Hi Matteo,
On Mi 10 Sep 2014 09:45:18 CEST, Matteo Panella wrote:
Package: python-x2go Version: 0.4.0.9
Whenever a host key is registered using pyhoca-cli or pyhoca-gui, the $HOME/.ssh/known_hosts file gets clobbered: all keys whose type is not either ssh-dss or ssh-rsa (namely, ECDSA and Ed25519 host keys) are removed.
Steps to reproduce:
- register some ECDSA/Ed25519 host keys
- backup .ssh/known_hosts
- define a new profile in pyhoca-gui selecting "Store SSH host keys under (unique) X2Go session profile ID"
- connect to the host and accept the host key
- run a diff between the old known_hosts file and the current .ssh/known_hosts file
Expected behaviour: there should _only_ be an addition for the new ssh host key registered by python-x2go and no other modification
Actual result: there is an addition for the new host key registered by python-x2go and removals for all ecdsa and ed25519 host keys
I suspect this is a problem with paramiko not understanding ECDSA and Ed25519 keys in known_hosts and summarily discarding them, nevertheless I'm raising the bug here because the x2go PPA for Ubuntu ships a custom version of paramiko for precise (also because it should probably be noted in the release notes and/or worked around in python-x2go if possible).
Client OS Version: Ubuntu 12.04.5 (amd64) Package source: ppa:x2go/stable PyHoca-GUI Version: 0.4.0.9 (0.4.0.9-0~1107~ubuntu12.04.1) python-x2go Version: 0.4.0.9 (0.4.0.9-0~1122~ubuntu12.04.1) python-paramiko Version: 1.11.0-0~664~precise1 (from ppa:x2go/stable)
The server bits are mostly irrelevant since this is purely a client-side bug, but it happened with the following server-side configuration: Server OS Version: Ubuntu 14.04.1 (amd64) Package source: ppa:x2go/stable Server x2goserver Version: 4.0.1.15 (4.0.1.15-0~847~ubuntu14.04.1) Server x2goserver-xsession Version: 4.0.1.15 (4.0.1.15-0~847~ubuntu14.04.1) Server nx-libs Version: 3.5.0.27 (2:3.5.0.27-0~446~ubuntu14.04.1)
This does not happen with python-paramiko 1.15.1 anymore. I will add a
versioned dependency for that paramiko version to our upstream release
python-x2go and then see how to fix our archives.
Thanks for notifying us! Mike
--
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...