Package: x2goclient
https://bugzilla.redhat.com/show_bug.cgi?id=1680283
Bug ID: 1680283
Summary: Deprecated UsePrivilegeSeparation option hard coded in
client
Product: Fedora
Version: 29
Status: NEW
Component: x2goclient
Assignee: orion(a)nwra.com
Reporter: horsley1953(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: orion(a)nwra.com
Target …
[View More]Milestone: ---
Classification: Fedora
Description of problem:
Every time I start an x2go session from home to work, I get this error in my
message log:
Feb 12 08:24:03 zooty sshd[3479]: rexec line 2: Deprecated option
UsePrivilegeSeparation
Looking in all the files installed by all the x2go related rpm packages,
I find
this:
fgrep -n UsePrivilegeSeparation `rpm -q --list $i` 2>/dev/null
Binary file /usr/bin/x2goclient matches
Version-Release number of selected component (if applicable):
x2goclient-4.1.2.1-1.fc29.x86_64
How reproducible:
100%
Steps to Reproduce:
1.start x2go session
2.see error show up in log
3.
Actual results:
log error
Expected results:
no log error
Additional info:
Don't know when they will really remove the option, but I presume x2go will
cease functioning when it becomes an error rather than a deprecation
warning.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
[View Less]
Hello,
I am trying to configure x2go server on a Virtual Private Server (VPS) that
I rent that has Debian 10 as an operating system.
I followed the installation procedure steps on my local machine (apt
install x2goclient) and on the server as root (apt install x2goserver
x2goserver-xsession)
And I configured to connect via SSH automatically on port 22 in the client
app.
Here is the server log (journalctl -f) when I begin the connection:
Feb 13 03:46:13 mail.com sshd[17246]: Accepted …
[View More]password for myuser1 from
X.X.X.X port 15110 ssh2
Feb 13 03:46:13 mail.com sshd[17246]: pam_unix(sshd:session): session
opened for user myuser1 by (uid=0)
Feb 13 03:46:13 mail.com systemd-logind[369]: New session 169 of user
myuser1.
Feb 13 03:46:13 mail.com systemd[1]: Started Session 169 of user myuser1.
Feb 13 03:46:27 mail.com /usr/sbin/x2gocleansessions[31362]:
myuser1-50-1739436381_stDXFCE_dp24: state file for this session does not
exist: /tmp/.x2go-myuser1/C-myuser1-50-1739436381_stDXFCE_dp24/state (this
can be ignored during session startups)
Feb 13 03:46:33 mail.com /usr/sbin/x2gocleansessions[31362]:
myuser1-50-1739436381_stDXFCE_dp24: state file for this session does not
exist: /tmp/.x2go-myuser1/C-myuser1-50-1739436381_stDXFCE_dp24/state (this
can be ignored during session startups)
Feb 13 03:46:38 mail.com /usr/sbin/x2gocleansessions[31362]:
myuser1-50-1739436381_stDXFCE_dp24: state file for this session does not
exist: /tmp/.x2go-myuser1/C-myuser1-50-1739436381_stDXFCE_dp24/state (this
can be ignored during session startups)
Feb 13 03:47:15 mail.com /usr/bin/x2gostartagent[18122]: successfully
started X2Go Agent session with ID myuser1-50-1739436381_stDXFCE_dp24
Feb 13 03:47:23 mail.com sshd[17259]: Received disconnect from X.X.X.X port
15110:11: Bye Bye
Feb 13 03:47:23 mail.com sshd[17259]: Disconnected from user myuser1
X.X.X.X port 15110
Feb 13 03:47:23 mail.com sshd[17246]: pam_unix(sshd:session): session
closed for user myuser1
Feb 13 03:47:23 mail.com systemd-logind[369]: Session 169 logged out.
Waiting for processes to exit.
Feb 13 03:47:23 mail.com systemd[1]: session-169.scope: Succeeded.
Feb 13 03:47:23 mail.com systemd-logind[369]: Removed session 169.
Client side:
Info: Proxy running in server mode with pid '13575'.
Session: Starting session at 'Thu Feb 13 12:04:25 2025'.
Info: Using errors file
'/home/me/.x2go/S-myuser1-50-1739437418_stDXFCE_dp24/sessions'.
Info: Using stats file '/home/me/.x2go/S-50/stats'.
Loop: WARNING! Overriding auxiliary X11 port with new value '1'.
Warning: Overriding auxiliary X11 port with new value '1'.
Info: Using abstract X11 socket in kernel namespace for accessing
DISPLInfo: Connection with remote proxy completed.
Loop: WARNING! Unrecognized session type 'unix-kde-depth_24'. Assuming
ageInfo: Using WAN link parameters 1408/24/1/0.
Info: Using cache parameters 4/4096KB/8192KB/8192KB.
