <nan...@eskimo.com>
Cc: Mihai Moldovan <io...@ionic.de>, x2go users 
<x2go-user@lists.x2go.org>
Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time 
the

    client starts

On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse <nan...@eskimo.com> wrote:


 By doing so you weaken security for sites providing this 
capability.


Yes, maybe, maybe not. Think about sites that have strict rules about
keys. Or sites having to use specific key types. Or RSA being
compromised. Currently there's nothing an admin can do.

It's the site's administrator that has to decide about that. The tool
can provide a default but the admin must be enabled to change it if
desired.

Uli


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Stefan Baur]

Am 06.10.2017 um 13:29 schrieb Walid MOGHRABI:
> I agree especially in the case of the TCE where we're targeting ThinClients 
> that are generaly quite low on specs (mostly ATOM or celeron based).
> Anyway,time to open the session is a bit too slow to my taste, I would agree 
> but this is not unbearable.
> RDP on the other hand is extremely fast at opening the session but if I 
> remember well, it uses a secured channel with encryption (but not through 
> SSH) so, what are they using to connect that fast without compromising 
> security too much ?
> 
> On the other hand, I have a problem with the client beeing very slow to quit 
> but this is another subject, I'll fill a bug report for that later.

I haven't tested it myself yet, but some devs suggested that slow
session startup (as opposed to slow booting to login screen) may be
caused by homedirs stored on NFS.
Might be worth adding a test account that has a homedir "native" to the
server, and if that brings a significant speed increase, trying out
other networked filesystems like glusterfs.

Kind Regards,
Stefan Baur

-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243



signature.asc
Description: OpenPGP digital signature
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Walid MOGHRABI]

I agree especially in the case of the TCE where we're targeting ThinClients 
that are generaly quite low on specs (mostly ATOM or celeron based).
Anyway,time to open the session is a bit too slow to my taste, I would agree 
but this is not unbearable.
RDP on the other hand is extremely fast at opening the session but if I 
remember well, it uses a secured channel with encryption (but not through SSH) 
so, what are they using to connect that fast without compromising security too 
much ?

On the other hand, I have a problem with the client beeing very slow to quit 
but this is another subject, I'll fill a bug report for that later.


Regards,
Walid Moghrabi

TRAVAUX.COM
BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403
13591 AIX EN PROVENCE CEDEX 3

- Mail original - 

De: "Stefan Baur" <x2go-m...@baur-itcs.de> 
À: x2go-user@lists.x2go.org 
Envoyé: Vendredi 6 Octobre 2017 12:24:45 
Objet: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client 
starts 

Robert, 

Please do not mock other users just because they have what you consider 
inferior hardware. 
Some people are stuck with old hardware for whatever reason, and there 
are many reasons that qualify as valid. 

Kind Regards, 
Stefan Baur 
X2Go Project/Community Manager 

Am 06.10.2017 um 11:13 schrieb Robert Dinse: 
> 
> Your laptop is slower than my 12 year old computer? Running 
> Windows 3.11 
> per chance? 
> 
> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
>  
> 
> Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. 
> Knowledgeable human assistance, not telephone trees or script readers. 
> See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. 
> 
> On Fri, 6 Oct 2017, Max A. wrote: 
> 
>> Date: Fri, 6 Oct 2017 12:06:09 +0300 
>> From: Max A. <lith...@mail.ru> 
>> Cc: x2go users <x2go-user@lists.x2go.org> 
>> Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time 
>> the 
>> client starts 
>> 
>> on my old laptop the connection takes at least 15 seconds, I would be 
>> glad if it happens faster 
>> 
>> 
>>> 
>>> Ok, in any case, it took my 12 year old workstation 5 seconds to 
>>> connect. 
>>> Are we not perhaps splitting hairs? 
>>> 
>>> 
>>> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
>>>  
>>> Eskimo North Linux Friendly Internet Access, Shell Accounts, and 
>>> Hosting. 
>>> Knowledgeable human assistance, not telephone trees or script 
>>> readers. 
>>> See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 
>>> 246-6874. 
>>> 
>>> On Fri, 6 Oct 2017, Ulrich Sibiller wrote: 
>>> 
>>>> Date: Fri, 6 Oct 2017 09:35:29 +0200 
>>>> From: Ulrich Sibiller <ul...@gmx.de> 
>>>> To: Robert Dinse <nan...@eskimo.com> 
>>>> Cc: Mihai Moldovan <io...@ionic.de>, x2go users 
>>>> <x2go-user@lists.x2go.org> 
>>>> Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every 
>>>> time the 
>>>> client starts 
>>>> 
>>>> On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse <nan...@eskimo.com> wrote: 
>>>>> 
>>>>> By doing so you weaken security for sites providing this 
>>>>> capability. 
>>>> 
>>>> Yes, maybe, maybe not. Think about sites that have strict rules about 
>>>> keys. Or sites having to use specific key types. Or RSA being 
>>>> compromised. Currently there's nothing an admin can do. 
>>>> 
>>>> It's the site's administrator that has to decide about that. The tool 
>>>> can provide a default but the admin must be enabled to change it if 
>>>> desired. 
>>>> 
>>>> Uli 
>>>> 
>>> ___ 
>>> x2go-user mailing list 
>>> x2go-user@lists.x2go.org 
>>> https://lists.x2go.org/listinfo/x2go-user 
>> 
>> ___ 
>> x2go-user mailing list 
>> x2go-user@lists.x2go.org 
>> https://lists.x2go.org/listinfo/x2go-user 
> 
> 
> ___ 
> x2go-user mailing list 
> x2go-user@lists.x2go.org 
> https://lists.x2go.org/listinfo/x2go-user 
> 


