Package: x2goClient Version: 4.1.2.2-2020.02.13
Host-System: Windows 10, und Windows Server 2012 R2 (German Language) Installations-Typ: Recommended (Default)
*** Problem Description *** When using x2GoClient via jumpserver (as SSH-Proxy-Server), then is X2GoClient automatic closed (without any Information). Problem are the SSH-Strong-Ciphers, which are configured in SSHd on Jumpserver. Strong Ciphers => x2GoClient crashed. If default Ciphers => x2GoClient and connection works.
*** X2GoClient - Configuration *** Sitzungsname: test Pfad: / Host: ziel-server Login: test_ye SSH-Port: 22
Proxy-Server für SSH-Verbindung verwenden SSH Host: jumpserver Port: 22 Gleiche Anmeldung wie für X2Go-Server Gleiches Kennwort wie für X2Go-Server
XFCE
*** Jumpserver Configuration) *** Jumpserver SSHd Config: /etc/ssh/sshd_config (CentOS 7) Ciphers aes128-ctr,aes192-ctr,aes256-ctr
The ciphers are used for strong Encryption. Then access from x2GoClient via jumpserver cannot handle this.
When the Cipher-Restriction is not configured: Jumpserver SSHd Confg: (CentOS 7) #Ciphers aes128-ctr,aes192-ctr,aes256-ctr
then the connection from x2GoClient via jumpserver to Destination X2Go-Server does work.
I hope I provided all needed information for you. Let me know if this can be patched, or does our Company need to search for other solution. Thank you.
Best regards, Marián Schwarcz
Am 14.01.21 um 08:47 schrieb Marian.Schwarcz@dlr.de:
I hope I provided all needed information for you. Let me know if this can be patched, or does our Company need to search for other solution.
Sure sounds like something that *can* be patched. If you want to expedite patching, feel free to sponsor the patch by contracting one of the companies providing commercial X2Go support: <https://wiki.x2go.org/doku.php/doc:professional-support>
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
It is probably required to recompile x2goclient with a current libssh. As a workaround you can try to build a tunnel via the jumphost with the window ssh and connect x2goclient to that tunnel instead of using a proxy in the x2goclient configuration.
On Thu, Jan 14, 2021 at 4:25 PM Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:
Am 14.01.21 um 08:47 schrieb Marian.Schwarcz@dlr.de:
I hope I provided all needed information for you. Let me know if this can be patched, or does our Company need to search for other solution.
Sure sounds like something that *can* be patched. If you want to expedite patching, feel free to sponsor the patch by contracting one of the companies providing commercial X2Go support: <https://wiki.x2go.org/doku.php/doc:professional-support>
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev
I can confirm this issue in my own environment as well. X2Go server version is 4.1.0.3-9.el7 running on CentOS 7. Affected users are running X2Go client version 4.1.2.2 on Windows 10 (though this may affect other Windows versions as well).
We forced the use of the aes128-ctr cipher yesterday on our cluster login nodes to resolve a security issue raised by our security team. To do this, we added the following line to our SSH server config file:
Ciphers aes128-ctr
After making this change, several users running the X2Go client on Windows 10 could no longer connect. We found this bug report, and subsequently reverted the above change, which resolved the issue.
Please note that Linux clients appeared to be unaffected by this issue; I was able to connect from a workstation running X2Go client version 4.1.2.2 on Ubuntu Linux 20.04 without any issues.
-- Adam Dorsey NOAA RDHPCS Systems Administrator Site Lead CSRA / RedLine Performance Solutions, LLC
NOAA NESCC 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 office: (304) 367-2882 cell: (304) 685-9345 adam.dorsey@noaa.gov
A quick update for this bug:
Today I tested the same scenario (Cipher aes128-ctr) on our test cluster using the latest Windows snapshot client, version 4.1.2.3-2021.07.13-df4a8ec. The issue as described in this bug report is still present.
Thanks, Adam
On Fri, Mar 19, 2021 at 2:28 PM Adam Dorsey - NOAA Affiliate < adam.dorsey@noaa.gov> wrote:
I can confirm this issue in my own environment as well. X2Go server version is 4.1.0.3-9.el7 running on CentOS 7. Affected users are running X2Go client version 4.1.2.2 on Windows 10 (though this may affect other Windows versions as well).
We forced the use of the aes128-ctr cipher yesterday on our cluster login nodes to resolve a security issue raised by our security team. To do this, we added the following line to our SSH server config file:
Ciphers aes128-ctr
After making this change, several users running the X2Go client on Windows 10 could no longer connect. We found this bug report, and subsequently reverted the above change, which resolved the issue.
Please note that Linux clients appeared to be unaffected by this issue; I was able to connect from a workstation running X2Go client version 4.1.2.2 on Ubuntu Linux 20.04 without any issues.
-- Adam Dorsey NOAA RDHPCS Systems Administrator Site Lead CSRA / RedLine Performance Solutions, LLC
NOAA NESCC 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 office: (304) 367-2882 cell: (304) 685-9345 adam.dorsey@noaa.gov
-- Adam Dorsey NOAA RDHPCS Systems Administrator Site Lead CSRA / RedLine Performance Solutions, LLC
NOAA NESCC 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 office: (304) 367-2882 cell: (304) 685-9345 adam.dorsey@noaa.gov
I used the process described in bug 1557 today to attempt to capture debug information. I didn't get anything useful, and no clues as to why the X2Go client is crashing with strong ciphers.
