[X2Go-Dev] Bug#240: X2goclient cannot read hashed entries in known_hosts
Heinrich Schuchardt
xypron.glpk at gmx.de
Sun Jun 16 14:31:32 CEST 2013
Package: x2goclient
Version: 4.0.1.0
Severity: normal
Dear maintainer,
I am running Debian Wheezy AMD64
I have installed
http://packages.x2go.org/debian/ wheezy/main x2goclient amd64
4.0.1.0-0~x2go1+wheezy~main~380~build1
After deleting ~/.ssh/known_hosts I have connected my x2goserver with
the command line tool ssh.
This created file known_hosts with one entry in the hashed file format
described in the sshd(8) man page:
"Alternately, hostnames may be stored in a hashed form which hides host
names and addresses should the file's contents be disclosed."
I now try to connect the same server with x2goclient and get an error
"Der Host-Key des Servers konnte nicht gefunden werden aber ein anderer
Schlüsseltyp existiert. Ein Angreifer kann den Schlüssel verändert
haben, um dem Client vorzutäuschen, dass der Schlüssel nicht existiert"
in English this would be
"The host key for this server was not found but an other type of key
exists.An attacker might change the default server key to confuse your
client into thinking the key does not exist"
Please, ensure that x2goclient can work with the hashed format of
known_hosts.
Best regards
Heinrich Schuchardt
More information about the x2go-dev
mailing list