Package: x2goclient Version: 4.0.1.0 Severity: normal
Dear maintainer,
I am running Debian Wheezy AMD64
I have installed http://packages.x2go.org/debian/ wheezy/main x2goclient amd64 4.0.1.0-0~x2go1+wheezy~main~380~build1
After deleting ~/.ssh/known_hosts I have connected my x2goserver with the command line tool ssh.
This created file known_hosts with one entry in the hashed file format described in the sshd(8) man page: "Alternately, hostnames may be stored in a hashed form which hides host names and addresses should the file's contents be disclosed."
I now try to connect the same server with x2goclient and get an error
"Der Host-Key des Servers konnte nicht gefunden werden aber ein anderer Schlüsseltyp existiert. Ein Angreifer kann den Schlüssel verändert haben, um dem Client vorzutäuschen, dass der Schlüssel nicht existiert"
in English this would be
"The host key for this server was not found but an other type of key exists.An attacker might change the default server key to confuse your client into thinking the key does not exist"
Please, ensure that x2goclient can work with the hashed format of known_hosts.
Best regards
Heinrich Schuchardt