<div dir="ltr"><div class="gmail_default" style="font-family:"courier new",monospace">$SOMEONE should build a new x2go client with a current libssh and make a release! </div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">Uli</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Fri, Dec 20, 2024 at 5:20 PM Gerhard Wiesinger <<a href="mailto:lists@wiesinger.com">lists@wiesinger.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
Any comment here?<br>
<br>
Ciao,<br>
Gerhard<br>
<br>
On 17.12.2024 19:19, Gerhard Wiesinger wrote:<br>
> Hello,<br>
><br>
> I'm having a crash problem with latest version (also previous ones) <br>
> with ssh private key authentication and Putty Pageant. Looks like <br>
> there is a buffer overflow involved. With several smaller keys (e.g. <br>
> ssh-ed25519) it works well.<br>
><br>
> I found a scenario to reproduce it:<br>
> 1. Generate a RSA 4096 Bit length private/public key pair<br>
> 2. Load it on the Windows client into Putty Pageant<br>
> 3. Put public key at the server at ~/.ssh/authorized_keys<br>
> 4. open connection to the server => crash, see logs<br>
><br>
> Looks like it is a bug in the old libssh library version with large <br>
> private/public keys.<br>
><br>
> Can you please fix the topic.<br>
><br>
> Some questions:<br>
> - Is the used libssh version really version 0.9.2?<br>
>   - The logs have some entries with: agent_talk - len of request<br>
>   - That has been changed in git to another logging in 2011: <br>
> <a href="https://git.libssh.org/projects/libssh.git/commit/?id=ba4f10dc4657952ec47f71dfae90d9fba2eb6759" rel="noreferrer" target="_blank">https://git.libssh.org/projects/libssh.git/commit/?id=ba4f10dc4657952ec47f71dfae90d9fba2eb6759</a><br>
>   - Version 0.9.2 has been released in 2019: <br>
> <a href="https://www.libssh.org/2019/11/07/libssh-0-9-2/" rel="noreferrer" target="_blank">https://www.libssh.org/2019/11/07/libssh-0-9-2/</a><br>
>   - So it looks, not the version 0.9.2 is used<br>
> - Any plans to upgrade to latest version of libssh 0.11.0 while <br>
> keeping Putty Pageant Agent support?<br>
> - Upgrade plans to newer Putty version?<br>
> - Is there a newer nightly Windows build from newer git sources <br>
> available?<br>
><br>
> Version:<br>
> - X2Go Client 4.1.2.3-ba65703-kdrclient-a3134d6<br>
>   - according to the logs: ssh_connect:  libssh 0.9.2 (c) 2003-2019 <br>
> Aris Adamantiadis, Andreas Schneider and libssh contributors. <br>
> Distributed under the LGPL, please refer to COPYING file for <br>
> information about your rights, using threading threads_pthread<br>
> - Server: (not relevant but version is: x2goserver-4.1.0.6-4.fc41.x86_64)<br>
><br>
> Thnx.<br>
><br>
> Ciao,<br>
> Gerhard<br>
><br>
> Relevant debug log file on the client:<br>
> x2go-DEBUG-src\sshmasterconnection.cpp:674> Setting SSH directory to <br>
> C:/Users/user/ssh<br>
> [2024/12/17 08:03:09.904803, 3] :  agent_talk - len of request: 1<br>
> [2024/12/17 08:03:09.904803, 3] :  agent_talk - response length: 568<br>
> [2024/12/17 08:03:09.904803, 1] ssh_agent_get_ident_count:  Answer <br>
> type: 12, expected answer: 12<br>
> [2024/12/17 08:03:09.904803, 3] ssh_agent_get_ident_count:  Agent <br>