-- 
BAUR-ITCS UG (haftungsbeschränkt) 
Geschäftsführer: Stefan Baur 
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 


___ 
x2go-user mailing list 
x2go-user@lists.x2go.org 
https://lists.x2go.org/listinfo/x2go-user
---
DISCLAIMER: This e-mail is private and confidential and may contain proprietary 
or legally privileged information. It is for the intended recipient only. If 
you have received this email in error, please notify the author by replying to 
it and then destroy it. If you are not the intended recipient you must not use, 
disclose, distribute, copy, print or rely on this e-mail or any attachment. 
Thank you
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Stefan Baur]

Robert,

Please do not mock other users just because they have what you consider
inferior hardware.
Some people are stuck with old hardware for whatever reason, and there
are many reasons that qualify as valid.

Kind Regards,
Stefan Baur
X2Go Project/Community Manager

Am 06.10.2017 um 11:13 schrieb Robert Dinse:
> 
>  Your laptop is slower than my 12 year old computer?  Running
> Windows 3.11
> per chance?
> 
> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
> 
>  Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
>    Knowledgeable human assistance, not telephone trees or script readers.
>  See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.
> 
> On Fri, 6 Oct 2017, Max A. wrote:
> 
>> Date: Fri, 6 Oct 2017 12:06:09 +0300
>> From: Max A. <lith...@mail.ru>
>> Cc: x2go users <x2go-user@lists.x2go.org>
>> Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time
>> the
>>     client starts
>>
>> on my old laptop the connection takes at least 15 seconds, I would be
>> glad if it happens faster
>>
>>
>>>
>>>  Ok, in any case, it took my 12 year old workstation 5 seconds to
>>> connect.
>>> Are we not perhaps splitting hairs?
>>>
>>>
>>> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
>>>  Eskimo North Linux Friendly Internet Access, Shell Accounts, and
>>> Hosting.
>>>    Knowledgeable human assistance, not telephone trees or script
>>> readers.
>>>  See our web site: http://www.eskimo.com/ (206) 812-0051 or (800)
>>> 246-6874.
>>>
>>> On Fri, 6 Oct 2017, Ulrich Sibiller wrote:
>>>
>>>> Date: Fri, 6 Oct 2017 09:35:29 +0200
>>>> From: Ulrich Sibiller <ul...@gmx.de>
>>>> To: Robert Dinse <nan...@eskimo.com>
>>>> Cc: Mihai Moldovan <io...@ionic.de>, x2go users
>>>> <x2go-user@lists.x2go.org>
>>>> Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every
>>>> time the
>>>>     client starts
>>>>
>>>> On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse <nan...@eskimo.com> wrote:
>>>>>
>>>>>  By doing so you weaken security for sites providing this
>>>>> capability.
>>>>
>>>> Yes, maybe, maybe not. Think about sites that have strict rules about
>>>> keys. Or sites having to use specific key types. Or RSA being
>>>> compromised. Currently there's nothing an admin can do.
>>>>
>>>> It's the site's administrator that has to decide about that. The tool
>>>> can provide a default but the admin must be enabled to change it if
>>>> desired.
>>>>
>>>> Uli
>>>>
>>> ___
>>> x2go-user mailing list
>>> x2go-user@lists.x2go.org
>>> https://lists.x2go.org/listinfo/x2go-user
>>
>> ___
>> x2go-user mailing list
>> x2go-user@lists.x2go.org
>> https://lists.x2go.org/listinfo/x2go-user
> 
> 
> ___
> x2go-user mailing list
> x2go-user@lists.x2go.org
> https://lists.x2go.org/listinfo/x2go-user
> 


-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243



signature.asc
Description: OpenPGP digital signature
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Max A.]

