Re: [X2Go-User] ssh connection through bastion host
On Thu, Jun 27, 2024 at 9:06 AM Hauke Fath wrote: > On Thu, 27 Jun 2024 14:52:18 +0200, Ulrich Sibiller wrote: > > >As MacOS is unixoid i assume you can easily automate the tunnel > > building during session startup. This should not build up big hurdles > > for any of your (possibly unexperienced) users. > > s/possibly/generally/g > > As mentioned, this will have to work on windows, macos, unixen. > > > Regarding the proxy connection: AFAIR x2go will connect to the named > > proxy and start another ssh session to the final destination there. > > Ah - now we're getting somewhere: > > % ./x2go --debug --libssh-debug > [...] > [2024/06/27 15:00:15.040974, 1] channel_request: Channel request > pty-req failed > x2go-DEBUG-../src/sshmasterconnection.cpp:1670> > "ssh_channel_request_pty schlug fehl": "Channel request pty-req failed" > > x2go-DEBUG-../src/sshmasterconnection.cpp:705> Login Check - Failed > x2go-DEBUG-../src/sshmasterconnection.cpp:436> SSH proxy interaction > finished > [...] > > and since the jumphost does not offer sessions, that is the end of that. > > Anyway - thanks for the input. :) > > Cheerio, > Hauke > > Possibly tailscale could help you. ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh connection through bastion host
On Thu, 27 Jun 2024 14:52:18 +0200, Ulrich Sibiller wrote: >As MacOS is unixoid i assume you can easily automate the tunnel > building during session startup. This should not build up big hurdles > for any of your (possibly unexperienced) users. s/possibly/generally/g As mentioned, this will have to work on windows, macos, unixen. > Regarding the proxy connection: AFAIR x2go will connect to the named > proxy and start another ssh session to the final destination there. Ah - now we're getting somewhere: % ./x2go --debug --libssh-debug [...] [2024/06/27 15:00:15.040974, 1] channel_request: Channel request pty-req failed x2go-DEBUG-../src/sshmasterconnection.cpp:1670> "ssh_channel_request_pty schlug fehl": "Channel request pty-req failed" x2go-DEBUG-../src/sshmasterconnection.cpp:705> Login Check - Failed x2go-DEBUG-../src/sshmasterconnection.cpp:436> SSH proxy interaction finished [...] and since the jumphost does not offer sessions, that is the end of that. Anyway - thanks for the input. :) Cheerio, Hauke -- The ASCII Ribbon CampaignHauke Fath () No HTML/RTF in emailInstitut für Nachrichtentechnik /\ No Word docs in email TU Darmstadt Respect for open standards Ruf +49-6151-16-21344 ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh connection through bastion host
Well, I don't see what's going wrong here. But I had similar experiences with libssh debug output not helping at all. Running x2goclient with --help shows you all available options. Regarding debugging there are these: --debug Enables extensive debug output to the console. On Windows, also enables PulseAudio logging to a file under ".x2go/pulse" & cygwin sshd logging to a file under ".x2go/sshLogs" directory, both under the USERPROFILE directory. The logs are not deleted when X2Go Client terminates. --libssh-debug Instructs libssh to print out extensive debug output to the console. This will only have an effect if libssh is being used. It tends to generate a lot of output. WARNING: Enabling this option could reveal sensitive information about client and server configuration, and, if libssh has been compiled with password debugging, user credentials. Do not publish log files created with this option. --libssh-packetlog Instructs libssh to print out all network packets sent and received, including their contents. This will only have an effect if libssh is being used. It tends to generate huge amounts of output. WARNING: The same caveats as explained in the --libssh-debug option help text apply. As MacOS is unixoid i assume you can easily automate the tunnel building during session startup. This should not build up big hurdles for any of your (possibly unexperienced) users. Regarding the proxy connection: AFAIR x2go will connect to the named proxy and start another ssh session to the final destination there. Uli On Thu, Jun 27, 2024 at 11:55 AM Hauke Fath wrote: > > On Thu, 27 Jun 2024 10:49:48 +0200, Hauke Fath wrote: > >> Also, x2goclient knows some debug switches to produce log files. You > >> might see what's going on. > > > > I might, if I could find said debug switches, which is what my question > > was about... Please fill me in. > > I managed to invoke the mac x2go client from the command line as > './x2go --libssh-debug', which gives a bit more information. > > A lot of it is of the form "ssh_config_parse_line: > Un(supported|applicable) option:", to the point where a list of libssh > supported options will probably be shorter... In particular, ProxyJump > is not supported. > > The debug information ends with > > [...] > [2024/06/27 11:46:22.944213, 1] ssh_agent_get_ident_count: Answer > type: 12, expected answer: 12 > [2024/06/27 11:46:23.238705, 2] channel_open: Creating a channel 43 > with 64000 window and 32768 max packet > [2024/06/27 11:46:23.262887, 2] ssh_packet_global_request: Received > SSH_MSG_GLOBAL_REQUEST packet > [2024/06/27 11:46:23.262971, 2] ssh_packet_global_request: UNKNOWN > SSH_MSG_GLOBAL_REQUEST hostkeys...@openssh.com 0 > [2024/06/27 11:46:23.262988, 1] ssh_packet_process: Couldn't do > anything with packet type 80 > [2024/06/27 11:46:23.263056, 2] ssh_packet_ignore_callback: Received > SSH_MSG_DEBUG packet > [2024/06/27 11:46:23.263078, 2] ssh_packet_ignore_callback: Received > SSH_MSG_DEBUG packet > [2024/06/27 11:46:23.287345, 2] ssh_packet_channel_open_conf: Received > a CHANNEL_OPEN_CONFIRMATION for channel 43:0 > [2024/06/27 11:46:23.287401, 2] ssh_packet_channel_open_conf: Remote > window : 0, maxpacket : 32768 > [2024/06/27 11:46:23.532003, 1] channel_request: Channel request > pty-req failed > > > and while the jumphost logs > > > Jun 27 11:51:29 Pollux sshd[22590]: SSH: Server;Ltype: Kex;Remote: > 195.52.168.252-61842;Enc: aes256-ctr;MAC: hmac-sha2-256;Comp: none > [preauth] > Jun 27 11:51:30 Pollux sshd[22590]: SSH: Server;Ltype: Authname;Remote: > 195.52.168.252-61842;Name: ntjump [preauth] > Jun 27 11:51:30 Pollux sshd[22590]: Accepted publickey for ntjump from > 195.52.168.252 port 61842 ssh2: RSA > SHA256:e593oJRD2akRZtNT3ib5VufkJc3RCRdGEqDlfV+xKNU > Jun 27 11:51:30 Pollux sshd[25939]: SSH: Server;LType: > Throughput;Remote: 195.52.168.252-61842;IN: 0;OUT: 0;Duration: > 0.3;tPut_in: 0.0;tPut_out: 0.0 > > > there is no indication of a connection to the target machine, neither > on the jumphost, nor the target machine's logs. > > Cheerio, > Hauke > > -- > The ASCII Ribbon CampaignHauke Fath > () No HTML/RTF in emailInstitut für Nachrichtentechnik > /\ No Word docs in email TU Darmstadt > Respect for open standards Ruf +49-6151-16-21344 > ___ > x2go-user mailing list > x2go-user@lists.x2go.org > https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh connection through bastion host
