Alexander.Kuchler@pruftechnik.com schrieb:
Dear group,
today I figured out you are saving the password entered during the startup of the session in plain text in C:\Documents\%User%\.x2go\ssh\. And not even delete it after closing the session..
You can not be serious!?
Especially when knowing you are promoting X2Go for schools etc. where different people might access the same terminals this is not only dangerous but breakneck.
Yours, Alexander
X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
Hello Alexander, x2goclient need to save password on disk for sending it to ssh via SSH_ASKPASS program. Passwords are saved in protected file direct before initialization of ssh session and should be deleted immediately after initialization of ssh connection. You should not see the file with password in your C:\Documents\%User%\.x2go\ssh\
I have tested x2go client right now and all I can see in my \.x2go\ssh
folder are several files with XXXXXXXXXXXXXXXXXX.
If you can reproduce other behaviour of x2goclient on windows, you have possible found a bug in windows version of x2goclient. Let me know what you do to see file with password and I try to fix this problem. I will also try to found it by myself.
Oleksandr Shneyder Dipl. Informatik X2go Core Developer Team
email: oleksandr.shneyder@obviously-nice.de web: www.obviously-nice.de
--> X2go - everywhere@home