Acer Aspire 3613LC, Celeron M 370, 2 GB RAM, 2005 year. Users do not 
have such ancient computers, but the delay of 5 seconds annoys many.


 Your laptop is slower than my 12 year old computer?  Running 
Windows 3.11

per chance?

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 

 Eskimo North Linux Friendly Internet Access, Shell Accounts, and 
Hosting.

   Knowledgeable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 
246-6874.


On Fri, 6 Oct 2017, Max A. wrote:


Date: Fri, 6 Oct 2017 12:06:09 +0300
From: Max A. <lith...@mail.ru>
Cc: x2go users <x2go-user@lists.x2go.org>
Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every 
time the

    client starts

on my old laptop the connection takes at least 15 seconds, I would be 
glad if it happens faster





 Ok, in any case, it took my 12 year old workstation 5 seconds 
to connect.

Are we not perhaps splitting hairs?


-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and 
Hosting.
   Knowledgeable human assistance, not telephone trees or script 
readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 
246-6874.


On Fri, 6 Oct 2017, Ulrich Sibiller wrote:


Date: Fri, 6 Oct 2017 09:35:29 +0200
From: Ulrich Sibiller <ul...@gmx.de>
To: Robert Dinse <nan...@eskimo.com>
Cc: Mihai Moldovan <io...@ionic.de>, x2go users 
<x2go-user@lists.x2go.org>
Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every 
time the

    client starts

On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse <nan...@eskimo.com> 
wrote:


 By doing so you weaken security for sites providing this 
capability.


Yes, maybe, maybe not. Think about sites that have strict rules about
keys. Or sites having to use specific key types. Or RSA being
compromised. Currently there's nothing an admin can do.

It's the site's administrator that has to decide about that. The tool
can provide a default but the admin must be enabled to change it if
desired.

Uli


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Stefan Baur]

Am 06.10.2017 um 10:56 schrieb Max A.:
> In my opinion, it would be possible to give an opportunity to choose
> between security and convenience.

No, because there would be no way to enforce it in cases where it is
actually needed.

I was actually considering to suggest that we add an option either
server- or client-side that allows using less secure, but faster
algorithms - but adding such an option would ease things for an
attacker, so: No.

Kind Regards,
Stefan Baur

-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243



signature.asc
Description: OpenPGP digital signature
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Max A.]

We use x2go on the local network and security is not as important as the 
convenience of users. In my opinion, it would be possible to give an 
opportunity to choose between security and convenience.





 By doing so you weaken security for sites providing this capability.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 

 Eskimo North Linux Friendly Internet Access, Shell Accounts, and 
Hosting.

   Knowledgeable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 
246-6874.


On Fri, 6 Oct 2017, Ulrich Sibiller wrote:


Date: Fri, 6 Oct 2017 08:57:37 +0200
From: Ulrich Sibiller <ul...@gmx.de>
To: Mihai Moldovan <io...@ionic.de>
Cc: x2go users <x2go-user@lists.x2go.org>
Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every 
time the

    client starts

On Fri, Oct 6, 2017 at 3:12 AM, Mihai Moldovan <io...@ionic.de> wrote:


On 09/28/2017 01:49 PM, Max A. wrote:

I'm using a x2go server on CentOS 6.9 (the latest version from EPEL,
4.0.1.20), clients use Windows XP/7 and the latest version of X2Go
Client (4.1.0.0-2017.03.11). Each time the client connects,
ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts 
with
the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key 
"-f C:


I explicitly decided against that. For more information and the 
rationale for

this change, refer to the release announcement:
http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html


The release announcement talks about 2048-bit keys being generated
while this indicates that even stronger keys are being used (which in
turn increases the time to create them). I think for slow clients this
is too much. At least the admin should be able to decide about the
required security, not the maintainer.

So what about staying as is by default but providing a possibility to
pre-generate keys for those connections.

