[X2Go-Dev] X2go Mac client and Red Hat 7 server

Stefan Baur X2Go-ML-1 at baur-itcs.de
Mon May 11 20:49:32 CEST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Am 11.05.2015 um 18:16 schrieb Real, Elizabeth (392K):
> debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 
> debug3: Incorrect RSA1 identifier debug1: read PEM private key
> done: type RSA debug3: Incorrect RSA1 identifier debug3: Could not
> load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1
> identifier debug1: read PEM private key done: type ECDSA debug3:
> Incorrect RSA1 identifier debug3: Could not load
> "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

These two lines seem to indicate that you have a malformed RSA host
key (and a malformed ECDSA host key as well) on your server, which
means they are being ignored by the SSH daemon, which in turn explains
why you cannot connect using X2Go.  Why exactly they are considered
malformed by the server is what we're going to try to find out next.

Please run the following command on the server:
ls -lah /etc/ssh/*host*

It should deliver an output similar to this one (with an extra pair of
files for the ECDSA key):

- -rw------- 1 root root  668 Mar 25  2011 /etc/ssh/ssh_host_dsa_key
- -rw-r--r-- 1 root root  601 Mar 25  2011 /etc/ssh/ssh_host_dsa_key.pub
- -rw------- 1 root root 1,7K Mar 25  2011 /etc/ssh/ssh_host_rsa_key
- -rw-r--r-- 1 root root  393 Mar 25  2011 /etc/ssh/ssh_host_rsa_key.pub

Please post that output to the list.

All the host key files not ending in ".pub" should have the
- -rw-------
permissions, all host key files ending in ".pub" should have the
- -rw-r--r--
permissions, all host key files regardless of ending should be owned
by user root and group root, as in the example above.

Once you verified/fixed that, try running
$(which sshd) -ddd -p 18935
again and check if at least the error message regarding the RSA key
from above are gone.

Of course, it may also be that the key files themselves are damaged
internally.  However, since it would be a REALLY BAD(tm) idea to post
them to the list for inspection, please don't do that.

Instead, I would recommend moving the current RSA key files aside
(using the "mv" command or a file manager of your choice) and
regenerating them using the following command, as root:
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

Then perform the above checks again (presence of files, ownership,
permissions) and verify that
$(which sshd) -ddd -p 18935
no longer spits out the error message regarding the RSA key from above.

Kind Regards,
Stefan

- -- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVUPm8AAoJEG7d9BjNvlEZmt0IAJBRFPYQr/L1htHD7H6Q6pr2
IyZGmUH/YWvrSYonhSaKudZ6ccIiewTYem+EMTbyWzzFM51Fupkq5RTMqjBk1yAS
updIZvuo+uu9kpqBnxUKP1mOu5PuleptGFBV/01VEs8xB4Y9deBfRgg6dK60ctGf
XEqVZAqoXneoaV9QBrZSD7avi/JXYEtGzGvxEvhoJZjFNyBhVXVTgdWXebfKPyHS
JOFUoW+FOfIVDrpLPyWs2IZebgxSMRKW2Pe93IOV7STtjqbBvX7YxujvyEyhxZZG
fb5xo+lkEd4/EIonmLWxsTlq8gN8V06MA0Si8RXMR9z2NlcIEu7cYCja1vr8ymw=
=yTHQ
-----END PGP SIGNATURE-----

More information about the x2go-dev mailing list