On Thu, 27 Jun 2024 10:49:48 +0200, Hauke Fath wrote: >> Also, x2goclient knows some debug switches to produce log files. You >> might see what's going on. > > I might, if I could find said debug switches, which is what my question > was about... Please fill me in. I managed to invoke the mac x2go client from the command line as './x2go --libssh-debug', which gives a bit more information. A lot of it is of the form "ssh_config_parse_line: Un(supported|applicable) option:", to the point where a list of libssh supported options will probably be shorter... In particular, ProxyJump is not supported. The debug information ends with [...] [2024/06/27 11:46:22.944213, 1] ssh_agent_get_ident_count: Answer type: 12, expected answer: 12 [2024/06/27 11:46:23.238705, 2] channel_open: Creating a channel 43 with 64000 window and 32768 max packet [2024/06/27 11:46:23.262887, 2] ssh_packet_global_request: Received SSH_MSG_GLOBAL_REQUEST packet [2024/06/27 11:46:23.262971, 2] ssh_packet_global_request: UNKNOWN SSH_MSG_GLOBAL_REQUEST hostkeys...@openssh.com 0 [2024/06/27 11:46:23.262988, 1] ssh_packet_process: Couldn't do anything with packet type 80 [2024/06/27 11:46:23.263056, 2] ssh_packet_ignore_callback: Received SSH_MSG_DEBUG packet [2024/06/27 11:46:23.263078, 2] ssh_packet_ignore_callback: Received SSH_MSG_DEBUG packet [2024/06/27 11:46:23.287345, 2] ssh_packet_channel_open_conf: Received a CHANNEL_OPEN_CONFIRMATION for channel 43:0 [2024/06/27 11:46:23.287401, 2] ssh_packet_channel_open_conf: Remote window : 0, maxpacket : 32768 [2024/06/27 11:46:23.532003, 1] channel_request: Channel request pty-req failed and while the jumphost logs Jun 27 11:51:29 Pollux sshd[22590]: SSH: Server;Ltype: Kex;Remote: 195.52.168.252-61842;Enc: aes256-ctr;MAC: hmac-sha2-256;Comp: none [preauth] Jun 27 11:51:30 Pollux sshd[22590]: SSH: Server;Ltype: Authname;Remote: 195.52.168.252-61842;Name: ntjump [preauth] Jun 27 11:51:30 Pollux sshd[22590]: Accepted publickey for ntjump from 195.52.168.252 port 61842 ssh2: RSA SHA256:e593oJRD2akRZtNT3ib5VufkJc3RCRdGEqDlfV+xKNU Jun 27 11:51:30 Pollux sshd[25939]: SSH: Server;LType: Throughput;Remote: 195.52.168.252-61842;IN: 0;OUT: 0;Duration: 0.3;tPut_in: 0.0;tPut_out: 0.0 there is no indication of a connection to the target machine, neither on the jumphost, nor the target machine's logs. Cheerio, Hauke -- The ASCII Ribbon CampaignHauke Fath () No HTML/RTF in emailInstitut für Nachrichtentechnik /\ No Word docs in email TU Darmstadt Respect for open standards Ruf +49-6151-16-21344 ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh connection through bastion host
On Wed, 26 Jun 2024 23:50:45 +0200, Ulrich Sibiller wrote: > the x2go is using libssh, which _partly_ reads your openssh config > files. It understands _some_ of the options, but not all. So I've read. What I have not been able to find, is information on what subset of the ssh_config(5) options libssh (and, in particular, the libssh version built into the x2go mac client) recognizes. Do you know more? > You can use your ProxyJump setup in conjunction with -L to establish a > port forwarding outside x2go and then use > localhost: in the x2go connection dialog. I've read about that. Problem is: I need to come up with a workable solution for three dozen users, many of whom are not ssh savvy, on three different platforms. And tweaking configuration outside of x2go just to connect to a different host is not practical for them, even if I can make it work for me. > Also, x2goclient knows some debug switches to produce log files. You > might see what's going on. I might, if I could find said debug switches, which is what my question was about... Please fill me in. > Third, if your bastion host is running some kind of restricted shell > you can try to use ! instead of (preceding the > hostname with an exclamation mark) in the connection dialog (for > destination or proxy or both) to disable some checks that might > trigger your restricted shell to fail. The jumphost allows port forwarding only, no sessions there. Since the x2go client does offer support for an ssh proxy connection: How functional is it? And what is the intended setup, i.e. what is expected of the proxy? Cheerio, Hauke -- The ASCII Ribbon CampaignHauke Fath () No HTML/RTF in emailInstitut für Nachrichtentechnik /\ No Word docs in email TU Darmstadt Respect for open standards Ruf +49-6151-16-21344 ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh connection through bastion host
Hi, the x2go is using libssh, which _partly_ reads your openssh config files. It understands _some_ of the options, but not all. You can use your ProxyJump setup in conjunction with -L to establish a port forwarding outside x2go and then use localhost: in the x2go connection dialog. Also, x2goclient knows some debug switches to produce log files. You might see what's going on. Third, if your bastion host is running some kind of restricted shell you can try to use ! instead of (preceding the hostname with an exclamation mark) in the connection dialog (for destination or proxy or both) to disable some checks that might trigger your restricted shell to fail. HTH, Uli On Wed, Jun 26, 2024 at 11:17 PM Hauke Fath wrote: > > Hi, > > I am trying to connect with the Mac x2goclient (v4.1.2.2) through a > bastion host*, essentially as a version of the openssh '-J' option. > > My setup in ~/.ssh/config works for ssh, but it looks like the x2go > client (libssh? Where is that in the source tree?) does not look at > config. > > With an ssh proxy connection configured in x2go, I can see a login on > the bastion host, but nothing on the target machine. And what logs x2go > has are too quickly replaced by a user/passwd login screen to be > readable. > > How can I have the x2go client log to a file? > > Cheerio, > Hauke > > * My uni is going to cut off direct client access from outside the > perimeter soon > > -- > The ASCII Ribbon CampaignHauke Fath > () No HTML/RTF in emailInstitut für Nachrichtentechnik > /\ No Word docs in email TU Darmstadt > Respect for open standards Ruf +49-6151-16-21344 > ___ > x2go-user mailing list > x2go-user@lists.x2go.org > https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh error
> Maybe try to start pyhoca-cli with "--add-to-known-hosts" parameter or > move ~/.ssh/known_hosts ( just for test ) away. > mv ~/.ssh/known_hosts ~/.ssh/known_hosts-`date -I` > Thank you. That was it. Problem solved. Vikas ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh error
Hello, On Sat, Oct 08, 2022 at 11:01:32AM +0530, Vikas Rawal wrote: > I am getting a new error with pyhoca-cli: > > paramiko.hostkeys.InvalidHostKey: ('192.168.0.127 ssh-rsa > AABgQC7ZFjl2e+zxzL4wHBeHnntE5fno0AoGJJbI4IHmRbMmsM88bq9FLQlZ/UMB3NzaC1yc2EDAQABAA96lmxTgFLEBJWMD+Ye+3UMJlfrsYCkSAj3192.168.0.195 > ssh-ed25519 > C3NzaCDW/dw1lZDI1NTE5IHRAkIk0Yfsf1H/0i5xizVZ+UogtQ62ze0zeOnW', > Error('Invalid base64-encoded string: number of data characters (133) > cannot be 1 more than a multiple of 4')) Maybe try to start pyhoca-cli with "--add-to-known-hosts" parameter or move ~/.ssh/known_hosts ( just for test ) away. mv ~/.ssh/known_hosts ~/.ssh/known_hosts-`date -I` > I can ssh to the server and can use x2goclient without any problem. > > Strangely, I get a similar error with xpra. > > It seems to me that something has changed in a python library with a recent > upgrade (since both pyhoca-cli and xpra worked without any problems > earlier). But I can't seem to figure out what it is. Can you please provide more information about your systems and updates? Distribution of x2goserver: Debian 11, RHEL 9 ? SSH-version on x2goserver: 1:8.4p1-5+deb11u1 ? Distribution of pyhoca-cli: paramiko version on pyhoca-cli client: 2.7.2-1 ? Which recent upgrade did you mean? from which software in which version to which new version? Best Regards, Juri Grabowski ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] SSH warnings