Uli
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Robert Dinse]

 Your laptop is slower than my 12 year old computer?  Running Windows 3.11
per chance?

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
   Knowledgeable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

On Fri, 6 Oct 2017, Max A. wrote:


Date: Fri, 6 Oct 2017 12:06:09 +0300
From: Max A. <lith...@mail.ru>
Cc: x2go users <x2go-user@lists.x2go.org>
Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the
client starts

on my old laptop the connection takes at least 15 seconds, I would be glad if 
it happens faster





 Ok, in any case, it took my 12 year old workstation 5 seconds to 
connect.

Are we not perhaps splitting hairs?


-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.

   Knowledgeable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

On Fri, 6 Oct 2017, Ulrich Sibiller wrote:


Date: Fri, 6 Oct 2017 09:35:29 +0200
From: Ulrich Sibiller <ul...@gmx.de>
To: Robert Dinse <nan...@eskimo.com>
Cc: Mihai Moldovan <io...@ionic.de>, x2go users <x2go-user@lists.x2go.org>
Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the
    client starts

On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse <nan...@eskimo.com> wrote:


 By doing so you weaken security for sites providing this capability.


Yes, maybe, maybe not. Think about sites that have strict rules about
keys. Or sites having to use specific key types. Or RSA being
compromised. Currently there's nothing an admin can do.

It's the site's administrator that has to decide about that. The tool
can provide a default but the admin must be enabled to change it if
desired.

Uli


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Max A.]

on my old laptop the connection takes at least 15 seconds, I would be 
glad if it happens faster





 Ok, in any case, it took my 12 year old workstation 5 seconds to 
connect.

Are we not perhaps splitting hairs?

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 

 Eskimo North Linux Friendly Internet Access, Shell Accounts, and 
Hosting.

   Knowledgeable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 
246-6874.


On Fri, 6 Oct 2017, Ulrich Sibiller wrote:


Date: Fri, 6 Oct 2017 09:35:29 +0200
From: Ulrich Sibiller <ul...@gmx.de>
To: Robert Dinse <nan...@eskimo.com>
Cc: Mihai Moldovan <io...@ionic.de>, x2go users 
<x2go-user@lists.x2go.org>
Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every 
time the

    client starts

On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse <nan...@eskimo.com> wrote:


 By doing so you weaken security for sites providing this 
capability.


Yes, maybe, maybe not. Think about sites that have strict rules about
keys. Or sites having to use specific key types. Or RSA being
compromised. Currently there's nothing an admin can do.

It's the site's administrator that has to decide about that. The tool
can provide a default but the admin must be enabled to change it if
desired.

Uli


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Robert Dinse]

 Ok, in any case, it took my 12 year old workstation 5 seconds to connect.
Are we not perhaps splitting hairs?

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
   Knowledgeable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

On Fri, 6 Oct 2017, Ulrich Sibiller wrote:


Date: Fri, 6 Oct 2017 09:35:29 +0200
From: Ulrich Sibiller <ul...@gmx.de>
To: Robert Dinse <nan...@eskimo.com>
Cc: Mihai Moldovan <io...@ionic.de>, x2go users <x2go-user@lists.x2go.org>
Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the
client starts

On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse <nan...@eskimo.com> wrote:


 By doing so you weaken security for sites providing this capability.


Yes, maybe, maybe not. Think about sites that have strict rules about
keys. Or sites having to use specific key types. Or RSA being
compromised. Currently there's nothing an admin can do.

It's the site's administrator that has to decide about that. The tool
can provide a default but the admin must be enabled to change it if
desired.

Uli


___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Ulrich Sibiller]

On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse  wrote:
>
>  By doing so you weaken security for sites providing this capability.

Yes, maybe, maybe not. Think about sites that have strict rules about
keys. Or sites having to use specific key types. Or RSA being
compromised. Currently there's nothing an admin can do.

It's the site's administrator that has to decide about that. The tool
can provide a default but the admin must be enabled to change it if
desired.

Uli
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Ulrich Sibiller]

On Fri, Oct 6, 2017 at 3:12 AM, Mihai Moldovan  wrote:
>
> On 09/28/2017 01:49 PM, Max A. wrote:
> > I'm using a x2go server on CentOS 6.9 (the latest version from EPEL,
> > 4.0.1.20), clients use Windows XP/7 and the latest version of X2Go
> > Client (4.1.0.0-2017.03.11). Each time the client connects,
> > ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts with
> > the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key "-f C:

> I explicitly decided against that. For more information and the rationale for
> this change, refer to the release announcement:
> http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html

The release announcement talks about 2048-bit keys being generated
while this indicates that even stronger keys are being used (which in
turn increases the time to create them). I think for slow clients this
is too much. At least the admin should be able to decide about the
required security, not the maintainer.

