[X2Go-User] X2Go Server / X2Go Client with openSSH 6.7 (Debian jessie et al.)
Michael DePaulo
mikedep333 at gmail.com
Tue Oct 21 15:50:27 CEST 2014
Windows users,
See inline comment
On Thu, Oct 16, 2014 at 11:41 AM, Mike Gabriel
<mike.gabriel at das-netzwerkteam.de> wrote:
> Hi all,
>
> openSSH 6.7 has just entered Debian unstable and will be in Debian jessie
> soon. It will probably land in other distributions rather sooner than later.
>
> As the openSSH developers have--by default--disabled several kex algorithm
> in the latest openSSH 6.7 release, X2Go Client on older systems (Debian
> wheezy, Ubuntu 14.04, etc.) will fail connecting to those machines.
>
> """ (This probably is the error message X2Go Client shows on your screen...)
>
> X2Go Client reports: kex error : did not find one of algos
> diffie-hellman-group1-sha1 in list
> curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
> for kex algos
>
> """
>
> The issue can be addressed in two ways...
>
> OPTION 1:
> ---------
> If you only have control of the client, you may get the issue resolved by
> backporting a libssh 0.6.3 version. Consult your distribution's build tools
> to make this happen.
>
> I will checkout what we as X2Go upstream can provide for you in our package
> repositories without breaking other parts of your system (older applications
> using libssh << 0.6.0 are very likely to break with that newer libssh).
I just released X2Go Client for Windows 4.0.3.0-20141021 with libssh
0.6.3 bundled.
http://code.x2go.org/releases/binary-win32/x2goclient/releases/
>
> OPTION 2:
> ---------
> If you have control of the server, then you may want to re-enable the
> mode-insecure, older, by-default-disabled algos. From the sshd_config man
> page in openSSH 6.7:
>
> """
> KexAlgorithms
> Specifies the available KEX (Key Exchange) algorithms.
> Multiple
> algorithms must be comma-separated. The supported algorithms
> are:
>
> curve25519-sha256 at libssh.org
> diffie-hellman-group1-sha1
> diffie-hellman-group14-sha1
> diffie-hellman-group-exchange-sha1
> diffie-hellman-group-exchange-sha256
> ecdh-sha2-nistp256
> ecdh-sha2-nistp384
> ecdh-sha2-nistp521
>
> The default is:
>
> curve25519-sha256 at libssh.org,
> ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
> diffie-hellman-group-exchange-sha256,
> diffie-hellman-group14-sha1
> """
>
> What you probably have to add to the KexAlgorithms parameter in
> /etc/ssh/sshd_config are these additional algos: diffie-hellman-group1-sha1
> and diffie-hellman-group-exchange-sha1.
>
> """
> KexAlgorithms
> curve25519-sha256 at libssh.org,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
> """
>
> If you use the KexAlgorithms option in sshd_config, make sure that you:
>
> o also add all the default algos
> o restart openSSH server on your server and try a second login
> while you are still logged in with another session (in case you
> broker something by editing sshd_config)
>
> Greets,
> Mike
>
> --
> DAS-NETZWERKTEAM
> mike gabriel, herweg 7, 24357 fleckeby
> fon: +49 (1520) 1976 148
>
> GnuPG Key ID 0x25771B31
> mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
>
> freeBusy:
> https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
>
> _______________________________________________
> x2go-user mailing list
> x2go-user at lists.x2go.org
> http://lists.x2go.org/listinfo/x2go-user
More information about the x2go-user
mailing list