Hi,
After some try, and a few problems, I made my connections possible, but I have some questions:
- On the machine where I install ssh, I always disable, for security reason, the possibility to connect using the user password. After some unsuccessfull tries, I saw that to be able to connect, I must enable the connection with the password (on server side).
Is-it normal ? I don't like a simple password protection. I prefer public key.
- In my first tries, I had a curious message, and it was impossible to connect. The problem was in known-host. Deleting it done the trick, but analysing the difference between the previous and the one generated during x2go connection, I say a difference between records.
When using ssh in console to connect, the record looks like this :
|1|TaiGrqxL3igpSgVZ4Y6WahmwxEw=|M6tIFGIbg/ZQJI4HTLwLC55AAeY= ecdsa-sha2-nistp256 AAAAE2VjZHNhLX
When connecting with x2go, looks like that:
[192.168.1.53]:22461 ssh-rsa AAAAB3NzaC1yc2E .....
Now, with my last tests, if I have a first form of record, I have this message :
The host key for this server was not found but anothertype of key exists. An attacker might have changed the default server key to trick your client into thinking the key does not exist yet.
For security reasons, it is recommended to stop the connection attempt.
Do you want to terminate the connection?
Accepting, a new record is added to known host with the second form of record.
I noticed that a record created by x2go in a fresh known_hosts is used without problem with ssh
Why a such difference ? Will the ip address be updated during a future connection, as the provider changes our public IP for time to time ?
- Using x2go graphic window, when I choose a profile to connect, x2go first present the box to enter the key, but user password hasn't yet been entered, so we must cancel the key box and the error box, and then enter the user password to have again the key box. This is very curious, and more curious, entering the key doesn't work, x2go always want me to enter the key. In fact, just cancelling this box and the connection is ok. I suppose it's due to known_host, but the way to connect is very strange.
Thanks to help me to understand all this curious facts ... curious for my eyes, obviously ;) A+
Alain Aupeix http://jujuland.pagesperso-orange.fr/ http://pissobi-lacassagne.pagesperso-orange.fr/
U.buntu 12.04 | G.ramps 3.4.9-1 | H.arbour 3.2.0dev (2015-09-07 14:28) | HbIDE (Rev.316) | Five.Linux (r143) | Hw.Gui (2492)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Am 29.09.2015 um 15:51 schrieb Alain Aupeix:
Hi,
After some try, and a few problems, I made my connections possible, but I have some questions:
- On the machine where I install ssh, I always disable, for security reason, the possibility to connect using the user password. After some unsuccessfull tries, I saw that to be able to connect, I must enable the connection with the password (on server side).
Is-it normal ? I don't like a simple password protection. I prefer public key.
No, you can use Public Key authentication, either with or without an additional password on top, and either via a specified key file or via SSH auth agent.
Please have a look at our Wiki. http://wiki.x2go.org/doku.php/doc:usage:x2goclient#getting_started_my_fi rst_session_profile
- In my first tries, I had a curious message, and it was impossible to connect. The problem was in known-host. Deleting it done the trick, but analysing the difference between the previous and the one generated during x2go connection, I say a difference between records.
When using ssh in console to connect, the record looks like this :
|1|TaiGrqxL3igpSgVZ4Y6WahmwxEw=|M6tIFGIbg/ZQJI4HTLwLC55AAeY= ecdsa-sha2-nistp256 AAAAE2VjZHNhLX
When connecting with x2go, looks like that:
[192.168.1.53]:22461 ssh-rsa AAAAB3NzaC1yc2E .....
Now, with my last tests, if I have a first form of record, I have this message :
The host key for this server was not found but anothertype of key exists. An attacker might have changed the default server key to trick your client into thinking the key does not exist yet.
For security reasons, it is recommended to stop the connection attempt.
Do you want to terminate the connection?
Accepting, a new record is added to known host with the second form of record.
I noticed that a record created by x2go in a fresh known_hosts is used without problem with ssh
Why a such difference ?
This is nothing X2Go-specific. Modern-day ssh implementations do not use a plaintext format for the known_hosts file any more. Please refer to the documentation of your Linux distribution. The key, in its hashed form, most likely contained a non-rsa key, maybe ecdsa or dsa, which is why SSH (not X2Go per se) prompts you to make a decision.
Will the ip address be updated during a future connection, as the provider changes our public IP for time to time ?
No. Each time you server receives a new IP, you will be asked to confirm the connection on the client. Again, nothing X2Go-specific, but rather plain SSH. The way around this is setting up a dynamic DNS entry, you might want to read up on that.
- Using x2go graphic window, when I choose a profile to connect, x2go first present the box to enter the key, but user password hasn't yet been entered, so we must cancel the key box and the error box, and then enter the user password to have again the key box. This is very curious, and more curious, entering the key doesn't work, x2go always want me to enter the key. In fact, just cancelling this box and the connection is ok. I suppose it's due to known_host, but the way to connect is very strange.
