Bug#1477: x2goclient doesn't prompt for password after authentication failure if server is using google-authenticator

List overview All Threads
Download

newer

older

x2go doesnt work from Qubes OS

x2go installation on windows with...

Toby

8 Jun 2020 8 Jun '20

4:58 p.m.

Package: x2goclient Version: 4.1.2.2

I have installed Google Authenticator on my x2go server, and use keyboard-interactive for ssh passwords. If I mistype my password in x2goclient, it won't offer me another password prompt, but repeatedly asks for the Verification code until sshd on the server gets bored and closes the connection.

Expected behaviour: if the login is not successful, prompt for both password and verification code again.

x2goserver: Scientific Linux 7.7 - 3.10.0-1062.12.1.el7.x86_64 x2goclient: Fedora 32 - 5.6.14-300.fc32.x86_64

Cheers Toby

Show replies by date

Toby

11 Jun 11 Jun

10:32 a.m.

New subject: Bug#1477: Debug output

I've now got some debug output (from an ubuntu VM, --debug doesn't work for me on fedora). With the correct password and validation code:

But with an incorrect password, I only get repeated Verification code prompts:

x2go-DEBUG-../src/sshmasterconnection.cpp:1207> Challenge authentication requested. x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Password: | x2go-DEBUG-../src/sshmasterconnection.cpp:1093> Password request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Verification code: | x2go-DEBUG-../src/sshmasterconnection.cpp:1109> Checking against known prompt #0: "Verification code:" x2go-DEBUG-../src/sshmasterconnection.cpp:1129> Verification code request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Password: | x2go-DEBUG-../src/sshmasterconnection.cpp:1093> Password request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Verification code: | x2go-DEBUG-../src/sshmasterconnection.cpp:1109> Checking against known prompt #0: "Verification code:" x2go-DEBUG-../src/sshmasterconnection.cpp:1129> Verification code request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Password: | x2go-DEBUG-../src/sshmasterconnection.cpp:1093> Password request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Verification code: | x2go-DEBUG-../src/sshmasterconnection.cpp:1109> Checking against known prompt #0: "Verification code:" x2go-DEBUG-../src/sshmasterconnection.cpp:1129> Verification code request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Password: | x2go-DEBUG-../src/sshmasterconnection.cpp:1093> Password request

Toby

12:14 p.m.

New subject: Bug#1477: Debug output

In fact further testing shows the same behaviour if you get either your password or verification code wrong first time - a "Verification code" loop that you can't get out of even if the password was correct and the first verification code wasn't.

On Thu, Jun 11, 2020 at 11:32 AM Toby <anothercoffee@googlemail.com> wrote:

...

Hi

I've now got some debug output (from an ubuntu VM, --debug doesn't work for me on fedora). With the correct password and validation code:

x2go-DEBUG-../src/sshmasterconnection.cpp:1207> Challenge authentication requested. x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Password: | x2go-DEBUG-../src/sshmasterconnection.cpp:1093> Password request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Verification code: | x2go-DEBUG-../src/sshmasterconnection.cpp:1109> Checking against known prompt #0: "Verification code:" x2go-DEBUG-../src/sshmasterconnection.cpp:1129> Verification code request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 0 x2go-DEBUG-../src/sshmasterconnection.cpp:1171> Challenge authentication OK. x2go-DEBUG-../src/sshmasterconnection.cpp:687> User authentication OK. x2go-DEBUG-../src/sshmasterconnection.cpp:1708> LOGIN CHECK:"LOGIN OK\r\n" x2go-DEBUG-../src/sshmasterconnection.cpp:1711> don't have interaction x2go-DEBUG-../src/sshmasterconnection.cpp:1744> LOOP FINISHED x2go-DEBUG-../src/sshmasterconnection.cpp:1748> No interaction needed, continue session x2go-DEBUG-../src/sshmasterconnection.cpp:702> Login Check - OK x2go-DEBUG-../src/onmainwindow.cpp:2947> SSH connection established.