Thank you for the suggestion, but it does not fix the warning. I've disabled audio print is set to PDF viewing (can't be disabled) and I've tried tu use an external X server also but the warning still pops up at X2go launch Best Jerome Le 14/09/2022 à 17:04, Ulrich Sibiller a écrit : IIRC this is for the connection back from the server to the client and is used for file sharing and maybe also sound and printing. I guess if you disable these the error will be gone. That is of course not a feasible fix for all situations. Needs to be fixed in x2goclient. Can you please open a bug? Thx, Uli Jérôme Redouté schrieb am Mi., 14. Sep. 2022, 16:20: Yes but this is not persistant. The file seems to be regenerated at x2go launch Le 14/09/2022 à 15:47, Ulrich Sibiller a écrit : > Have you tried removing the mentioned line from the config file? It's > C:\Users\morej\.x2go\etc\sshd_config. > > Uli > > On Wed, Sep 14, 2022 at 3:03 PM Jérôme Redouté wrote: >> Hello >> >> my X2GO shows warning at launch in a terminal window: >> >> /cygdrive/C/Users/morej/.x2go/etc/sshd_config line 3: Deprecated option >> UsePrivilegeSeparation >> >> how can I fix it? >> >> here are my OS specifs: >> >> Édition Windows 11 Professionnel >> Version 22H2 >> Installé le 12/05/2022 >> Build du système d’exploitation 22622.598 >> Numéro de série 025764401657 >> Expérience Windows Feature Experience Pack 1000.22634.1000.0 >> >> Thank you for your help >> >> jerome >> >> >> ___ >> x2go-user mailing list >> x2go-user@lists.x2go.org >> https://lists.x2go.org/listinfo/x2go-user -- == Jérôme Redouté Ph.D. - Ingénieur de Recherche - Université Claude Bernard - Lyon1 Responsable imageur TEP-TDM CERMEP - Imagerie du vivant 59 Bd Pinel. 69677 Bron - FRANCE tel : 33 (0)4 72 68 86 18 (bureau) tel : 33 (0)4 72 68 86 00 (standard) fax : 33 (0)4 72 68 86 10 == -- == Jérôme Redouté Ph.D. - Ingénieur de Recherche - Université Claude Bernard - Lyon1 Responsable imageur TEP-TDM CERMEP - Imagerie du vivant 59 Bd Pinel. 69677 Bron - FRANCE tel : 33 (0)4 72 68 86 18 (bureau) tel : 33 (0)4 72 68 86 00 (standard) fax : 33 (0)4 72 68 86 10 == ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] SSH warnings
IIRC this is for the connection back from the server to the client and is used for file sharing and maybe also sound and printing. I guess if you disable these the error will be gone. That is of course not a feasible fix for all situations. Needs to be fixed in x2goclient. Can you please open a bug? Thx, Uli Jérôme Redouté schrieb am Mi., 14. Sep. 2022, 16:20: > Yes but this is not persistant. The file seems to be regenerated at x2go > launch > > Le 14/09/2022 à 15:47, Ulrich Sibiller a écrit : > > Have you tried removing the mentioned line from the config file? It's > > C:\Users\morej\.x2go\etc\sshd_config. > > > > Uli > > > > On Wed, Sep 14, 2022 at 3:03 PM Jérôme Redouté > wrote: > >> Hello > >> > >> my X2GO shows warning at launch in a terminal window: > >> > >> /cygdrive/C/Users/morej/.x2go/etc/sshd_config line 3: Deprecated option > >> UsePrivilegeSeparation > >> > >> how can I fix it? > >> > >> here are my OS specifs: > >> > >> ÉditionWindows 11 Professionnel > >> Version22H2 > >> Installé le12/05/2022 > >> Build du système d’exploitation22622.598 > >> Numéro de série025764401657 > >> ExpérienceWindows Feature Experience Pack 1000.22634.1000.0 > >> > >> Thank you for your help > >> > >> jerome > >> > >> > >> ___ > >> x2go-user mailing list > >> x2go-user@lists.x2go.org > >> https://lists.x2go.org/listinfo/x2go-user > > -- > == > Jérôme Redouté > Ph.D. - Ingénieur de Recherche - Université Claude Bernard - Lyon1 > Responsable imageur TEP-TDM > CERMEP - Imagerie du vivant > 59 Bd Pinel. 69677 Bron - FRANCE > tel : 33 (0)4 72 68 86 18 (bureau) > tel : 33 (0)4 72 68 86 00 (standard) > fax : 33 (0)4 72 68 86 10 > == > > > ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] SSH warnings
Yes but this is not persistant. The file seems to be regenerated at x2go launch Le 14/09/2022 à 15:47, Ulrich Sibiller a écrit : Have you tried removing the mentioned line from the config file? It's C:\Users\morej\.x2go\etc\sshd_config. Uli On Wed, Sep 14, 2022 at 3:03 PM Jérôme Redouté wrote: Hello my X2GO shows warning at launch in a terminal window: /cygdrive/C/Users/morej/.x2go/etc/sshd_config line 3: Deprecated option UsePrivilegeSeparation how can I fix it? here are my OS specifs: ÉditionWindows 11 Professionnel Version22H2 Installé le12/05/2022 Build du système d’exploitation22622.598 Numéro de série025764401657 ExpérienceWindows Feature Experience Pack 1000.22634.1000.0 Thank you for your help jerome ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user -- == Jérôme Redouté Ph.D. - Ingénieur de Recherche - Université Claude Bernard - Lyon1 Responsable imageur TEP-TDM CERMEP - Imagerie du vivant 59 Bd Pinel. 69677 Bron - FRANCE tel : 33 (0)4 72 68 86 18 (bureau) tel : 33 (0)4 72 68 86 00 (standard) fax : 33 (0)4 72 68 86 10 == ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] SSH warnings
Have you tried removing the mentioned line from the config file? It's C:\Users\morej\.x2go\etc\sshd_config. Uli On Wed, Sep 14, 2022 at 3:03 PM Jérôme Redouté wrote: > > Hello > > my X2GO shows warning at launch in a terminal window: > > /cygdrive/C/Users/morej/.x2go/etc/sshd_config line 3: Deprecated option > UsePrivilegeSeparation > > how can I fix it? > > here are my OS specifs: > > ÉditionWindows 11 Professionnel > Version22H2 > Installé le12/05/2022 > Build du système d’exploitation22622.598 > Numéro de série025764401657 > ExpérienceWindows Feature Experience Pack 1000.22634.1000.0 > > Thank you for your help > > jerome > > > ___ > x2go-user mailing list > x2go-user@lists.x2go.org > https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh to anode failing from inside of a x2go session
That was exactly it Thanks a lot. It was weird, since I would say that I had it working before, and I don't remember any change going on the infrastructure. But thanks a lot. On 13/11/18 16:14, Stefan Baur wrote: Am 13.11.18 um 15:49 schrieb Josep Manel Andrés Moscardó: Hi, I have a connection to a x2go server (slurm login node) that works fine, but my issue is that when I open a terminal and try to ssh into a node it just hangs until it times out. Is there any restriction for it? I am connecting to the x2go server using password or ssh key, and trying to ssh to the node using ssh key or password, it doesn't matter. Thanks. Using a key file isn't trivial in this situation. I would suggest making your first attempts using a regular username/password combinations. First, try pinging the destination server from within the X2Go session. If you can't ping it, the problem might not be with SSH but with an underlying network (mis)configuration). Running traceroute and looking at/posting the output can't hurt, either. Also, crank up the verbosity level of the ssh client inside the X2Go session like so: ssh -vvv user@host You might also want to try to ping with larger packet sizes, like so: ping -s 1500 host if a regular ping works, but it fails when specifying "-s 1500", it might be an MTU issue. Start decreasing the number until you can get a successful ping through, then set the MTU on the interface to that value. -Stefan -- Josep Manel Andrés Moscardó Systems Engineer, IT Operations EMBL Heidelberg T +49 6221 387-8394 smime.p7s Description: S/MIME Cryptographic Signature ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh to anode failing from inside of a x2go session
