[X2Go-Dev] The cygwin sshd problem [advice wanted]
Mike DePaulo
mikedep333 at gmail.com
Fri Apr 29 15:01:34 CEST 2016
On Fri, Apr 29, 2016 at 8:44 AM, Mike DePaulo <mikedep333 at gmail.com> wrote:
> On Thu, Apr 28, 2016 at 10:02 PM, Mihai Moldovan <ionic at ionic.de> wrote:
>> On 28.04.2016 03:26 PM, Mike DePaulo wrote:
>>> For those who don't know about the issue with X2Go Client for Windows
>>> that is holding up its 4.0.5.1 release, upgrading cygwin sshd from
>>> 6.8p1-1 to 7.1p2-1 broke our folder sharing & printer sharing feature.
>>>
>>> After I added the cygwin sshd logging feature, I see this in the sshd log file:
>>> Unable to negotiate with 127.0.0.1: no matching host key type found. ...
>>> http://pastebin.com/M7CeySQ9
>>>
>>> After doing some research, it looks like this is the incompatible change:
>>> http://www.openssh.com/txt/release-7.0
>>> * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
>>> by default at run-time. These may be re-enabled using the
>>> instructions at http://www.openssh.com/legacy.html
>>>
>>> What I am wondering is this: Are we limiting ourselves to
>>> ssh-dss-cert-* keys, or is sshfs limiting us?
>>
>> We're limiting ourselves here (for no good reason, as far as I can tell. It just
>> happen to be implemented that way.) #1003 is a request for RSA key support.
>> Enabling DSA when starting sshd.exe is one possible workaround, either via
>> command line or config file option.
>>
>> I'll hook in RSA host key support at some time, but not right now and not on
>> master. My bugfix/osx branch already contains a lot of WiP changes regarding
>> sshd support as well, but isn't finished yet. Adding RSA host key support on
>> master would make merging way more difficult for me.
>
> Understood, I'll hold off.
>
>> Alternatively, if the newer version doesn't fix any security issues we are
>> affected by, we could ship the older version for now.
>
> In this case, I believe I should just re-add DSA support via the
> temporary cygwin sshd config file that we generate.
I am/was unfamiliar with how we use sshd on Linux and Mac OS X. I see
that we start instances of sshd on both of them also.
The logic belongs in src/onmainwindow.cpp:
ONMainWindow::generateEtcFiles() . Should I put the ssh-dss line below
within the ifdef Q_OS_WIN block, or outside of it?
This is the line I would add to the config file:
PubkeyAcceptedKeyTypes=+ssh-dss
> I would rather not hold back the entire cygwin bundle, or try to hold
> back sshd without holding back the rest of the cygwin bundle.
>
> Thank you,
-Mike
More information about the x2go-dev
mailing list