Hi, I have inspected the ~/.x2go/ssh directories on both the client and the server machine. They both are empty.
But I found the following behavior. If I remove the line for the remote host from the ~/.ssh/known_hosts file on my client machine then x2go presents the question about "trust the host key" as already depicted below. If I approve it then again in the known_hosts file I can find the public key of the host which is identical to /etc/ssh/ssh_host_ecdsa_key.pub of the host. On the next connect I don't get a "trust the host key" question. This is also the behavior I would expect if I directly log on into the server using ssh. If my known_hosts file is empty the ssh client presents a fingerprint of the public identity key of the host either as md5 or sha256 fingerprint. These are the fingerprints as already mentioned: > > ssh_host_ecdsa_key.pub: > > 256 SHA256:3vf9PbLKhlaFpff7SxpaDLyrfYJF8iJ+Px3bMzLNY2U > > [email protected] (ECDSA) > > 256 MD5:7b:9a:76:4b:58:ce:87:bf:3f:56:41:a9:7c:f8:bf:e9 > > [email protected] (ECDSA) So I guess x2go should also present a fingerprint of the public identity key of the host on the first connection. But as it is now it is of no use because I can't prepare the fingerprint on the server-side in advance and take it with me as long as I don't know how x2go generates this fingerprint (and I can do it the same way too). Has anybody a hint how x2go creates the presented fingerprint and how I could do that myself in advance on the server-side to be able to check later if I'm connected to the correct host? Best regards, Stefan > Gesendet: Sonntag, 15. November 2020 um 18:09 Uhr > Von: "Ulrich Sibiller" <[email protected]> > An: "Stefan Mätje" <[email protected]> > Cc: "x2go users" <[email protected]> > Betreff: Re: [X2Go-User] What is the hash algorithm / format used for the > host key hash during connection instantiation? > > I never looked into how x2go handles ssh keys. However, x2go generates > individual keys during session startup. Maybe you are seeing one of > those? > > On my system there are some keys in ~/.x2go/ssh > > Uli > > On Sun, Nov 15, 2020 at 5:57 PM Stefan Mätje <[email protected]> wrote: > > > > Hi, > > > > I'm using x2go to connect from a Linux Mint (19) machine to an Ubuntu server > > using a RSA key over SSH. > > > > During the connection instantiation x2go presents me the following question: > > > > Der Server ist unbekannt. Vertrauen Sie diesem Host-Key? > > Hash des öffentlichen Schlüssels: remote.server.com:22 - > > d7:2e:e0:ae:27:7a:e5:33:59:6d:00:12:75:22:0a:c6:9a:10:31:a9 > > > > I. e. "The server is unkown. Do you trust this host key?" I now have > > problems to match the presented fingerprint > > hash to the host identity keys that are present on the server machine under > > /etc/ssh/ssh_host_*key*. > > > > When I later inspect the .ssh/known_hosts file on my Linux Mint machine > > (client side) I can match the public > > key there to the public host identity key on the server side that has the > > following fingerprints > > (displayed with 'ssh-keygen -l -E {md5|sha256} -f ssh_host_ecdsa_key'): > > > > ssh_host_ecdsa_key.pub: > > 256 SHA256:3vf9PbLKhlaFpff7SxpaDLyrfYJF8iJ+Px3bMzLNY2U > > [email protected] (ECDSA) > > 256 MD5:7b:9a:76:4b:58:ce:87:bf:3f:56:41:a9:7c:f8:bf:e9 > > [email protected] (ECDSA) > > > > Neither of these fingerprints can be matched to the fingerprint / hash that > > x2go presents to me. The MD5 > > hash line is similar but shorter (only 16 hash bytes aka. 128 bits that > > matches a MD5 sum length). The > > x2go hash has 20 bytes (160 bits) hash length. > > > > The question is how can I reliably match the fingerprint x2go presents to > > me to the right host ID hash. > > Am I comparing / expecting the wrong keys? > > > > Can somebody please shed some light on this issue. > > > > Best regards, > > Stefan _______________________________________________ x2go-user mailing list [email protected] https://lists.x2go.org/listinfo/x2go-user