x2go-INFO-1> "Starting X2Go Client 4.1.2.3..." x2go-WARNING-1> English language requested, not loading translator. x2go-WARNING-1> English language requested, not loading translator. x2go-DEBUG-../src/onmainwindow.cpp:10902> Getting X.Org Server settings. x2go-INFO-3> "Started X2Go Client." x2go-DEBUG-../src/onmainwindow.cpp:626> "$HOME=C:/Users/Adam" x2go-DEBUG-../src/onmainwindow.cpp:2359> Reading 1 sessions from config file. x2go-DEBUG-../src/onmainwindow.cpp:13415> libssh not initialized yet. Initializing. x2go-DEBUG-../src/pulsemanager.cpp:369> pulseaudio --version returned:"pulseaudio 13.0
"
x2go-DEBUG-../src/onmainwindow.cpp:10805> Starting helper servers for Windows ... x2go-DEBUG-../src/onmainwindow.cpp:10972> "/cygdrive/C/Users/Adam/.x2go/var" cygwin var path x2go-DEBUG-../src/onmainwindow.cpp:11060> "C:/Users/Adam/.x2go/etc/sshd_config created." x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost. x2go-DEBUG-../src/onmainwindow.cpp:2853> Creating QPixmap with session icon: '":/img/icons/128x128/x2gosession.png"'. x2go-DEBUG-../src/pulsemanager.cpp:227> pulse started with arguments ("--exit-idle-time=-1", "-n", "-F", "C:\Users\Adam\.x2go\pulse\config.pa", "-p", "C:\Program Files (x86)\x2goclient\pulse\lib\pulse-13.0\modules", "--log-level=debug", "--verbose", "--log-target=file:C:\Users\Adam\.x2go\pulse\pulse.log") - waiting for it to finish... x2go-DEBUG-../src/onmainwindow.cpp:10489> Port is free: 7022 x2go-DEBUG-../src/onmainwindow.cpp:11411> Logging cygwin sshd to: "C:/Users/Adam/.x2go/sshLogs/p12616.log" x2go-DEBUG-../src/onmainwindow.cpp:11425> Creating desktop: x2go_Adam x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost. x2go-DEBUG-../src/onmainwindow.cpp:10495> Port already in use: 7022 x2go-DEBUG-../src/onmainwindow.cpp:10467> Resolved localhost. x2go-DEBUG-../src/onmainwindow.cpp:10495> Port already in use: 7022 x2go-DEBUG-../src/onmainwindow.cpp:11522> User mode OpenSSH server started successfully. x2go-INFO-8> "Starting connection to server: localhost:49199" x2go-DEBUG-../src/onmainwindow.cpp:2954> Starting new ssh connection to server:"localhost":"49199" krbLogin: false x2go-DEBUG-../src/sshmasterconnection.cpp:168> SshMasterConnection, host "localhost"; port 49199; user "Adam.Dorsey"; useproxy false; proxyserver ""; proxyport 22 x2go-DEBUG-../src/sshmasterconnection.cpp:248> Starting SSH connection without Kerberos authentication. x2go-DEBUG-../src/sshmasterconnection.cpp:250> SshMasterConnection, instance SshMasterConnection(0x548e2a8) created. x2go-DEBUG-../src/sshmasterconnection.cpp:492> SshMasterConnection, instance SshMasterConnection(0x548e2a8) entering thread. x2go-DEBUG-../src/sshmasterconnection.cpp:573> Setting SSH directory to C:/Users/Adam/ssh x2go-DEBUG-../src/sshmasterconnection.cpp:795> Session port before config file parse: 49199 x2go-DEBUG-../src/sshmasterconnection.cpp:805> Session port after config file parse: 49199
On Tue, Aug 17, 2021 at 11:45 AM Adam Dorsey - NOAA Affiliate < adam.dorsey@noaa.gov> wrote:
A quick update for this bug:
Today I tested the same scenario (Cipher aes128-ctr) on our test cluster using the latest Windows snapshot client, version 4.1.2.3-2021.07.13-df4a8ec. The issue as described in this bug report is still present.
Thanks, Adam
On Fri, Mar 19, 2021 at 2:28 PM Adam Dorsey - NOAA Affiliate < adam.dorsey@noaa.gov> wrote:
I can confirm this issue in my own environment as well. X2Go server version is 4.1.0.3-9.el7 running on CentOS 7. Affected users are running X2Go client version 4.1.2.2 on Windows 10 (though this may affect other Windows versions as well).
We forced the use of the aes128-ctr cipher yesterday on our cluster login nodes to resolve a security issue raised by our security team. To do this, we added the following line to our SSH server config file:
Ciphers aes128-ctr
After making this change, several users running the X2Go client on Windows 10 could no longer connect. We found this bug report, and subsequently reverted the above change, which resolved the issue.
Please note that Linux clients appeared to be unaffected by this issue; I was able to connect from a workstation running X2Go client version 4.1.2.2 on Ubuntu Linux 20.04 without any issues.
-- Adam Dorsey NOAA RDHPCS Systems Administrator Site Lead CSRA / RedLine Performance Solutions, LLC
NOAA NESCC 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 office: (304) 367-2882 cell: (304) 685-9345 adam.dorsey@noaa.gov
-- Adam Dorsey NOAA RDHPCS Systems Administrator Site Lead CSRA / RedLine Performance Solutions, LLC
NOAA NESCC 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 office: (304) 367-2882 cell: (304) 685-9345 adam.dorsey@noaa.gov
x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev
-- Adam Dorsey NOAA RDHPCS Systems Administrator Site Lead CSRA / RedLine Performance Solutions, LLC
NOAA NESCC 1000 Galliher Drive, Suite 333, Fairmont, WV 26554 office: (304) 367-2882 cell: (304) 685-9345 adam.dorsey@noaa.gov
-
Adam Dorsey - NOAA Affiliate -
Marian.Schwarcz@dlr.de -
Stefan Baur -
Ulrich Sibiller