[X2Go-User] ssh-keygen.exe loads the processor every time the client starts
Max A.
lithium at mail.ru
Fri Oct 6 10:56:23 CEST 2017
We use x2go on the local network and security is not as important as the
convenience of users. In my opinion, it would be possible to give an
opportunity to choose between security and convenience.
>
> By doing so you weaken security for sites providing this capability.
>
> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
>
> Eskimo North Linux Friendly Internet Access, Shell Accounts, and
> Hosting.
> Knowledgeable human assistance, not telephone trees or script readers.
> See our web site: http://www.eskimo.com/ (206) 812-0051 or (800)
> 246-6874.
>
> On Fri, 6 Oct 2017, Ulrich Sibiller wrote:
>
>> Date: Fri, 6 Oct 2017 08:57:37 +0200
>> From: Ulrich Sibiller <uli42 at gmx.de>
>> To: Mihai Moldovan <ionic at ionic.de>
>> Cc: x2go users <x2go-user at lists.x2go.org>
>> Subject: Re: [X2Go-User] ssh-keygen.exe loads the processor every
>> time the
>> client starts
>>
>> On Fri, Oct 6, 2017 at 3:12 AM, Mihai Moldovan <ionic at ionic.de> wrote:
>>>
>>> On 09/28/2017 01:49 PM, Max A. wrote:
>>>> I'm using a x2go server on CentOS 6.9 (the latest version from EPEL,
>>>> 4.0.1.20), clients use Windows XP/7 and the latest version of X2Go
>>>> Client (4.1.0.0-2017.03.11). Each time the client connects,
>>>> ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts
>>>> with
>>>> the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key
>>>> "-f C:
>>
>>> I explicitly decided against that. For more information and the
>>> rationale for
>>> this change, refer to the release announcement:
>>> http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html
>>
>> The release announcement talks about 2048-bit keys being generated
>> while this indicates that even stronger keys are being used (which in
>> turn increases the time to create them). I think for slow clients this
>> is too much. At least the admin should be able to decide about the
>> required security, not the maintainer.
>>
>> So what about staying as is by default but providing a possibility to
>> pre-generate keys for those connections.
>>
>> Uli
>> _______________________________________________
>> x2go-user mailing list
>> x2go-user at lists.x2go.org
>> https://lists.x2go.org/listinfo/x2go-user
> _______________________________________________
> x2go-user mailing list
> x2go-user at lists.x2go.org
> https://lists.x2go.org/listinfo/x2go-user
More information about the x2go-user
mailing list