Am 13.11.18 um 15:49 schrieb Josep Manel Andrés Moscardó: > Hi, > I have a connection to a x2go server (slurm login node) that works fine, > but my issue is that when I open a terminal and try to ssh into a node > it just hangs until it times out. > > Is there any restriction for it? > > I am connecting to the x2go server using password or ssh key, and trying > to ssh to the node using ssh key or password, it doesn't matter. > > Thanks. Using a key file isn't trivial in this situation. I would suggest making your first attempts using a regular username/password combinations. First, try pinging the destination server from within the X2Go session. If you can't ping it, the problem might not be with SSH but with an underlying network (mis)configuration). Running traceroute and looking at/posting the output can't hurt, either. Also, crank up the verbosity level of the ssh client inside the X2Go session like so: ssh -vvv user@host You might also want to try to ping with larger packet sizes, like so: ping -s 1500 host if a regular ping works, but it fails when specifying "-s 1500", it might be an MTU issue. Start decreasing the number until you can get a successful ping through, then set the MTU on the interface to that value. -Stefan -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] SSH
Well, I just built the latest and greatest ssh: OpenSSH_7.6p1, OpenSSL 1.0.2g 1 Mar 2016 and that fixed the segfault but did not fix the x2go error. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 2 Mar 2018, Robert Dinse wrote: Date: Fri, 2 Mar 2018 02:40:09 -0800 (PST) From: Robert Dinse To: "x2go-user@lists.x2go.org" Subject: [X2Go-User] SSH Looks like my ssh is hurt: [256092.528160] SshMasterConnec[4630]: segfault at dd ip 7fc61a459eec sp 7fc5ee2b8928 error 4 in libssh.so.4.4.2[7fc61a433000+6d000] [256163.639990] SshMasterConnec[5083]: segfault at dd ip 7fa0a3453eec sp 7fa0772ee928 error 4 in libssh.so.4.4.2[7fa0a342d000+6d000] This might be my issue rather than x2go, but it never happens when I do a straight ssh session. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
On 10/06/2017 12:57 AM, Ulrich Sibiller wrote: On Fri, Oct 6, 2017 at 3:12 AM, Mihai Moldovan wrote: On 09/28/2017 01:49 PM, Max A. wrote: I'm using a x2go server on CentOS 6.9 (the latest version from EPEL, 4.0.1.20), clients use Windows XP/7 and the latest version of X2Go Client (4.1.0.0-2017.03.11). Each time the client connects, ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts with the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key "-f C: I explicitly decided against that. For more information and the rationale for this change, refer to the release announcement: http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html The release announcement talks about 2048-bit keys being generated while this indicates that even stronger keys are being used (which in turn increases the time to create them). I think for slow clients this is too much. At least the admin should be able to decide about the required security, not the maintainer. So what about staying as is by default but providing a possibility to pre-generate keys for those connections. Uli What about ed25519 keys? https://stribika.github.io/2015/01/04/secure-secure-shell.html About 30-60 times faster to create on my fairly fast machine. Unfortunately EL6 era machines don't support them. -- Orion Poplawski Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 https://www.nwra.com/ ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
Am 06.10.2017 um 15:07 schrieb Walid MOGHRABI: >> I haven't tested it myself yet, but some devs suggested that slow >> session startup (as opposed to slow booting to login screen) may be >> caused by homedirs stored on NFS. >> Might be worth adding a test account that has a homedir "native" to the >> server, and if that brings a significant speed increase, trying out >> other networked filesystems like glusterfs. > Might be possible, NFS migh probably add a few latency but I wouldn't > recommend using GlusterFS instead, it is far slower due to the voulme beeing > mounted through Fuse. > I already did many testing on GlusterFS for our internal usage and it is by > far slower than NFS. > CephFS (file sharing "nfs like" filesystem provided by Ceph on top of it's > storage capabilities, as opposed to the "usual" block mode it provides) could > be worth trying but I didn't had the opportunity to do some testing by now. > Anyway, I think it should be at most comparable to NFS, not really faster. See, you "think", but you haven't verified it in comparison to a local homedir. As I said, I haven't either, but it was a hint from some of the devs to look out for that. So maybe we just have to live with a slower session startup if networked homedirs are part of the equation; testers to confirm or dismiss this theory are welcome. ;-) Kind Regards, Stefan Baur -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 signature.asc Description: OpenPGP digital signature ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
> I haven't tested it myself yet, but some devs suggested that slow > session startup (as opposed to slow booting to login screen) may be > caused by homedirs stored on NFS. > Might be worth adding a test account that has a homedir "native" to the > server, and if that brings a significant speed increase, trying out > other networked filesystems like glusterfs. Might be possible, NFS migh probably add a few latency but I wouldn't recommend using GlusterFS instead, it is far slower due to the voulme beeing mounted through Fuse. I already did many testing on GlusterFS for our internal usage and it is by far slower than NFS. CephFS (file sharing "nfs like" filesystem provided by Ceph on top of it's storage capabilities, as opposed to the "usual" block mode it provides) could be worth trying but I didn't had the opportunity to do some testing by now. Anyway, I think it should be at most comparable to NFS, not really faster. Regards, Walid Moghrabi TRAVAUX.COM BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403 13591 AIX EN PROVENCE CEDEX 3 - Mail original - De: "Stefan Baur" À: "Walid MOGHRABI" Cc: x2go-user@lists.x2go.org Envoyé: Vendredi 6 Octobre 2017 13:33:43 Objet: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts Am 06.10.2017 um 13:29 schrieb Walid MOGHRABI: > I agree especially in the case of the TCE where we're targeting ThinClients > that are generaly quite low on specs (mostly ATOM or celeron based). > Anyway,time to open the session is a bit too slow to my taste, I would agree > but this is not unbearable. > RDP on the other hand is extremely fast at opening the session but if I > remember well, it uses a secured channel with encryption (but not through > SSH) so, what are they using to connect that fast without compromising > security too much ? > > On the other hand, I have a problem with the client beeing very slow to quit > but this is another subject, I'll fill a bug report for that later. I haven't tested it myself yet, but some devs suggested that slow session startup (as opposed to slow booting to login screen) may be caused by homedirs stored on NFS. Might be worth adding a test account that has a homedir "native" to the server, and if that brings a significant speed increase, trying out other networked filesystems like glusterfs. Kind Regards, Stefan Baur -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 --- DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
