[X2Go-Dev] Bug#765: Kex Error in X2Go client
rpr nospam
rpr.nospam at gmail.com
Thu Oct 8 21:01:49 CEST 2015
Hi!
I also saw this issue while trying to connect with X2Go Client for
Windows (v. 4.0.5.0) to x2goserver (v. 4.0.1.19-0~1064~ubuntu14.04.1)
on a Linux Mint 17 machine.
The connection worked fine until the SSH server on the Linux machine
was reconfigured in order to harden it (see the recommendations in
https://stribika.github.io/2015/01/04/secure-secure-shell.html).
That reconfiguration allowed only the following host keys and key
exchange algorithms:
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
KexAlgorithms curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256
The Elliptic Curve Digital Signature Algorithm (ECDSA) (and the
corresponding /etc/ssh/ssh_host_ecdsa_key) is not enabled because its
implementation may use a faulty pseudo-random number generator (i.e.
containing a back door created by NSA) as explained in some pages
referred by the aforementioned article.
After some investigation I found how to get rid of the error: in
C:\Users\username\ssh\known_hosts remove the line corresponding to the
x2goserver host and ecdsa-sha2-nistp256 key exchange algorithm:
x2goserver_host_address ecdsa-sha2-nistp256 ...
-- rpr.
More information about the x2go-dev
mailing list