[X2Go-Dev] Bug#240: X2goclient cannot read hashed entries in known_hosts

Heinrich Schuchardt xypron.glpk at gmx.de
Sun Jun 16 14:31:32 CEST 2013


Package: x2goclient
Version: 4.0.1.0
Severity: normal

Dear maintainer,

I am running Debian Wheezy AMD64

I have installed
http://packages.x2go.org/debian/ wheezy/main x2goclient amd64 
4.0.1.0-0~x2go1+wheezy~main~380~build1

After deleting ~/.ssh/known_hosts I have connected my x2goserver with 
the command line tool ssh.

This created file known_hosts with one entry in the hashed file format 
described in the sshd(8) man page:
"Alternately, hostnames may be stored in a hashed form which hides host 
names and addresses should the file's contents be disclosed."

I now try to connect the same server with x2goclient and get an error

"Der Host-Key des Servers konnte nicht gefunden werden aber ein anderer 
Schlüsseltyp existiert. Ein Angreifer kann den Schlüssel verändert 
haben, um dem Client vorzutäuschen, dass der Schlüssel nicht existiert"

in English this would be

"The host key for this server was not found but an other type of key 
exists.An attacker might change the default server key to confuse your 
client into thinking the key does not exist"

Please, ensure that x2goclient can work with the hashed format of 
known_hosts.

Best regards

Heinrich Schuchardt



More information about the x2go-dev mailing list