Stefan I apologize but I thought my 12 year old hardware was really past obsolete but it keeps chunking on somehow so it hasn't been replaced. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Stefan Baur wrote: Date: Fri, 6 Oct 2017 12:24:45 +0200 From: Stefan Baur To: x2go-user@lists.x2go.org Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts Robert, Please do not mock other users just because they have what you consider inferior hardware. Some people are stuck with old hardware for whatever reason, and there are many reasons that qualify as valid. Kind Regards, Stefan Baur X2Go Project/Community Manager Am 06.10.2017 um 11:13 schrieb Robert Dinse: Your laptop is slower than my 12 year old computer? Running Windows 3.11 per chance? -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Max A. wrote: Date: Fri, 6 Oct 2017 12:06:09 +0300 From: Max A. Cc: x2go users Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts on my old laptop the connection takes at least 15 seconds, I would be glad if it happens faster Ok, in any case, it took my 12 year old workstation 5 seconds to connect. Are we not perhaps splitting hairs? -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Ulrich Sibiller wrote: Date: Fri, 6 Oct 2017 09:35:29 +0200 From: Ulrich Sibiller To: Robert Dinse Cc: Mihai Moldovan , x2go users Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse wrote: By doing so you weaken security for sites providing this capability. Yes, maybe, maybe not. Think about sites that have strict rules about keys. Or sites having to use specific key types. Or RSA being compromised. Currently there's nothing an admin can do. It's the site's administrator that has to decide about that. The tool can provide a default but the admin must be enabled to change it if desired. Uli ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
My machine is also 2005 vintage. Bu tnot celeron based. This is rather like the argument of whether or not to retain weak encryption on https so that Windows 95 users can still use it. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Max A. wrote: Date: Fri, 6 Oct 2017 13:20:52 +0300 From: Max A. To: x2go users Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts Acer Aspire 3613LC, Celeron M 370, 2 GB RAM, 2005 year. Users do not have such ancient computers, but the delay of 5 seconds annoys many. Your laptop is slower than my 12 year old computer? Running Windows 3.11 per chance? -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Max A. wrote: Date: Fri, 6 Oct 2017 12:06:09 +0300 From: Max A. Cc: x2go users Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts on my old laptop the connection takes at least 15 seconds, I would be glad if it happens faster Ok, in any case, it took my 12 year old workstation 5 seconds to connect. Are we not perhaps splitting hairs? -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Ulrich Sibiller wrote: Date: Fri, 6 Oct 2017 09:35:29 +0200 From: Ulrich Sibiller To: Robert Dinse Cc: Mihai Moldovan , x2go users Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse wrote: By doing so you weaken security for sites providing this capability. Yes, maybe, maybe not. Think about sites that have strict rules about keys. Or sites having to use specific key types. Or RSA being compromised. Currently there's nothing an admin can do. It's the site's administrator that has to decide about that. The tool can provide a default but the admin must be enabled to change it if desired. Uli ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
Am 06.10.2017 um 13:29 schrieb Walid MOGHRABI: > I agree especially in the case of the TCE where we're targeting ThinClients > that are generaly quite low on specs (mostly ATOM or celeron based). > Anyway,time to open the session is a bit too slow to my taste, I would agree > but this is not unbearable. > RDP on the other hand is extremely fast at opening the session but if I > remember well, it uses a secured channel with encryption (but not through > SSH) so, what are they using to connect that fast without compromising > security too much ? > > On the other hand, I have a problem with the client beeing very slow to quit > but this is another subject, I'll fill a bug report for that later. I haven't tested it myself yet, but some devs suggested that slow session startup (as opposed to slow booting to login screen) may be caused by homedirs stored on NFS. Might be worth adding a test account that has a homedir "native" to the server, and if that brings a significant speed increase, trying out other networked filesystems like glusterfs. Kind Regards, Stefan Baur -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 signature.asc Description: OpenPGP digital signature ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
I agree especially in the case of the TCE where we're targeting ThinClients that are generaly quite low on specs (mostly ATOM or celeron based). Anyway,time to open the session is a bit too slow to my taste, I would agree but this is not unbearable. RDP on the other hand is extremely fast at opening the session but if I remember well, it uses a secured channel with encryption (but not through SSH) so, what are they using to connect that fast without compromising security too much ? On the other hand, I have a problem with the client beeing very slow to quit but this is another subject, I'll fill a bug report for that later. Regards, Walid Moghrabi TRAVAUX.COM BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403 13591 AIX EN PROVENCE CEDEX 3 - Mail original - De: "Stefan Baur" À: x2go-user@lists.x2go.org Envoyé: Vendredi 6 Octobre 2017 12:24:45 Objet: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts Robert, Please do not mock other users just because they have what you consider inferior hardware. Some people are stuck with old hardware for whatever reason, and there are many reasons that qualify as valid. Kind Regards, Stefan Baur X2Go Project/Community Manager Am 06.10.2017 um 11:13 schrieb Robert Dinse: > > Your laptop is slower than my 12 year old computer? Running > Windows 3.11 > per chance? > > -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- > > > Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. > Knowledgeable human assistance, not telephone trees or script readers. > See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. > > On Fri, 6 Oct 2017, Max A. wrote: > >> Date: Fri, 6 Oct 2017 12:06:09 +0300 >> From: Max A. >> Cc: x2go users >> Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time >> the >> client starts >> >> on my old laptop the connection takes at least 15 seconds, I would be >> glad if it happens faster >> >> >>> >>> Ok, in any case, it took my 12 year old workstation 5 seconds to >>> connect. >>> Are we not perhaps splitting hairs? >>> >>> >>> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- >>> >>> Eskimo North Linux Friendly Internet Access, Shell Accounts, and >>> Hosting. >>> Knowledgeable human assistance, not telephone trees or script >>> readers. >>> See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) >>> 246-6874. >>> >>> On Fri, 6 Oct 2017, Ulrich Sibiller wrote: >>> >>>> Date: Fri, 6 Oct 2017 09:35:29 +0200 >>>> From: Ulrich Sibiller >>>> To: Robert Dinse >>>> Cc: Mihai Moldovan , x2go users >>>> >>>> Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every >>>> time the >>>> client starts >>>> >>>> On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse wrote: >>>>> >>>>> By doing so you weaken security for sites providing this >>>>> capability. >>>> >>>> Yes, maybe, maybe not. Think about sites that have strict rules about >>>> keys. Or sites having to use specific key types. Or RSA being >>>> compromised. Currently there's nothing an admin can do. >>>> >>>> It's the site's administrator that has to decide about that. The tool >>>> can provide a default but the admin must be enabled to change it if >>>> desired. >>>> >>>> Uli >>>> >>> ___ >>> x2go-user mailing list >>> x2go-user@lists.x2go.org >>> https://lists.x2go.org/listinfo/x2go-user >> >> ___ >> x2go-user mailing list >> x2go-user@lists.x2go.org >> https://lists.x2go.org/listinfo/x2go-user > > > ___ > x2go-user mailing list > x2go-user@lists.x2go.org > https://lists.x2go.org/listinfo/x2go-user > -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user --- DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
