We use x2go on the local network and security is not as important as the convenience of users. In my opinion, it would be possible to give an opportunity to choose between security and convenience.
By doing so you weaken security for sites providing this capability.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.
On Fri, 6 Oct 2017, Ulrich Sibiller wrote:
Date: Fri, 6 Oct 2017 08:57:37 +0200 From: Ulrich Sibiller <uli42@gmx.de> To: Mihai Moldovan <ionic@ionic.de> Cc: x2go users <x2go-user@lists.x2go.org> Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every time the client starts
On Fri, Oct 6, 2017 at 3:12 AM, Mihai Moldovan <ionic@ionic.de> wrote:
On 09/28/2017 01:49 PM, Max A. wrote:
I'm using a x2go server on CentOS 6.9 (the latest version from EPEL, 4.0.1.20), clients use Windows XP/7 and the latest version of X2Go Client (4.1.0.0-2017.03.11). Each time the client connects, ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts with the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key "-f C:
I explicitly decided against that. For more information and the rationale for this change, refer to the release announcement: http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html
The release announcement talks about 2048-bit keys being generated while this indicates that even stronger keys are being used (which in turn increases the time to create them). I think for slow clients this is too much. At least the admin should be able to decide about the required security, not the maintainer.
So what about staying as is by default but providing a possibility to pre-generate keys for those connections.
Uli
x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user