Re: [X2Go-Dev] [X2Go-User] x2go Windows client crashes with Putty Pageant with long RSA 4096 keys

[Stefan Baur]

Gerhard,

please do not cross-post or attempt to "bump" a message - this is a
mailing list, not a web bulletin board.

X2Go is massively underfunded and understaffed - both on the volunteer
side (you might have noticed my desperate posts asking for donations
lately), as well as on the commercial side (from what I know, most, if
not all companies providing commercial X2Go support have needed to
acquire additional sources of income, as X2Go business is waning).

And December is obviously holiday season, where the few volunteers we
have left are likely busy with their families.

If you need timely assistance, especially if it is for a commercial use
case, please consider contracting one of the companies listed at
<https://wiki.x2go.org/doku.php/doc:professional-support>.

If you don't have the budget for that, you will have to wait until
people are willing and able to volunteer their time helping you.

Kind Regards,
Stefan Baur

Am 20.12.24 um 17:20 schrieb Gerhard Wiesinger:

Hello,

Any comment here?

Ciao,
Gerhard

On 17.12.2024 19:19, Gerhard Wiesinger wrote:

Hello,

I'm having a crash problem with latest version (also previous ones)
with ssh private key authentication and Putty Pageant. Looks like
there is a buffer overflow involved. With several smaller keys (e.g.
ssh-ed25519) it works well.

I found a scenario to reproduce it:
1. Generate a RSA 4096 Bit length private/public key pair
2. Load it on the Windows client into Putty Pageant
3. Put public key at the server at ~/.ssh/authorized_keys
4. open connection to the server => crash, see logs

Looks like it is a bug in the old libssh library version with large
private/public keys.

Can you please fix the topic.

Some questions:
- Is the used libssh version really version 0.9.2?
  - The logs have some entries with: agent_talk - len of request
  - That has been changed in git to another logging in 2011:
https://git.libssh.org/projects/libssh.git/commit/?id=ba4f10dc4657952ec47f71dfae90d9fba2eb6759
  - Version 0.9.2 has been released in 2019:
https://www.libssh.org/2019/11/07/libssh-0-9-2/
  - So it looks, not the version 0.9.2 is used
- Any plans to upgrade to latest version of libssh 0.11.0 while
keeping Putty Pageant Agent support?
- Upgrade plans to newer Putty version?
- Is there a newer nightly Windows build from newer git sources
available?

Version:
- X2Go Client 4.1.2.3-ba65703-kdrclient-a3134d6
  - according to the logs: ssh_connect:  libssh 0.9.2 (c) 2003-2019
Aris Adamantiadis, Andreas Schneider and libssh contributors.
Distributed under the LGPL, please refer to COPYING file for
information about your rights, using threading threads_pthread
- Server: (not relevant but version is: x2goserver-4.1.0.6-4.fc41.x86_64)

Thnx.

Ciao,
Gerhard

Relevant debug log file on the client:
x2go-DEBUG-src\sshmasterconnection.cpp:674> Setting SSH directory to
C:/Users/user/ssh
[2024/12/17 08:03:09.904803, 3] :  agent_talk - len of request: 1
[2024/12/17 08:03:09.904803, 3] :  agent_talk - response length: 568
[2024/12/17 08:03:09.904803, 1] ssh_agent_get_ident_count:  Answer
type: 12, expected answer: 12
[2024/12/17 08:03:09.904803, 3] ssh_agent_get_ident_count:  Agent
count: 1
[2024/12/17 08:03:09.904803, 3] ssh_userauth_agent:  Trying identity
rsa-key-20241217
[2024/12/17 08:03:09.904803, 3] ssh_key_algorithm_allowed: Checking
rsa-sha2-512 with list
<ssh-ed25519-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp256-cert-...@openssh.com,rsa-sha2-512-cert-...@openssh.com,rsa-sha2-256-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
[2024/12/17 08:03:09.904803, 3] ssh_key_algorithm_allowed: Checking
rsa-sha2-512 with list
<ssh-ed25519-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp256-cert-...@openssh.com,rsa-sha2-512-cert-...@openssh.com,rsa-sha2-256-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
[2024/12/17 08:03:09.904803, 3] packet_send2:  packet: wrote [type=5,
len=32, padding_size=14, comp=17, payload=17]
[2024/12/17 08:03:09.904803, 3] ssh_service_request:  Sent
SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
[2024/12/17 08:03:09.904803, 3] ssh_socket_unbuffered_write: Enabling
POLLOUT for socket
[2024/12/17 08:03:09.949398, 3] ssh_packet_socket_callback: packet:
read type 6 [len=32,padding=14,comp=17,payload=17]
[2024/12/17 08:03:09.949398, 3] ssh_packet_process:  Dispatching
handler for packet type 6
[2024/12/17 08:03:09.949398, 3] ssh_packet_service_accept: Received
SSH_MSG_SERVICE_ACCEPT
[2024/12/17 08:03:09.949398, 3] ssh_socket_unbuffered_write: Enabling
POLLOUT for socket
[2024/12/17 08:03:09.949398, 3] packet_send2:  packet: wrote [type=50,
len=608, padding_size=11, comp=596, payload=596]
[2024/12/17 08:03:09.959352, 3] ssh_packet_socket_callback: packet:
read type 60 [len=576,padding=19,comp=556,payload=556]
[2024/12/17 08:03:09.959352, 3] ssh_packet_process:  Dispatching
handler for packet type 60
[2024/12/17 08:03:09.959352, 3] ssh_userauth_agent:  Public key of
rsa-key-20241217 accepted by server
[2024/12/17 08:03:09.959352, 3] ssh_key_algorithm_allowed: Checking
rsa-sha2-512 with list
<ssh-ed25519-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp256-cert-...@openssh.com,rsa-sha2-512-cert-...@openssh.com,rsa-sha2-256-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
[2024/12/17 08:03:09.959352, 3] ssh_key_algorithm_allowed: Checking
rsa-sha2-512 with list
<ssh-ed25519-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp256-cert-...@openssh.com,rsa-sha2-512-cert-...@openssh.com,rsa-sha2-256-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
[2024/12/17 08:03:09.959352, 3] :  agent_talk - len of request: 1180
QObject::~QObject: Timers cannot be stopped from another thread
<---------- CRASH HERE ---------->
_______________________________________________
x2go-user mailing list
x2go-u...@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

_______________________________________________
x2go-dev mailing list
x2go-dev@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-dev

--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
_______________________________________________
x2go-dev mailing list
x2go-dev@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-dev