Robert, Please do not mock other users just because they have what you consider inferior hardware. Some people are stuck with old hardware for whatever reason, and there are many reasons that qualify as valid. Kind Regards, Stefan Baur X2Go Project/Community Manager Am 06.10.2017 um 11:13 schrieb Robert Dinse: > > Your laptop is slower than my 12 year old computer? Running > Windows 3.11 > per chance? > > -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- > > Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. > Knowledgeable human assistance, not telephone trees or script readers. > See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. > > On Fri, 6 Oct 2017, Max A. wrote: > >> Date: Fri, 6 Oct 2017 12:06:09 +0300 >> From: Max A. >> Cc: x2go users >> Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time >> the >> client starts >> >> on my old laptop the connection takes at least 15 seconds, I would be >> glad if it happens faster >> >> >>> >>> Ok, in any case, it took my 12 year old workstation 5 seconds to >>> connect. >>> Are we not perhaps splitting hairs? >>> >>> >>> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- >>> Eskimo North Linux Friendly Internet Access, Shell Accounts, and >>> Hosting. >>> Knowledgeable human assistance, not telephone trees or script >>> readers. >>> See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) >>> 246-6874. >>> >>> On Fri, 6 Oct 2017, Ulrich Sibiller wrote: >>> >>>> Date: Fri, 6 Oct 2017 09:35:29 +0200 >>>> From: Ulrich Sibiller >>>> To: Robert Dinse >>>> Cc: Mihai Moldovan , x2go users >>>> >>>> Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every >>>> time the >>>> client starts >>>> >>>> On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse wrote: >>>>> >>>>> By doing so you weaken security for sites providing this >>>>> capability. >>>> >>>> Yes, maybe, maybe not. Think about sites that have strict rules about >>>> keys. Or sites having to use specific key types. Or RSA being >>>> compromised. Currently there's nothing an admin can do. >>>> >>>> It's the site's administrator that has to decide about that. The tool >>>> can provide a default but the admin must be enabled to change it if >>>> desired. >>>> >>>> Uli >>>> >>> ___ >>> x2go-user mailing list >>> x2go-user@lists.x2go.org >>> https://lists.x2go.org/listinfo/x2go-user >> >> ___ >> x2go-user mailing list >> x2go-user@lists.x2go.org >> https://lists.x2go.org/listinfo/x2go-user > > > ___ > x2go-user mailing list > x2go-user@lists.x2go.org > https://lists.x2go.org/listinfo/x2go-user > -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 signature.asc Description: OpenPGP digital signature ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
Acer Aspire 3613LC, Celeron M 370, 2 GB RAM, 2005 year. Users do not have such ancient computers, but the delay of 5 seconds annoys many. Your laptop is slower than my 12 year old computer? Running Windows 3.11 per chance? -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Max A. wrote: Date: Fri, 6 Oct 2017 12:06:09 +0300 From: Max A. Cc: x2go users Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts on my old laptop the connection takes at least 15 seconds, I would be glad if it happens faster Ok, in any case, it took my 12 year old workstation 5 seconds to connect. Are we not perhaps splitting hairs? -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Ulrich Sibiller wrote: Date: Fri, 6 Oct 2017 09:35:29 +0200 From: Ulrich Sibiller To: Robert Dinse Cc: Mihai Moldovan , x2go users Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse wrote: By doing so you weaken security for sites providing this capability. Yes, maybe, maybe not. Think about sites that have strict rules about keys. Or sites having to use specific key types. Or RSA being compromised. Currently there's nothing an admin can do. It's the site's administrator that has to decide about that. The tool can provide a default but the admin must be enabled to change it if desired. Uli ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
Am 06.10.2017 um 10:56 schrieb Max A.: > In my opinion, it would be possible to give an opportunity to choose > between security and convenience. No, because there would be no way to enforce it in cases where it is actually needed. I was actually considering to suggest that we add an option either server- or client-side that allows using less secure, but faster algorithms - but adding such an option would ease things for an attacker, so: No. Kind Regards, Stefan Baur -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 signature.asc Description: OpenPGP digital signature ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
We use x2go on the local network and security is not as important as the convenience of users. In my opinion, it would be possible to give an opportunity to choose between security and convenience. By doing so you weaken security for sites providing this capability. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Ulrich Sibiller wrote: Date: Fri, 6 Oct 2017 08:57:37 +0200 From: Ulrich Sibiller To: Mihai Moldovan Cc: x2go users Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts On Fri, Oct 6, 2017 at 3:12 AM, Mihai Moldovan wrote: On 09/28/2017 01:49 PM, Max A. wrote: I'm using a x2go server on CentOS 6.9 (the latest version from EPEL, 4.0.1.20), clients use Windows XP/7 and the latest version of X2Go Client (4.1.0.0-2017.03.11). Each time the client connects, ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts with the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key "-f C: I explicitly decided against that. For more information and the rationale for this change, refer to the release announcement: http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html The release announcement talks about 2048-bit keys being generated while this indicates that even stronger keys are being used (which in turn increases the time to create them). I think for slow clients this is too much. At least the admin should be able to decide about the required security, not the maintainer. So what about staying as is by default but providing a possibility to pre-generate keys for those connections. Uli ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
Your laptop is slower than my 12 year old computer? Running Windows 3.11 per chance? -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Max A. wrote: Date: Fri, 6 Oct 2017 12:06:09 +0300 From: Max A. Cc: x2go users Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts on my old laptop the connection takes at least 15 seconds, I would be glad if it happens faster Ok, in any case, it took my 12 year old workstation 5 seconds to connect. Are we not perhaps splitting hairs? -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Ulrich Sibiller wrote: Date: Fri, 6 Oct 2017 09:35:29 +0200 From: Ulrich Sibiller To: Robert Dinse Cc: Mihai Moldovan , x2go users Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse wrote: By doing so you weaken security for sites providing this capability. Yes, maybe, maybe not. Think about sites that have strict rules about keys. Or sites having to use specific key types. Or RSA being compromised. Currently there's nothing an admin can do. It's the site's administrator that has to decide about that. The tool can provide a default but the admin must be enabled to change it if desired. Uli ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
