On 30.12.2015 10:21 AM, Mike Gabriel wrote:
On So 23 Aug 2015 23:10:59 CEST, git-admin wrote:
[...] commit bfe3ba761c1d3e9143285ca17edc87ac763ce35d Author: Mihai Moldovan <ionic@ionic.de> Date: Sun Aug 23 23:08:45 2015 +0200
x2goserver/bin/x2gostartagent: changes to Robert Nowotny'sSSH_PORT patch. Fixes: #922. [...]
Haven't looked at X2Go Server code for a while... Today I found the below...
+# Get server IP address. +get_server_ip_address() { [...]
Has anyone of you ever heard of IPv6? And has anyone ever seen setups
where the IPv6 traffic is routed via a different interface compared to
IPv4 traffic?
Yes, and this is exactly why that function is not used by default. Instead, the "real" port randomization is used. IPv4-address-based randomization can be enabled by setting "randomize_ssh_port" to "0", but administrators have to edit the script manually to do this. Even though the comment says otherwise, I think it shouldn't be configurable in x2goserver.conf either for exactly this reason.
Furthermore, within the last years, I never had any problems with
server-side ports being the same on different servers. I mostly
connect through PyHoca. So if there is a problem in X2Go Client
regarding server-side SSH tunnel ports, why--the hack--do you fix that
in X2Go Server?If the port allocation is a problem at all, it certainly is a problem
that requires fixing in X2Go Client, not X2Go Server.Please consider reverting this flawed patch!!!
I don't think port randomization is bad per se, so I'd like to keep it.
It's true that the real problem lies within x2goclient and I should eventually get rid of that, too, by checking whether a port is already in use and incrementing it, though.
On 30.12.2015 10:40 AM, Mike Gabriel wrote:
Since when does X2Go promote Google??? Or even depend on them?
As this patch is IPv6-flawed anyway, the next request is pointless... In case the patch is kept, please make this configurable and use the IP address of japsand.x2go.org or some other static IP on the internet that is more political correct, please.
I don't promote or depend upon Google in any way. As the comment makes clear, the IPv4 address provided there is not contacted in any way, I just need some address predictably outside of any local network to get the default outgoing address from the routing table.
I chose 8.8.8.8 instead of Japsand's address or any other address, because I didn't want users with malicious intents to try to attack whatever address is written in the source code "for fun", assuming that 8.8.8.8 is well-known and well protected. Any other address would have made us "responsible" for "providing" the address if an attack was based on that information.
Mihai