So what about staying as is by default but providing a possibility to
pre-generate keys for those connections.

Uli
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts

[Mihai Moldovan]

On 09/28/2017 01:49 PM, Max A. wrote:
> I'm using a x2go server on CentOS 6.9 (the latest version from EPEL, 
> 4.0.1.20), clients use Windows XP/7 and the latest version of X2Go 
> Client (4.1.0.0-2017.03.11). Each time the client connects, 
> ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts with 
> the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key "-f C: 
> /Users/max/.x2go/ssh/gen/key.fl1416 ". On not very powerful computers, 
> this causes a delay of a few seconds with each connection and irritates 
> users. Tell me please, if it is possible to generate this key once and 
> for all?

I understand that this may be inconvenient, but no, there's currently no way to
generate a set of keys that will be re-used.

I explicitly decided against that. For more information and the rationale for
this change, refer to the release announcement:
http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html



Mihai



signature.asc
Description: OpenPGP digital signature
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] SSH-Daemon could not be started on MAC OSX 10.11.6

[Mihai Moldovan]

On 25.08.2016 10:55 AM, Thomas Stephan wrote:
> I did not change the port, so it should be listening on the default port 22.
> The client setting for the local SSH-port for file sharing is 22.

Okay, can you please provide me with the output of

sudo lsof -n -i | grep -i ssh

and

ls -ldh /etc/ssh_host_rsa_key.pub

Looks like you don't have an RSA host key (which would be weird, if the system
sshd is actually running.)

In that case, X2Go Client currently spawns a private sshd instance *with an DSA
key*. Newer OpenSSH versions deprecated DSA keys, though, so that's probably the
reason why starting it up fails.



Mihai



signature.asc
Description: OpenPGP digital signature
___
x2go-user mailing list
x2go-user@lists.x2go.org
http://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] SSH-Daemon could not be started on MAC OSX 10.11.6

[Thomas Stephan]

I did not change the port, so it should be listening on the default port 22.
The client setting for the local SSH-port for file sharing is 22.

We need file sharing and printer support, therefore it is not an option 
to suppress the warning message by disabling these functions.


Best,
Thomas


Dr. Thomas Stephan
Arbeitsgruppe für funktionelle, strukturelle und molekulare Bildgebung
Neurologisches Forschungshaus
Klinikum Grosshadern
Feodor-Lynen-Str. 19
81377 München

thomas.step...@lrz.uni-muenchen.de
+49 89  4400-74819 (Fon)
+49 89  4400-74801 (Fax)

Am 24.08.16 um 21:52 schrieb Mihai Moldovan:

On 23.08.2016 11:26 AM, Thomas Stephan wrote:

Package: x2goclient
Version: 4.0.5.1 (Qt - 4.8.7)

Using x2goclient on MacOSX 10.11.6 to connect to a linux machine (Ubuntu).
Connection works fine, but a message box pops up with the message:
SSH-Daemon konnte nicht gestartet werden.
However, I have an ssh-server running on my machine, and I am able to connect to
it from remote.

Find the error message below:

On what port is the SSH daemon listening? What port has been set in the general
client settings?

The error message explicitly contains pointers what to check regarding the
configuration and - if remote printing or file sharing support are not required
- how to get rid of the warning message.



Mihai





___
x2go-user mailing list
x2go-user@lists.x2go.org
http://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] SSH-Daemon could not be started on MAC OSX 10.11.6

[Mihai Moldovan]

On 23.08.2016 11:26 AM, Thomas Stephan wrote:
> Package: x2goclient
> Version: 4.0.5.1 (Qt - 4.8.7)
> 
> Using x2goclient on MacOSX 10.11.6 to connect to a linux machine (Ubuntu).
> Connection works fine, but a message box pops up with the message:
> SSH-Daemon konnte nicht gestartet werden.
> However, I have an ssh-server running on my machine, and I am able to connect 
> to
> it from remote.
> 
> Find the error message below:

On what port is the SSH daemon listening? What port has been set in the general
client settings?

The error message explicitly contains pointers what to check regarding the
configuration and - if remote printing or file sharing support are not required
- how to get rid of the warning message.