This is due to a setup error on your side, probably due to not following the instructions and choosing a combination of options that do not really make sense for your setup.
If you authenticate via password, there's no need to enter a path to a key file, nor to check "try auto-login".
On the other hand, if you intend to authenticate via public key, you should either: proper restrictive ownership/group and permission settings to be
- have a running SSH auth agent with the key already loaded (please *do not* specify a path and file name to your keyfile in that case), or
- set a valid path and name for the keyfile (which needs to have the
accepted - usually youruser:youruser and 600)
For public key authentication, you should not enter a password in the user/password box at all.
If you're using an SSH auth agent, there will be no prompt for the password, even if your keyfile is protected with one, as you already entered the password when loading the key into the agent, and it remains unencrypted there (that being the idea of having an SSH auth agent - not having to re-type the password over and over).
If you're not using an SSH auth agent, and a password-protected keyfile, you will receive a pop-up dialog box prompting you to enter the password for the key *after* you clicked the button. Again, *do not* enter a password directly in the field under the username field when using this authentication method.
- -Stefan
BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQEcBAEBCAAGBQJWCqMRAAoJEG7d9BjNvlEZmXkH/ikGlxNq8+bZ22QKFRwsJKgF dQlfHAoMtJ7rNAZyMZVonyDjMZW3zIjtGxxhpkE1zboc5cOxgv4t2eCE1LlRMFJ7 Okn64smxAOd8qqyR81Ji+XNtoISB4OeNYqLXEC5lW9s4UHyQI1tPpEfQE9b/Y360 QRnpmxRPju2eYEpo/Rv3Nps2D/z4HVT2K6cLhAsi4YgcF5yR+TRPqZETEuDhy0KL cZ2QraQeIMoAKllqI5aWVCcrCA4yO3dm9W53uWHiFiXRStE3GmbZUZODgcn2/QNW i9MYC7qbI3qMsfYJ1sb20lnpcD6e1/72c0d9ave/KkI+1RIz6yLjvM7s7Q1nxV0= =uK4K -----END PGP SIGNATURE-----
Hi,
Thanks for your answers, i now can connect without problem on the machines I tested.
I have now 2 little problems:
When editing a profile, when I save by ok, x2goClient closes (I have checked all the parameters to hide in notification zone) I use Ubuntu 12.04 and gnome fallback
I have a server (laptop) which have a screen of 1440x900. My desktop computer has two 1280x1024
When I connect to the local session, All the values I tried to have an size with no deformation failed. I tried something like 1200x700, and other values, 1440x900, and it seems it is always the same value, about 1280x930 It's not a big problem, but a little unpleasant
No problem with :50 where the window is about 1280x990, but the screen of the session seems to be created like this, and the background is adapted and no unpleasant modification.
Thanks A+
--
Alain Aupeix http://jujuland.pagesperso-orange.fr/ http://pissobi-lacassagne.pagesperso-orange.fr/
U.buntu 12.04 | G.ramps 3.4.9-1 | H.arbour 3.2.0dev (2015-09-07 14:28) | HbIDE (Rev.316) | Five.Linux (r143) | Hw.Gui (2492)
I don't understand what the remote and local screen size has to do witheach other. Remotely I use an 1680x1050 screen, locally I sometimes bring a 1600x1200 (old 3x4) monitor. When I plug it into DVI Linux automatically sizes the screen correctly. Remotely I use System->Hardware->Monitors to set the resolution I want but I'm using Mate rather than Gnome Fallback.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.
On Tue, 29 Sep 2015, Alain Aupeix wrote:
Date: Tue, 29 Sep 2015 19:22:39 +0200 From: Alain Aupeix <alain.aupeix@wanadoo.fr> To: Stefan Baur <X2Go-ML-1@baur-itcs.de>, x2go-user@lists.x2go.org Subject: Re: [X2Go-User] Some basics questions
Hi,
Thanks for your answers, i now can connect without problem on the machines I tested.
I have now 2 little problems:
When editing a profile, when I save by ok, x2goClient closes (I have checked all the parameters to hide in notification zone) I use Ubuntu 12.04 and gnome fallback
I have a server (laptop) which have a screen of 1440x900. My desktop computer has two 1280x1024
When I connect to the local session, All the values I tried to have an size with no deformation failed. I tried something like 1200x700, and other values, 1440x900, and it seems it is always the same value, about 1280x930 It's not a big problem, but a little unpleasant
No problem with :50 where the window is about 1280x990, but the screen of the session seems to be created like this, and the background is adapted and no unpleasant modification.
Thanks A+
--
Alain Aupeix http://jujuland.pagesperso-orange.fr/ http://pissobi-lacassagne.pagesperso-orange.fr/
U.buntu 12.04 | G.ramps 3.4.9-1 | H.arbour 3.2.0dev (2015-09-07 14:28) | HbIDE (Rev.316) | Five.Linux (r143) | Hw.Gui (2492)
x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
-
Alain Aupeix -
Robert Dinse -
Stefan Baur