[X2Go-Dev] The cygwin sshd problem [advice wanted]

Mike DePaulo mikedep333 at gmail.com
Fri Apr 29 14:44:53 CEST 2016


On Thu, Apr 28, 2016 at 10:02 PM, Mihai Moldovan <ionic at ionic.de> wrote:
> On 28.04.2016 03:26 PM, Mike DePaulo wrote:
>> For those who don't know about the issue with X2Go Client for Windows
>> that is holding up its 4.0.5.1 release, upgrading cygwin sshd from
>> 6.8p1-1 to 7.1p2-1 broke our folder sharing & printer sharing feature.
>>
>> After I added the cygwin sshd logging feature, I see this in the sshd log file:
>> Unable to negotiate with 127.0.0.1: no matching host key type found. ...
>> http://pastebin.com/M7CeySQ9
>>
>> After doing some research, it looks like this is the incompatible change:
>> http://www.openssh.com/txt/release-7.0
>>  * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
>>    by default at run-time. These may be re-enabled using the
>>    instructions at http://www.openssh.com/legacy.html
>>
>> What I am wondering is this: Are we limiting ourselves to
>> ssh-dss-cert-* keys, or is sshfs limiting us?
>
> We're limiting ourselves here (for no good reason, as far as I can tell. It just
> happen to be implemented that way.) #1003 is a request for RSA key support.
> Enabling DSA when starting sshd.exe is one possible workaround, either via
> command line or config file option.
>
> I'll hook in RSA host key support at some time, but not right now and not on
> master. My bugfix/osx branch already contains a lot of WiP changes regarding
> sshd support as well, but isn't finished yet. Adding RSA host key support on
> master would make merging way more difficult for me.

Understood, I'll hold off.

> Alternatively, if the newer version doesn't fix any security issues we are
> affected by, we could ship the older version for now.

In this case, I believe I should just re-add DSA support via the
temporary cygwin sshd config file that we generate.

I would rather not hold back the entire cygwin bundle, or try to hold
back sshd without holding back the rest of the cygwin bundle.

Thank you,
-Mike


More information about the x2go-dev mailing list