On Fri, Apr 29, 2016 at 8:44 AM, Mike DePaulo <[email protected]> wrote: > On Thu, Apr 28, 2016 at 10:02 PM, Mihai Moldovan <[email protected]> wrote: >> On 28.04.2016 03:26 PM, Mike DePaulo wrote: >>> For those who don't know about the issue with X2Go Client for Windows >>> that is holding up its 4.0.5.1 release, upgrading cygwin sshd from >>> 6.8p1-1 to 7.1p2-1 broke our folder sharing & printer sharing feature. >>> >>> After I added the cygwin sshd logging feature, I see this in the sshd log >>> file: >>> Unable to negotiate with 127.0.0.1: no matching host key type found. ... >>> http://pastebin.com/M7CeySQ9 >>> >>> After doing some research, it looks like this is the incompatible change: >>> http://www.openssh.com/txt/release-7.0 >>> * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled >>> by default at run-time. These may be re-enabled using the >>> instructions at http://www.openssh.com/legacy.html >>> >>> What I am wondering is this: Are we limiting ourselves to >>> ssh-dss-cert-* keys, or is sshfs limiting us? >> >> We're limiting ourselves here (for no good reason, as far as I can tell. It >> just >> happen to be implemented that way.) #1003 is a request for RSA key support. >> Enabling DSA when starting sshd.exe is one possible workaround, either via >> command line or config file option. >> >> I'll hook in RSA host key support at some time, but not right now and not on >> master. My bugfix/osx branch already contains a lot of WiP changes regarding >> sshd support as well, but isn't finished yet. Adding RSA host key support on >> master would make merging way more difficult for me. > > Understood, I'll hold off. > >> Alternatively, if the newer version doesn't fix any security issues we are >> affected by, we could ship the older version for now. > > In this case, I believe I should just re-add DSA support via the > temporary cygwin sshd config file that we generate.
I am/was unfamiliar with how we use sshd on Linux and Mac OS X. I see that we start instances of sshd on both of them also. The logic belongs in src/onmainwindow.cpp: ONMainWindow::generateEtcFiles() . Should I put the ssh-dss line below within the ifdef Q_OS_WIN block, or outside of it? This is the line I would add to the config file: PubkeyAcceptedKeyTypes=+ssh-dss > I would rather not hold back the entire cygwin bundle, or try to hold > back sshd without holding back the rest of the cygwin bundle. > > Thank you, -Mike _______________________________________________ x2go-dev mailing list [email protected] http://lists.x2go.org/listinfo/x2go-dev
