On Fri, Apr 29, 2016 at 8:44 AM, Mike DePaulo <mikedep333@gmail.com> wrote:
On Thu, Apr 28, 2016 at 10:02 PM, Mihai Moldovan <ionic@ionic.de> wrote:
On 28.04.2016 03:26 PM, Mike DePaulo wrote:
For those who don't know about the issue with X2Go Client for Windows that is holding up its 4.0.5.1 release, upgrading cygwin sshd from 6.8p1-1 to 7.1p2-1 broke our folder sharing & printer sharing feature.
After I added the cygwin sshd logging feature, I see this in the sshd log file: Unable to negotiate with 127.0.0.1: no matching host key type found. ... http://pastebin.com/M7CeySQ9
After doing some research, it looks like this is the incompatible change: http://www.openssh.com/txt/release-7.0
- Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html
What I am wondering is this: Are we limiting ourselves to ssh-dss-cert-* keys, or is sshfs limiting us?
We're limiting ourselves here (for no good reason, as far as I can tell. It just happen to be implemented that way.) #1003 is a request for RSA key support. Enabling DSA when starting sshd.exe is one possible workaround, either via command line or config file option.
I'll hook in RSA host key support at some time, but not right now and not on master. My bugfix/osx branch already contains a lot of WiP changes regarding sshd support as well, but isn't finished yet. Adding RSA host key support on master would make merging way more difficult for me.
Understood, I'll hold off.
Alternatively, if the newer version doesn't fix any security issues we are affected by, we could ship the older version for now.
In this case, I believe I should just re-add DSA support via the temporary cygwin sshd config file that we generate.
I am/was unfamiliar with how we use sshd on Linux and Mac OS X. I see that we start instances of sshd on both of them also.
The logic belongs in src/onmainwindow.cpp: ONMainWindow::generateEtcFiles() . Should I put the ssh-dss line below within the ifdef Q_OS_WIN block, or outside of it?
This is the line I would add to the config file: PubkeyAcceptedKeyTypes=+ssh-dss
I would rather not hold back the entire cygwin bundle, or try to hold back sshd without holding back the rest of the cygwin bundle.
Thank you,
-Mike