> count: 1<br>
> [2024/12/17 08:03:09.904803, 3] ssh_userauth_agent:  Trying identity <br>
> rsa-key-20241217<br>
> [2024/12/17 08:03:09.904803, 3] ssh_key_algorithm_allowed: Checking <br>
> rsa-sha2-512 with list <br>
> <<a href="mailto:ssh-ed25519-cert-v01@openssh.com" target="_blank">ssh-ed25519-cert-v01@openssh.com</a>,<a href="mailto:ecdsa-sha2-nistp521-cert-v01@openssh.com" target="_blank">ecdsa-sha2-nistp521-cert-v01@openssh.com</a>,<a href="mailto:ecdsa-sha2-nistp384-cert-v01@openssh.com" target="_blank">ecdsa-sha2-nistp384-cert-v01@openssh.com</a>,<a href="mailto:ecdsa-sha2-nistp256-cert-v01@openssh.com" target="_blank">ecdsa-sha2-nistp256-cert-v01@openssh.com</a>,<a href="mailto:rsa-sha2-512-cert-v01@openssh.com" target="_blank">rsa-sha2-512-cert-v01@openssh.com</a>,<a href="mailto:rsa-sha2-256-cert-v01@openssh.com" target="_blank">rsa-sha2-256-cert-v01@openssh.com</a>,<a href="mailto:ssh-rsa-cert-v01@openssh.com" target="_blank">ssh-rsa-cert-v01@openssh.com</a>,<a href="mailto:ssh-dss-cert-v01@openssh.com" target="_blank">ssh-dss-cert-v01@openssh.com</a>,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss><br>
> [2024/12/17 08:03:09.904803, 3] ssh_key_algorithm_allowed: Checking <br>
> rsa-sha2-512 with list <br>
> <<a href="mailto:ssh-ed25519-cert-v01@openssh.com" target="_blank">ssh-ed25519-cert-v01@openssh.com</a>,<a href="mailto:ecdsa-sha2-nistp521-cert-v01@openssh.com" target="_blank">ecdsa-sha2-nistp521-cert-v01@openssh.com</a>,<a href="mailto:ecdsa-sha2-nistp384-cert-v01@openssh.com" target="_blank">ecdsa-sha2-nistp384-cert-v01@openssh.com</a>,<a href="mailto:ecdsa-sha2-nistp256-cert-v01@openssh.com" target="_blank">ecdsa-sha2-nistp256-cert-v01@openssh.com</a>,<a href="mailto:rsa-sha2-512-cert-v01@openssh.com" target="_blank">rsa-sha2-512-cert-v01@openssh.com</a>,<a href="mailto:rsa-sha2-256-cert-v01@openssh.com" target="_blank">rsa-sha2-256-cert-v01@openssh.com</a>,<a href="mailto:ssh-rsa-cert-v01@openssh.com" target="_blank">ssh-rsa-cert-v01@openssh.com</a>,<a href="mailto:ssh-dss-cert-v01@openssh.com" target="_blank">ssh-dss-cert-v01@openssh.com</a>,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss><br>
> [2024/12/17 08:03:09.904803, 3] packet_send2:  packet: wrote [type=5, <br>
> len=32, padding_size=14, comp=17, payload=17]<br>
> [2024/12/17 08:03:09.904803, 3] ssh_service_request:  Sent <br>
> SSH_MSG_SERVICE_REQUEST (service ssh-userauth)<br>
> [2024/12/17 08:03:09.904803, 3] ssh_socket_unbuffered_write: Enabling <br>
> POLLOUT for socket<br>
> [2024/12/17 08:03:09.949398, 3] ssh_packet_socket_callback: packet: <br>
> read type 6 [len=32,padding=14,comp=17,payload=17]<br>
> [2024/12/17 08:03:09.949398, 3] ssh_packet_process:  Dispatching <br>
> handler for packet type 6<br>
> [2024/12/17 08:03:09.949398, 3] ssh_packet_service_accept: Received <br>
> SSH_MSG_SERVICE_ACCEPT<br>
> [2024/12/17 08:03:09.949398, 3] ssh_socket_unbuffered_write: Enabling <br>
> POLLOUT for socket<br>
> [2024/12/17 08:03:09.949398, 3] packet_send2:  packet: wrote [type=50, <br>
> len=608, padding_size=11, comp=596, payload=596]<br>
> [2024/12/17 08:03:09.959352, 3] ssh_packet_socket_callback: packet: <br>