on my old laptop the connection takes at least 15 seconds, I would be glad if it happens faster Ok, in any case, it took my 12 year old workstation 5 seconds to connect. Are we not perhaps splitting hairs? -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Ulrich Sibiller wrote: Date: Fri, 6 Oct 2017 09:35:29 +0200 From: Ulrich Sibiller To: Robert Dinse Cc: Mihai Moldovan , x2go users Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse wrote: By doing so you weaken security for sites providing this capability. Yes, maybe, maybe not. Think about sites that have strict rules about keys. Or sites having to use specific key types. Or RSA being compromised. Currently there's nothing an admin can do. It's the site's administrator that has to decide about that. The tool can provide a default but the admin must be enabled to change it if desired. Uli ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
Ok, in any case, it took my 12 year old workstation 5 seconds to connect. Are we not perhaps splitting hairs? -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Ulrich Sibiller wrote: Date: Fri, 6 Oct 2017 09:35:29 +0200 From: Ulrich Sibiller To: Robert Dinse Cc: Mihai Moldovan , x2go users Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse wrote: By doing so you weaken security for sites providing this capability. Yes, maybe, maybe not. Think about sites that have strict rules about keys. Or sites having to use specific key types. Or RSA being compromised. Currently there's nothing an admin can do. It's the site's administrator that has to decide about that. The tool can provide a default but the admin must be enabled to change it if desired. Uli ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
On Fri, Oct 6, 2017 at 9:22 AM, Robert Dinse wrote: > > By doing so you weaken security for sites providing this capability. Yes, maybe, maybe not. Think about sites that have strict rules about keys. Or sites having to use specific key types. Or RSA being compromised. Currently there's nothing an admin can do. It's the site's administrator that has to decide about that. The tool can provide a default but the admin must be enabled to change it if desired. Uli ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
By doing so you weaken security for sites providing this capability. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Ulrich Sibiller wrote: Date: Fri, 6 Oct 2017 08:57:37 +0200 From: Ulrich Sibiller To: Mihai Moldovan Cc: x2go users Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts On Fri, Oct 6, 2017 at 3:12 AM, Mihai Moldovan wrote: On 09/28/2017 01:49 PM, Max A. wrote: I'm using a x2go server on CentOS 6.9 (the latest version from EPEL, 4.0.1.20), clients use Windows XP/7 and the latest version of X2Go Client (4.1.0.0-2017.03.11). Each time the client connects, ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts with the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key "-f C: I explicitly decided against that. For more information and the rationale for this change, refer to the release announcement: http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html The release announcement talks about 2048-bit keys being generated while this indicates that even stronger keys are being used (which in turn increases the time to create them). I think for slow clients this is too much. At least the admin should be able to decide about the required security, not the maintainer. So what about staying as is by default but providing a possibility to pre-generate keys for those connections. Uli ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
On Fri, Oct 6, 2017 at 3:12 AM, Mihai Moldovan wrote: > > On 09/28/2017 01:49 PM, Max A. wrote: > > I'm using a x2go server on CentOS 6.9 (the latest version from EPEL, > > 4.0.1.20), clients use Windows XP/7 and the latest version of X2Go > > Client (4.1.0.0-2017.03.11). Each time the client connects, > > ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts with > > the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key "-f C: > I explicitly decided against that. For more information and the rationale for > this change, refer to the release announcement: > http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html The release announcement talks about 2048-bit keys being generated while this indicates that even stronger keys are being used (which in turn increases the time to create them). I think for slow clients this is too much. At least the admin should be able to decide about the required security, not the maintainer. So what about staying as is by default but providing a possibility to pre-generate keys for those connections. Uli ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
I agree with this. One of the things Snoden revealed was that the NSA hung on to a large number of compromised keys to tain access to encrypted data. In light of that re-using the same key is just making things too easy. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 6 Oct 2017, Mihai Moldovan wrote: Date: Fri, 6 Oct 2017 03:12:57 +0200 From: Mihai Moldovan To: Max A. , x2go-user@lists.x2go.org Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts On 09/28/2017 01:49 PM, Max A. wrote: I'm using a x2go server on CentOS 6.9 (the latest version from EPEL, 4.0.1.20), clients use Windows XP/7 and the latest version of X2Go Client (4.1.0.0-2017.03.11). Each time the client connects, ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts with the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key "-f C: /Users/max/.x2go/ssh/gen/key.fl1416 ". On not very powerful computers, this causes a delay of a few seconds with each connection and irritates users. Tell me please, if it is possible to generate this key once and for all? I understand that this may be inconvenient, but no, there's currently no way to generate a set of keys that will be re-used. I explicitly decided against that. For more information and the rationale for this change, refer to the release announcement: http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html Mihai ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
On 09/28/2017 01:49 PM, Max A. wrote: > I'm using a x2go server on CentOS 6.9 (the latest version from EPEL, > 4.0.1.20), clients use Windows XP/7 and the latest version of X2Go > Client (4.1.0.0-2017.03.11). Each time the client connects, > ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts with > the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key "-f C: > /Users/max/.x2go/ssh/gen/key.fl1416 ". On not very powerful computers, > this causes a delay of a few seconds with each connection and irritates > users. Tell me please, if it is possible to generate this key once and > for all? I understand that this may be inconvenient, but no, there's currently no way to generate a set of keys that will be re-used. I explicitly decided against that. For more information and the rationale for this change, refer to the release announcement: http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html Mihai signature.asc Description: OpenPGP digital signature ___ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] SSH-Daemon could not be started on MAC OSX 10.11.6