Mihai




signature.asc
Description: OpenPGP digital signature
___
x2go-user mailing list
x2go-user@lists.x2go.org
http://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] SSH key generation in Windows

[Stefan Baur]

Am 03.03.2016 um 15:12 schrieb Sébastien Ducoulombier:
> Hello,
> 
> 
> I am considering restricting access to my X2Go servers : I'd like to
> disable password authentication.
> 
> I need all my X2Go client users to generate their own SSH keys and
> transfer the public part to the server.
> 
> I wrote a simple guide for Linux and Mac users, but I still miss Windows
> support, since I do not have windows systems around me.
> 
> I found
> http://wiki.x2go.org/doku.php/wiki:advanced:authentication:passwordless-ssh#windows-client
> 
> Does that wiki documented procedure work with XP, Seven and W10 ?

It SHOULD (tm).

However, Windows users might prefer a more GUI-ish approach.

Check out PuTTY:
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

There's PuTTYgen (a GUI to create and manage keyfiles) and Pageant (an
SSH agent for Windows).

Do note that PuTTYgen by default creates private key files that are only
usable with the other tools from the PuTTY suite (like Pageant), NOT
with X2GoClient itself.

So you can either use Pageant and load the PuTTY-style private key file
into that, then tell X2GoClient to use an agent-stored key (leaving the
path to the key file blank in the session configuration), or you need to
export the private key using PuTTYgen into the standard format.

-Stefan

-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243



signature.asc
Description: OpenPGP digital signature
___
x2go-user mailing list
x2go-user@lists.x2go.org
http://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] ssh kex error

[is]

Am 19.10.2015 17:06, schrieb Robert Dinse:

the new version of openssh disabled certain insecure
ciphers...


Version7 is what you mean. I use 6.9 on both client and server.


 you can add
the following line to your /etc/ssh/sshd_config  manually enable the
insecure old ciphers:

KexAlgorithms
curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1


Adding these ciphers doesn't help - same algo error,

Thats wired coz I can ssh to the server without any issues.




-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and 
Hosting.
   Knowledgeable human assistance, not telephone trees or script 
readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 
246-6874.


On Mon, 19 Oct 2015, i...@k4ts.net wrote:


Date: Mon, 19 Oct 2015 15:12:43 +0200
From: i...@k4ts.net
To: x2go-user@lists.x2go.org
Subject: [X2Go-User] ssh kex error

hi, i'm not able to connect
to my new hardened gentoo server using x2go.

No matter which key type i select for the connection,
the client (v. 4.0.5.0) terminates with the following:

kex error : no match for method server host key algo:
server [ssh-rsa,ssh-ed25519], client [ecdsa-sha2-nistp256]

I have rsa and ed25519 keys on my client and server.

sshing from the shell works like always. log is attached.

do you have an idea, whats might wrong?

thx,
k4t

k4tfish@e10 ~ $ ssh k4tfish@host
OpenSSH_6.9p1-hpn14v5, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to host.net port 51822.
debug1: Connection established.
debug1: identity file /home/k4tfish/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9p1-hpn14v5
debug1: Remote protocol version 2.0, remote software version 
OpenSSH_6.9p1-hpn14v5

debug1: match: OpenSSH_6.9p1-hpn14v5 pat OpenSSH* compat 0x0400
debug1: Authenticating to host...net:51822 as 'k4tfish'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: REQUESTED ENC.NAME is 'chacha20-poly1...@openssh.com'
debug1: kex: server->client chacha20-poly1...@openssh.com  
none

debug1: REQUESTED ENC.NAME is 'chacha20-poly1...@openssh.com'
debug1: kex: client->server chacha20-poly1...@openssh.com  
none

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:xyz
debug1: Host '[host.net]:51822' is known and matches the ED25519 host 
key.

debug1: Found key in /home/k4tfish/.ssh/known_hosts:203
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: 
publickey,password,keyboard-interactive

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/k4tfish/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to host ([123.123.456.7]:51822).
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling
debug1: Requesting no-more-sessi...@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys...@openssh.com 
want_reply 0

debug1: Sending environment.
debug1: Sending env LC_COLLATE = C
debug1: Sending env LANG = en_US.utf8

___
x2go-user mailing list
x2go-user@lists.x2go.org
http://lists.x2go.org/listinfo/x2go-user



___
x2go-user mailing list
x2go-user@lists.x2go.org
http://lists.x2go.org/listinfo/x2go-user