But with an incorrect password, I only get repeated Verification code prompts:

x2go-DEBUG-../src/sshmasterconnection.cpp:1207> Challenge authentication requested. x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Password: | x2go-DEBUG-../src/sshmasterconnection.cpp:1093> Password request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Verification code: | x2go-DEBUG-../src/sshmasterconnection.cpp:1109> Checking against known prompt #0: "Verification code:" x2go-DEBUG-../src/sshmasterconnection.cpp:1129> Verification code request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Password: | x2go-DEBUG-../src/sshmasterconnection.cpp:1093> Password request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Verification code: | x2go-DEBUG-../src/sshmasterconnection.cpp:1109> Checking against known prompt #0: "Verification code:" x2go-DEBUG-../src/sshmasterconnection.cpp:1129> Verification code request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Password: | x2go-DEBUG-../src/sshmasterconnection.cpp:1093> Password request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Verification code: | x2go-DEBUG-../src/sshmasterconnection.cpp:1109> Checking against known prompt #0: "Verification code:" x2go-DEBUG-../src/sshmasterconnection.cpp:1129> Verification code request x2go-DEBUG-../src/sshmasterconnection.cpp:1085> Have prompts: 1 x2go-DEBUG-../src/sshmasterconnection.cpp:1089> Prompt[0]: |Password: | x2go-DEBUG-../src/sshmasterconnection.cpp:1093> Password request

Toby

1:50 p.m.

New subject: Bug#1477: Debug output

I appreciate the whole ssh connection process is hairy as ****, and thinking I've got a proper fix after a couple of hours poking about looking at a single use case is naive, but the removal of one line gets the behaviour I expect: if either the password or verification code are incorrect, restart the authentication process diff --git a/src/sshmasterconnection.cpp b/src/sshmasterconnection.cpp index 667e0ef..34045de 100644 --- a/src/sshmasterconnection.cpp +++ b/src/sshmasterconnection.cpp @@ -1127,7 +1127,7 @@ bool SshMasterConnection::userChallengeAuth() if (has_challenge_auth_code_prompt) { x2goDebug<<"Verification code request"<<endl; - challengeAuthPasswordAccepted=true; + // challengeAuthPasswordAccepted=true; if(challengeAuthVerificationCode == QString::null) { keyPhraseReady=false; This also works in the case of using an ssh proxy server with google-authenticator. Cheers Toby

Ulrich Sibiller

18 Jun 18 Jun

11:38 a.m.

New subject: Fwd: Bug#1477: Debug output

Can someone please incorporate this fix? Uli ---------- Forwarded message --------- From: Toby <anothercoffee@googlemail.com> Date: Thu, Jun 18, 2020 at 11:52 AM Subject: [X2Go-Dev] Bug#1477: Debug output To: <1477@bugs.x2go.org> I appreciate the whole ssh connection process is hairy as ****, and thinking I've got a proper fix after a couple of hours poking about looking at a single use case is naive, but the removal of one line gets the behaviour I expect: if either the password or verification code are incorrect, restart the authentication process diff --git a/src/sshmasterconnection.cpp b/src/sshmasterconnection.cpp index 667e0ef..34045de 100644 --- a/src/sshmasterconnection.cpp +++ b/src/sshmasterconnection.cpp @@ -1127,7 +1127,7 @@ bool SshMasterConnection::userChallengeAuth() if (has_challenge_auth_code_prompt) { x2goDebug<<"Verification code request"<<endl; - challengeAuthPasswordAccepted=true; + // challengeAuthPasswordAccepted=true; if(challengeAuthVerificationCode == QString::null) { keyPhraseReady=false; This also works in the case of using an ssh proxy server with google-authenticator. Cheers Toby _______________________________________________ x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev

Ulrich Sibiller

11:39 a.m.

New subject: Bug#1477: Bug#1477: Debug output

Thanks for the patch. I have forwarded this to the x2go-dev list. I hope it will be integrated soon. Uli On Thu, Jun 18, 2020 at 11:52 AM Toby <anothercoffee@googlemail.com> wrote:

...

1830

Age (days ago)

1840

Last active (days ago)

x2go-dev@lists.x2go.org

5 comments

2 participants

tags (0)

participants (2)

Toby
Ulrich Sibiller