Info: Using pack method '16m-jpeg-9' with session 'Warning: Protocol
mismatch or no X authentication data.
Log window here closes abruptly, back to login prompt, try to reconnect and
the final log:
Connection timeout, aborting
NXPROXY - Version 3.5.99.26
Copyright (c) 2001, 2011 NoMachine (http://www.nomachine.com)
Copyright (c) 2008-2014 Oleksandr Shneyder <o.shneyder(a)phoca-gmbh.de>
Copyright (c) 2014-2016 Ulrich Sibiller <uli42(a)gmx.de>
Copyright (c) 2014-2016 Mihai Moldovan <ionic(a)ionic.de>
Copyright (c) 2011-2016 Mike Gabriel <mike.gabriel(a)das-netzwerkteam.de>
Copyright (c) 2015-2016 Qindel Group (http://www.qindel.com)
NXCOMP, NX protocol compression and NX extensions to this software
are copyright of the aforementioned persons and companies.
Redistribution and use of the present software is allowed according
to terms specified in the file LICENSE.nxcomp which comes in the
source distribution.
All rights reserved.
NOTE: This software has received contributions from various other
contributors, only the core maintainers and supporters are listed as
copyright holders. Please contact us, if you feel you should be listed
as copyright holder, as well.
NX protocol compression is derived from DXPC project.
Copyright (c) 1995,1996 Brian Pane
Copyright (c) 1996,1997 Zachary Vonler and Brian Pane
Copyright (c) 1999 Kevin Vigor and Brian Pane
Copyright (c) 2000,2003 Gian Filippo Pinzari and Brian Pane
All rights reserved.
See https://github.com/ArcticaProject/nx-libs for more information.
Info: Proxy running in server mode with pid '13618'.
Session: Starting session at 'Thu Feb 13 12:05:35 2025'.
Info: Using errors file
'/home/me/.x2go/S-myuser1-50-1739437488_stDXFCE_dp24/sessions'.
Info: Using stats file '/home/me/.x2go/S-50/stats'.
Loop: WARNING! Overriding auxiliary X11 port with new value '1'.
Warning: Overriding auxiliary X11 port with new value '1'.
Info: Using abstract X11 socket in kernel namespace for accessing
DISPLAY=:0.
Info: Connecting to remote host 'localhost:40736'.
Info: Connected to remote proxy on FD#5.
Info: Connection with remote proxy completed.
Loop: WARNING! Unrecognized session type 'unix-kde-depth_24'. Assuming
agent session.
Warning: Unrecognized session type 'unix-kde-depth_24'. Assuming agent
session.
Info: Using WAN link parameters 1408/24/1/0.
Info: Using cache parameters 4/4096KB/8192KB/8192KB.
Info: Using pack method '16m-jpeg-9' with session 'unix-kde-depth_24'.
Info: Using ZLIB data compression 1/1/32.
Info: Using ZLIB stream compression 1/1.
Info: No suitable cache file found.
Info: Forwarding X11 connections to display ':0'.
Info: Forwarding auxiliary X11 connections to display ':0'.
Session: Session started at 'Thu Feb 13 12:05:37 2025'.Warning: Protocol
mismatch or no X authentication data.
And then all the client log is replaced with the final conclusion:
Session: Terminating session at 'Thu Feb 13 12:05:41 2025'.
Info: Your session was closed before reaching a usable state.
Info: This can be due to the local X server refusing access to the client.
Info: Please check authorization provided by the remote X application.
Session: Session terminated at 'Thu Feb 13 12:05:41 2025'.
Connection timeout, aborting
How do I fix this? My user only has a /home/myuser1 directory which I
created under root and did chmod +rwx /home/myuser1.
Thank you,
-Max Bondaruk
[View Less]
Hello,
I'm having a crash problem with latest version (also previous ones) with
ssh private key authentication and Putty Pageant. Looks like there is a
buffer overflow involved. With several smaller keys (e.g. ssh-ed25519)
it works well.
I found a scenario to reproduce it:
1. Generate a RSA 4096 Bit length private/public key pair
2. Load it on the Windows client into Putty Pageant
3. Put public key at the server at ~/.ssh/authorized_keys
4. open connection to the server => crash, see …
[View More]logs
Looks like it is a bug in the old libssh library version with large
private/public keys.
Can you please fix the topic.
Some questions:
- Is the used libssh version really version 0.9.2?
- The logs have some entries with: agent_talk - len of request
- That has been changed in git to another logging in 2011:
https://git.libssh.org/projects/libssh.git/commit/?id=ba4f10dc4657952ec47f7…
- Version 0.9.2 has been released in 2019:
https://www.libssh.org/2019/11/07/libssh-0-9-2/
- So it looks, not the version 0.9.2 is used
- Any plans to upgrade to latest version of libssh 0.11.0 while keeping
Putty Pageant Agent support?