On 25.08.2016 10:55 AM, Thomas Stephan wrote: > I did not change the port, so it should be listening on the default port 22. > The client setting for the local SSH-port for file sharing is 22. Okay, can you please provide me with the output of sudo lsof -n -i | grep -i ssh and ls -ldh /etc/ssh_host_rsa_key.pub Looks like you don't have an RSA host key (which would be weird, if the system sshd is actually running.) In that case, X2Go Client currently spawns a private sshd instance *with an DSA key*. Newer OpenSSH versions deprecated DSA keys, though, so that's probably the reason why starting it up fails. Mihai signature.asc Description: OpenPGP digital signature ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] SSH-Daemon could not be started on MAC OSX 10.11.6
I did not change the port, so it should be listening on the default port 22. The client setting for the local SSH-port for file sharing is 22. We need file sharing and printer support, therefore it is not an option to suppress the warning message by disabling these functions. Best, Thomas Dr. Thomas Stephan Arbeitsgruppe für funktionelle, strukturelle und molekulare Bildgebung Neurologisches Forschungshaus Klinikum Grosshadern Feodor-Lynen-Str. 19 81377 München thomas.step...@lrz.uni-muenchen.de +49 89 4400-74819 (Fon) +49 89 4400-74801 (Fax) Am 24.08.16 um 21:52 schrieb Mihai Moldovan: On 23.08.2016 11:26 AM, Thomas Stephan wrote: Package: x2goclient Version: 4.0.5.1 (Qt - 4.8.7) Using x2goclient on MacOSX 10.11.6 to connect to a linux machine (Ubuntu). Connection works fine, but a message box pops up with the message: SSH-Daemon konnte nicht gestartet werden. However, I have an ssh-server running on my machine, and I am able to connect to it from remote. Find the error message below: On what port is the SSH daemon listening? What port has been set in the general client settings? The error message explicitly contains pointers what to check regarding the configuration and - if remote printing or file sharing support are not required - how to get rid of the warning message. Mihai ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] SSH-Daemon could not be started on MAC OSX 10.11.6
On 23.08.2016 11:26 AM, Thomas Stephan wrote: > Package: x2goclient > Version: 4.0.5.1 (Qt - 4.8.7) > > Using x2goclient on MacOSX 10.11.6 to connect to a linux machine (Ubuntu). > Connection works fine, but a message box pops up with the message: > SSH-Daemon konnte nicht gestartet werden. > However, I have an ssh-server running on my machine, and I am able to connect > to > it from remote. > > Find the error message below: On what port is the SSH daemon listening? What port has been set in the general client settings? The error message explicitly contains pointers what to check regarding the configuration and - if remote printing or file sharing support are not required - how to get rid of the warning message. Mihai signature.asc Description: OpenPGP digital signature ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] SSH key generation in Windows
Am 03.03.2016 um 15:12 schrieb Sébastien Ducoulombier: > Hello, > > > I am considering restricting access to my X2Go servers : I'd like to > disable password authentication. > > I need all my X2Go client users to generate their own SSH keys and > transfer the public part to the server. > > I wrote a simple guide for Linux and Mac users, but I still miss Windows > support, since I do not have windows systems around me. > > I found > http://wiki.x2go.org/doku.php/wiki:advanced:authentication:passwordless-ssh#windows-client > > Does that wiki documented procedure work with XP, Seven and W10 ? It SHOULD (tm). However, Windows users might prefer a more GUI-ish approach. Check out PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html There's PuTTYgen (a GUI to create and manage keyfiles) and Pageant (an SSH agent for Windows). Do note that PuTTYgen by default creates private key files that are only usable with the other tools from the PuTTY suite (like Pageant), NOT with X2GoClient itself. So you can either use Pageant and load the PuTTY-style private key file into that, then tell X2GoClient to use an agent-stored key (leaving the path to the key file blank in the session configuration), or you need to export the private key using PuTTYgen into the standard format. -Stefan -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 signature.asc Description: OpenPGP digital signature ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] ssh kex error
Am 19.10.2015 17:06, schrieb Robert Dinse: the new version of openssh disabled certain insecure ciphers... Version7 is what you mean. I use 6.9 on both client and server. you can add the following line to your /etc/ssh/sshd_config manually enable the insecure old ciphers: KexAlgorithms curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 Adding these ciphers doesn't help - same algo error, Thats wired coz I can ssh to the server without any issues. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Mon, 19 Oct 2015, i...@k4ts.net wrote: Date: Mon, 19 Oct 2015 15:12:43 +0200 From: i...@k4ts.net To: x2go-user@lists.x2go.org Subject: [X2Go-User] ssh kex error hi, i'm not able to connect to my new hardened gentoo server using x2go. No matter which key type i select for the connection, the client (v. 4.0.5.0) terminates with the following: kex error : no match for method server host key algo: server [ssh-rsa,ssh-ed25519], client [ecdsa-sha2-nistp256] I have rsa and ed25519 keys on my client and server. sshing from the shell works like always. log is attached. do you have an idea, whats might wrong? thx, k4t k4tfish@e10 ~ $ ssh k4tfish@host OpenSSH_6.9p1-hpn14v5, OpenSSL 1.0.2d 9 Jul 2015 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to host.net port 51822. debug1: Connection established. debug1: identity file /home/k4tfish/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9p1-hpn14v5 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9p1-hpn14v5 debug1: match: OpenSSH_6.9p1-hpn14v5 pat OpenSSH* compat 0x0400 debug1: Authenticating to host...net:51822 as 'k4tfish' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: AUTH STATE IS 0 debug1: REQUESTED ENC.NAME is 'chacha20-poly1...@openssh.com' debug1: kex: server->client chacha20-poly1...@openssh.com none debug1: REQUESTED ENC.NAME is 'chacha20-poly1...@openssh.com' debug1: kex: client->server chacha20-poly1...@openssh.com none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-ed25519 SHA256:xyz debug1: Host '[host.net]:51822' is known and matches the ED25519 host key. debug1: Found key in /home/k4tfish/.ssh/known_hosts:203 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/k4tfish/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: Authentication succeeded (publickey). Authenticated to host ([123.123.456.7]:51822). debug1: Final hpn_buffer_size = 2097152 debug1: HPN Disabled: 0, HPN Buffer Size: 2097152 debug1: channel 0: new [client-session] debug1: Enabled Dynamic Window Scaling debug1: Requesting no-more-sessi...@openssh.com debug1: Entering interactive session. debug1: client_input_global_request: rtype hostkeys...@openssh.com want_reply 0 debug1: Sending environment. debug1: Sending env LC_COLLATE = C debug1: Sending env LANG = en_US.utf8 ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user