<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=koi8-r">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
code
{mso-style-priority:99;
font-family:"Courier New";}
pre
{mso-style-priority:99;
mso-style-link:"Стандартный HTML Знак";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.HTML
{mso-style-name:"Стандартный HTML Знак";
mso-style-priority:99;
mso-style-link:"Стандартный HTML";
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:695809273;
mso-list-type:hybrid;
mso-list-template-ids:1430314020 68747279 68747289 68747291 68747279 68747289 68747291 68747279 68747289 68747291;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1
{mso-list-id:1031105014;
mso-list-type:hybrid;
mso-list-template-ids:-700678718 68747279 68747289 68747291 68747279 68747289 68747291 68747279 68747289 68747291;}
@list l1:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
</head>
<body lang="RU" link="blue" vlink="purple">
<div class="Section1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Package:
x2goserver</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">
Version: 4.0.1.19-0~1064~ubuntu16.04.1 amd64</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">First
of all, I would like to thank you for your marvelous x2go server.</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">However,
I have tried to install it on Ubuntu 14.04, 15.10 and 16.04 and every time I
had the same error on mounting local shares from mswin official client:</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Mar
10 17:53:55 x2go-test /usr/bin/x2gomountdirs[1428]: executing: timeout 30
sshfs -o idmap=user,uid=`id -u`,gid=`id -g`,default_permissions,ServerAliveInterval=300,Cipher=blowfish,IdentityFile=/home/sysop/.x2go/ssh/key.gq4920,UserKnow</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">nHostsFile=/home/sysop/.x2go/ssh/key.gq4920.ident
"User"@<a href="http://192.168.0.128">192.168.0.128</a>:"/cygdrive/D/QUAKE2"
"/tmp/.x2go-sysop/media/disk/_cygdrive_D_QUAKE2" -p 7022</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Mar
10 17:53:55 x2go-test /usr/bin/x2gomountdirs[1428]: WARNING: mounting of
/cygdrive/D/QUAKE2 failed</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">I
have tested it on several Windows PC’s, still no luck. I have the remote
access to linux desktop (ssh connection to Linux works fine), but backward ssh
connection fails.</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">I
have found the following bugs and solutions:</span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman""> </span></span></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">sshd on cygwin offers
ssh-dss keys, but modern ssh-client on Ubuntu fails to accept this
(deprecated?) type of a key.</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">The problem is worked-around
by adding HostKeyAlgorithms=+ssh-dss to /etc/ssh/ssh_config</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">OR </span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">The problem can be solved on
the whole by generating a better type of a key on windows-side. </span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">C:\Program Files
(x86)\x2goclient\ssh-keygen -b 2048 -t rsa</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">And simply replacing c:\Users\User\.x2go\etc\</span><span lang="EN-US"> </span><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">ssh_host_dsa_key
and c:\Users\User\.x2go\etc\</span><span lang="EN-US"> </span><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">ssh_host_dsa_key.pub with
generated files.</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Ssh-keygen supports RSA keys
or even ecdsa.</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Of course, It would be great
to do it when installing mswin x2go client</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman""> </span></span></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">/usr/bin/x2gomountdirs
line 312 starts sshfs connection this way:</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">if (system("timeout 30
sshfs $code_conv -o idmap=user,uid=`id -u`,gid=`id
-g`,$umaskstr,ServerAliveInterval=300,Cipher=blowfish,IdentityFile=$key,UserKnownHostsFile=$key.ident
\"$user\"\@$host:\"@dirs[$i]\" \"$mntpath\" -p
$port 1>>$sessiondir/sshfs-mounts.log 2>&1")==0)</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">BUT!</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">=========================</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Changes since OpenSSH 6.6</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">=========================</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Potentially-incompatible
changes</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">* sshd(8): The default set
of ciphers and MACs has been altered to</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> remove unsafe algorithms.
In particular, CBC ciphers and arcfour*</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> are disabled by default.</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">So to make it work you just delete
Cipher=blowfish, out of the line like that:</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">if (system("timeout 30
sshfs $code_conv -o idmap=user,uid=`id -u`,gid=`id
-g`,$umaskstr,ServerAliveInterval=300,IdentityFile=$key,UserKnownHostsFile=$key.ident
\"$user\"\@$host:\"@dirs[$i]\" \"$mntpath\" -p
$port 1>>$sessiondir/sshfs-mounts.log 2>&1")==0)</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Actually this bug makes
impossible shares mounting for all clients (not only windows) since November 2014.
It means, since then folder mounting fails for anyone, who installs updates from
time to time. o_O</span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman""> </span></span></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Windows 8 clients
have a cygwin bug that prevent them from starting sshd properly, thus
preventing them from mounting local folders:</span></p>
<pre><code><span lang="EN-US">Permissions 660 for '...' are too open.</span></code></pre><pre><code><span lang="EN-US">It is recommended that your private key files are NOT accessible by others.</span></code></pre><pre><code><span lang="EN-US">This private key will be ignored.</span></code></pre><pre><code><span lang="EN-US"> </span></code></pre><pre><code><span lang="EN-US">As it is the only key, sshd fails to start at all.</span></code></pre><pre><code><span lang="EN-US"> </span></code></pre><pre><code><span lang="EN-US">It is not a problem of x2go. But still, you can add to a wiki the following:</span></code></pre><pre><code><span lang="EN-US"> </span></code></pre><pre><code><span lang="EN-US">To test for this kind of error, you need to install mswin client with Debug Build and run it with debug shortcut.</span></code></pre><pre><code><span lang="EN-US">If you see the error stated above, you simply set the following permissions to c:\Users\<Username>\.x2go\etc folder:</span></code></pre><pre style="margin-left:36.0pt"><code><span lang="EN-US"><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman""> </span></span></span></code><code><span lang="EN-US">OWNER – GROUP(!!!) Users (in fact, any group your user is in – Everyone, Administrators)</span></code></pre><pre style="margin-left:36.0pt"><code><span lang="EN-US"><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman""> </span></span></span></code><code><span lang="EN-US">Disable rights inheriting</span></code></pre><pre style="margin-left:36.0pt"><span lang="EN-US"><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman""> </span></span></span><span lang="EN-US">Delete all user rights</span></pre><pre style="margin-left:36.0pt"><span lang="EN-US"><span style="mso-list:Ignore">4.<span style="font:7.0pt "Times New Roman""> </span></span></span><span lang="EN-US">Add only one rule to the rights – the group, that you have set the owner to – read and write.</span></pre><pre><span lang="EN-US"> </span></pre><pre><span lang="EN-US">It should not throw this error anymore.</span></pre>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Best
regards, </span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Yahor
Zaleski</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Doctor
Server, LLC, Minsk</span></p>
</div>
</body>
</html>