- Upgrade plans to newer Putty version?
- Is there a newer nightly Windows build from newer git sources available?
Version:
- X2Go Client 4.1.2.3-ba65703-kdrclient-a3134d6
- according to the logs: ssh_connect: libssh 0.9.2 (c) 2003-2019
Aris Adamantiadis, Andreas Schneider and libssh contributors.
Distributed under the LGPL, please refer to COPYING file for information
about your rights, using threading threads_pthread
- Server: (not relevant but version is: x2goserver-4.1.0.6-4.fc41.x86_64)
Thnx.
Ciao,
Gerhard
Relevant debug log file on the client:
x2go-DEBUG-src\sshmasterconnection.cpp:674> Setting SSH directory to
C:/Users/user/ssh
[2024/12/17 08:03:09.904803, 3] : agent_talk - len of request: 1
[2024/12/17 08:03:09.904803, 3] : agent_talk - response length: 568
[2024/12/17 08:03:09.904803, 1] ssh_agent_get_ident_count: Answer type:
12, expected answer: 12
[2024/12/17 08:03:09.904803, 3] ssh_agent_get_ident_count: Agent count: 1
[2024/12/17 08:03:09.904803, 3] ssh_userauth_agent: Trying identity
rsa-key-20241217
[2024/12/17 08:03:09.904803, 3] ssh_key_algorithm_allowed: Checking
rsa-sha2-512 with list
<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
[2024/12/17 08:03:09.904803, 3] ssh_key_algorithm_allowed: Checking
rsa-sha2-512 with list
<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
[2024/12/17 08:03:09.904803, 3] packet_send2: packet: wrote [type=5,
len=32, padding_size=14, comp=17, payload=17]
[2024/12/17 08:03:09.904803, 3] ssh_service_request: Sent
SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
[2024/12/17 08:03:09.904803, 3] ssh_socket_unbuffered_write: Enabling
POLLOUT for socket
[2024/12/17 08:03:09.949398, 3] ssh_packet_socket_callback: packet:
read type 6 [len=32,padding=14,comp=17,payload=17]
[2024/12/17 08:03:09.949398, 3] ssh_packet_process: Dispatching handler
for packet type 6
[2024/12/17 08:03:09.949398, 3] ssh_packet_service_accept: Received
SSH_MSG_SERVICE_ACCEPT
[2024/12/17 08:03:09.949398, 3] ssh_socket_unbuffered_write: Enabling
POLLOUT for socket
[2024/12/17 08:03:09.949398, 3] packet_send2: packet: wrote [type=50,
len=608, padding_size=11, comp=596, payload=596]
[2024/12/17 08:03:09.959352, 3] ssh_packet_socket_callback: packet:
read type 60 [len=576,padding=19,comp=556,payload=556]
[2024/12/17 08:03:09.959352, 3] ssh_packet_process: Dispatching handler
for packet type 60
[2024/12/17 08:03:09.959352, 3] ssh_userauth_agent: Public key of
rsa-key-20241217 accepted by server
[2024/12/17 08:03:09.959352, 3] ssh_key_algorithm_allowed: Checking
rsa-sha2-512 with list
<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
[2024/12/17 08:03:09.959352, 3] ssh_key_algorithm_allowed: Checking
rsa-sha2-512 with list
<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
[2024/12/17 08:03:09.959352, 3] : agent_talk - len of request: 1180
QObject::~QObject: Timers cannot be stopped from another thread
<---------- CRASH HERE ---------->
[View Less]
Hi,
Something that got an update in Gentoo's portage in the last month or so causes interference/crashes on session resumption, next to/besides the usual and various overall crashes.
Those new crashes appear with a roughly 80% chance and result in the "new_agent_options_base64" variable being empty, thus emptying the "options" file, leading to the session being utterly destroyed.
Just backing the file up and restoring it when that happens won't help, because x2goagent will go into a loop, …
[View More]flooding the logfile with the same line exactly 20 times per second until the session is terminated.
With this patch everything works fine again after another resume attempt.
diff --git a/x2goserver/bin/x2goresume-session b/x2goserver/bin/x2goresume-session
index dd59019e..694735eb 100755
--- a/x2goserver/bin/x2goresume-session
+++ b/x2goserver/bin/x2goresume-session
@@ -321,7 +321,9 @@ if [[ -z "${x2go_client}" ]]; then
x2go_client="${current_host_name}"
fi
+if [[ -n "${new_agent_options_base64}" ]]; then
printf '%s' "${new_agent_options_base64}" | base64 -d >"${session_dir}/options"
+fi
# run x2goserver-extensions for pre-resume
x2gofeature 'X2GO_RUN_EXTENSIONS' &>'/dev/null' && x2goserver-run-extensions "${session_name}" 'pre-resume' || true
[View Less]