> read type 60 [len=576,padding=19,comp=556,payload=556]<br>
> [2024/12/17 08:03:09.959352, 3] ssh_packet_process:  Dispatching <br>
> handler for packet type 60<br>
> [2024/12/17 08:03:09.959352, 3] ssh_userauth_agent:  Public key of <br>
> rsa-key-20241217 accepted by server<br>
> [2024/12/17 08:03:09.959352, 3] ssh_key_algorithm_allowed: Checking <br>
> rsa-sha2-512 with list <br>
> <<a href="mailto:ssh-ed25519-cert-v01@openssh.com" target="_blank">ssh-ed25519-cert-v01@openssh.com</a>,<a href="mailto:ecdsa-sha2-nistp521-cert-v01@openssh.com" target="_blank">ecdsa-sha2-nistp521-cert-v01@openssh.com</a>,<a href="mailto:ecdsa-sha2-nistp384-cert-v01@openssh.com" target="_blank">ecdsa-sha2-nistp384-cert-v01@openssh.com</a>,<a href="mailto:ecdsa-sha2-nistp256-cert-v01@openssh.com" target="_blank">ecdsa-sha2-nistp256-cert-v01@openssh.com</a>,<a href="mailto:rsa-sha2-512-cert-v01@openssh.com" target="_blank">rsa-sha2-512-cert-v01@openssh.com</a>,<a href="mailto:rsa-sha2-256-cert-v01@openssh.com" target="_blank">rsa-sha2-256-cert-v01@openssh.com</a>,<a href="mailto:ssh-rsa-cert-v01@openssh.com" target="_blank">ssh-rsa-cert-v01@openssh.com</a>,<a href="mailto:ssh-dss-cert-v01@openssh.com" target="_blank">ssh-dss-cert-v01@openssh.com</a>,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss><br>
> [2024/12/17 08:03:09.959352, 3] ssh_key_algorithm_allowed: Checking <br>
> rsa-sha2-512 with list <br>
> <<a href="mailto:ssh-ed25519-cert-v01@openssh.com" target="_blank">ssh-ed25519-cert-v01@openssh.com</a>,<a href="mailto:ecdsa-sha2-nistp521-cert-v01@openssh.com" target="_blank">ecdsa-sha2-nistp521-cert-v01@openssh.com</a>,<a href="mailto:ecdsa-sha2-nistp384-cert-v01@openssh.com" target="_blank">ecdsa-sha2-nistp384-cert-v01@openssh.com</a>,<a href="mailto:ecdsa-sha2-nistp256-cert-v01@openssh.com" target="_blank">ecdsa-sha2-nistp256-cert-v01@openssh.com</a>,<a href="mailto:rsa-sha2-512-cert-v01@openssh.com" target="_blank">rsa-sha2-512-cert-v01@openssh.com</a>,<a href="mailto:rsa-sha2-256-cert-v01@openssh.com" target="_blank">rsa-sha2-256-cert-v01@openssh.com</a>,<a href="mailto:ssh-rsa-cert-v01@openssh.com" target="_blank">ssh-rsa-cert-v01@openssh.com</a>,<a href="mailto:ssh-dss-cert-v01@openssh.com" target="_blank">ssh-dss-cert-v01@openssh.com</a>,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss><br>
> [2024/12/17 08:03:09.959352, 3] :  agent_talk - len of request: 1180<br>
> QObject::~QObject: Timers cannot be stopped from another thread<br>
> <---------- CRASH HERE ----------><br>
> _______________________________________________<br>
> x2go-user mailing list<br>
> <a href="mailto:x2go-user@lists.x2go.org" target="_blank">x2go-user@lists.x2go.org</a><br>
> <a href="https://lists.x2go.org/listinfo/x2go-user" rel="noreferrer" target="_blank">https://lists.x2go.org/listinfo/x2go-user</a><br>
><br>
<br>
_______________________________________________<br>
x2go-user mailing list<br>
<a href="mailto:x2go-user@lists.x2go.org" target="_blank">x2go-user@lists.x2go.org</a><br>
<a href="https://lists.x2go.org/listinfo/x2go-user" rel="noreferrer" target="_blank">https://lists.x2go.org/listinfo/x2go-user</a><br>
</blockquote></div>