Just reinstalled Debian on the backup server, but now can't get into it with x2go. Gives a popup that says, "The host key for this server was not found but an othertype of key exists.An attacker might change the default server key toconfuse your client into thinking the key does not exist."
Doing a search, no one seems to have had this problem before. Any ideas?
On Sat, 2011-10-15 at 20:40 -0700, CACook@quantum-sci.com wrote:
Just reinstalled Debian on the backup server, but now can't get into it with x2go. Gives a popup that says, "The host key for this server was not found but an othertype of key exists.An attacker might change the default server key toconfuse your client into thinking the key does not exist."
Doing a search, no one seems to have had this problem before. Any ideas? <snip> I would expect the keys to change but, if anything, I would expect an error about the wrong key and needing to remove it with ssh-keygen -R. The type message is confusing me. Did you change the type of authentication used? - John
On Saturday, October 15, 2011 09:46:53 PM John A. Sullivan III wrote:
I would expect the keys to change but, if anything, I would expect an error about the wrong key and needing to remove it with ssh-keygen -R. The type message is confusing me. Did you change the type of authentication used? - John
Not that I know of. I just used the same session as I had before. And I tried deleting and recreating the session, but no help.
On Saturday 15 October 2011 20:40:53 CACook@quantum-sci.com wrote:
Just reinstalled Debian on the backup server, but now can't get into it with x2go. Gives a popup that says, "The host key for this server was not found but an othertype of key exists.An attacker might change the default server key toconfuse your client into thinking the key does not exist."
Doing a search, no one seems to have had this problem before. Any ideas?
This happened to me. Just a guess, have you switched to newer openssh + openssl 1.x.x? If so, openssh uses ecdsa-sha2-nistp256 keys by default, and x2go doesn't. You can either disable ecdsa on the server, or delete the key from your known_hosts on the client, start x2goclient and it should pick the correct key.
IvanK.
On Sunday 16 October 2011 13:42:52 Ivan Kabaivanov wrote:
On Saturday 15 October 2011 20:40:53 CACook@quantum-sci.com wrote:
Just reinstalled Debian on the backup server, but now can't get into it with x2go. Gives a popup that says, "The host key for this server was not found but an othertype of key exists.An attacker might change the default server key toconfuse your client into thinking the key does not exist."
Doing a search, no one seems to have had this problem before. Any ideas?
This happened to me. Just a guess, have you switched to newer openssh + openssl 1.x.x? If so, openssh uses ecdsa-sha2-nistp256 keys by default, and x2go doesn't. You can either disable ecdsa on the server, or delete the key from your known_hosts on the client, start x2goclient and it should pick the correct key.
On the server, open /etc/ssh/sshd_config and look for lines similar to these:
# HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key
If all of them are commented out, then the default ecdsa is used. If you wanna force a non-default type, uncomment the corresponding line and restart sshd. I believe you should be able to uncomment all three types and sshd will accept all of them.
IvanK.
On Sunday, October 16, 2011 03:42:52 AM Ivan Kabaivanov wrote:
This happened to me. Just a guess, have you switched to newer openssh + openssl 1.x.x? If so, openssh uses ecdsa-sha2-nistp256 keys by default, and x2go doesn't. You can either disable ecdsa on the server, or delete the key from your known_hosts on the client, start x2goclient and it should pick the correct key.
I guess I'm using the newer openssh, as I have ecdsa server keys in /etc/ssh.
First on the server I edited sshd.config and found all three keys were uncommented, so I commented out rsa and ecdsa, leaving only dsa. Restarted the ssh server, and session manager on client machine, and tried new session but same error. Then I renamed the two ecdsa keys, restarted again, but same error.
Why doesn't x2go support elliptic curve? I'm using the one from Debian Testing (Wheezy): deb http://packages.x2go.org/debian wheezy heuler
On Sunday 16 October 2011 06:12:40 CACook@quantum-sci.com wrote:
On Sunday, October 16, 2011 03:42:52 AM Ivan Kabaivanov wrote:
This happened to me. Just a guess, have you switched to newer openssh + openssl 1.x.x? If so, openssh uses ecdsa-sha2-nistp256 keys by default, and x2go doesn't. You can either disable ecdsa on the server, or delete the key from your known_hosts on the client, start x2goclient and it should pick the correct key.
I guess I'm using the newer openssh, as I have ecdsa server keys in /etc/ssh.
First on the server I edited sshd.config and found all three keys were uncommented, so I commented out rsa and ecdsa, leaving only dsa. Restarted the ssh server, and session manager on client machine, and tried new session but same error. Then I renamed the two ecdsa keys, restarted again, but same error.
Why doesn't x2go support elliptic curve? I'm using the one from Debian Testing (Wheezy): deb http://packages.x2go.org/debian wheezy heuler
I forgot to tell you that you also need to remove the server key from ~HOME/.ssh/known_hosts. x2go tries to use the keys from that file. After removing the key (and enabling ssh-dsa keys on the server side and restarting sshd) x2go should work.
IvanK.
On Sunday, October 16, 2011 07:08:21 AM Ivan Kabaivanov wrote:
I forgot to tell you that you also need to remove the server key from ~HOME/.ssh/known_hosts. x2go tries to use the keys from that file. After removing the key (and enabling ssh-dsa keys on the server side and restarting sshd) x2go should work.
Thanks, OK that fixed that.
But now it's not finding the default key for some reason: "No public key matched Access denied. Authentication that can continue: publickey,password"
I have "Try auto login" Xed. I can ssh over as my user without a password.
Is there any prospect of x2go supporting elliptic curve?
On 17.10.2011, at 16:09, CACook@quantum-sci.com wrote:
On Sunday, October 16, 2011 07:08:21 AM Ivan Kabaivanov wrote:
I forgot to tell you that you also need to remove the server key from ~HOME/.ssh/known_hosts. x2go tries to use the keys from that file. After removing the key (and enabling ssh-dsa keys on the server side and restarting sshd) x2go should work.
Thanks, OK that fixed that.
But now it's not finding the default key for some reason: "No public key matched Access denied. Authentication that can continue: publickey,password"
I have "Try auto login" Xed. I can ssh over as my user without a password.
If you've loaded your key into ssh-agent, x2goclient will use it.
Is there any prospect of x2go supporting elliptic curve?
I'm guessing the problem is not in the x2go code, but rather in libssh.
IvanK.
X2go-User mailing list X2go-User@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-user
-
CACook@quantum-sci.com -
Ivan Kabaivanov -
John A. Sullivan III