Re: [gentoo-user] SSH permission question

Mon, 10 Nov 2003 04:13:23 -0800

Stephen Liu wrote:
PC1-RH9 box
==========
Recently I am testing Shorewall 1.4.7 on this box so that there are 2 firewalls, Shorewall and Iptables, running on the same box but without conflict. I have configured Shorewall 1.4.7 including IP masquerading leaving Iptables untouched as default firewall eversince the intallation of RH9.

After stopping Iptables
# /etc/init.d/iptables stop

Then PC1-RH9 box, both as ROOT and USER, can connect both ROOT's and USER's X-server of PC2-Gentoo box.


PC2-Gentoo box
============
This box also has 2 NICs
eth0 connected to broadband via ADSL modem when it works as standalone workstation. At time of testing SSH there is no connection

eth1 connected to PC1-RH9 box

If I add 'adsl-start' in /etc/conf.d/local.start, this box can't connect X-server of PC1-RH9 box (however login to PC1-RH9 box being possible). I have to remove it from /etc/conf.d/local.start. In the recent test I added it to reconfirm this discovery.

Now another minor problem popup after removing 'adsl-start' at finish of the aforesaid reconfirmation. As ROOT PC1-Gentoo box can't connect X-server of PC1-RH9 box (login being possible)

# ssh -l root 192.168.0.1
[EMAIL PROTECTED]'s password:
Warning: No xauth data; using fake authentication data for X11 forwarding.
Last login: Sun Nov  9 16:53:10 2003 from 192.168.0.2

# konqueror
Xlib: connection to "localhost:11.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
konqueror: cannot connect to X server localhost:11.0

# kedit
Xlib: connection to "localhost:11.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
kedit: cannot connect to X server localhost:11.0

These are not working because the applications can't connect to your Gentoo box's X server, probably due to the firewall. You have two options:

1) Stop the firewall on the Gentoo box:
/etc/init.d/iptables stop
(this will also wipe the tables)

or

2) SSH to your RedHat box, using the X11 port tunnelling feature of SSH:
ssh -X -l root 192.168.0.1
In order for this to work, you must have the following option set in your /etc/ssh/sshd_config:
X11Forwarding yes
For speed, I would also set the following (in the same file):
Compression no

1) How to configure Iptables so that it can coexist with Shorewall without affecting SSH

Why on earth do you want two firewalls? Shorewall probably uses iptables anyway!

2) How to solve the remaining problem in PC2-Gentoo box as mentioned above

MAL


--
[EMAIL PROTECTED] mailing list

Reply via email to