Re: SSH X11 forwarding issues (with verbose data)

2006-04-09 Thread Larry Hall (Cygwin X)

On 04/09/2006, Philip H. Schlesinger wrote:
Somebody else posted that ZoneAlarm jumps in the way of Cygwin's OpenSSH - 
even if ZoneAlarm is shut down, but I have a hard time believing that's the 
issue... 


Well, you could help convince yourself one way or the other by uninstalling
ZoneAlarm for the purposes of testing and try the failing scenario again.

--
Larry Hall  http://www.rfk.com
RFK Partners, Inc.  (508) 893-9779 - RFK Office
838 Washington Street   (508) 893-9889 - FAX
Holliston, MA 01746

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues (with verbose data)

2006-04-09 Thread Philip H. Schlesinger

Hi Jack.  ssh -Y ended up with me doing the following:

$ /usr/X11R6/bin/xauth list 127.0.0.1:0.0
/usr/X11R6/bin/xauth:  creating new authority file /home/phil/.Xauthority

Nothing happened on the other xterm window, so I went looking for 
/home/phil/.Xauthority - it didn't exist! (yes, I typed ls -a) :)


So I tried ssh -X ... and ended up with me doing the following:

$ /usr/X11R6/bin/xauth -f /tmp/ssh-Q7ut6XsxFY/xauthfile generate 
127.0.0.1:0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200
/usr/X11R6/bin/xauth:  creating new authority file 
/tmp/ssh-Q7ut6XsxFY/xauthfile


now a file called "xauthfile" was created in that directory, and its 
contents were:

0MIT-MAGIC-COOKIE-1&<12 character long pseudorandom string>

But still, no movement on the xterm window.

Here's the oddity:
Why could I just start the Cygwin/X server and run putty for windows 
with X11 forwarding and it'll work just fine?


Why would X-Win32 with its built-in StarnetSSH client work just fine 
completely on its own?


Somebody else posted that ZoneAlarm jumps in the way of Cygwin's OpenSSH 
- even if ZoneAlarm is shut down, but I have a hard time believing 
that's the issue...


- Phil


Jack Tanner wrote:
No, it should be on the local computer. Try this: run startxwin.bat, 
then open two xterms. In one, run the ssh -Y -vv ... command. When it 
freezes, in the other xterm try to run the xauth command by hand.


By the way, I gave you the wrong command syntax below. That should've been

$ /usr/X11R6/bin/xauth -f /tmp/ssh-WHATEVER/...

If I'm wrong, and it is on the remote computer, then from the second 
xterm you should be able to ssh in without X forwarding, and try it on 
the remote machine.



Philip H. Schlesinger wrote:
That appears to be something generated on the fly - and by the looks 
of it, on the remote computer, as that directory doesn't exist.


- Phil

Jack Tanner wrote:

Philip H. Schlesinger wrote:

Jack Tanner wrote:
 >> debug2: x11_get_proto: /usr/X11R6/bin/xauth -f
 >> /tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0
 >> MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
 >
 > 1) What do you get if you try that by command hand (sans the 
/dev/null

 > redirection)?

Not sure what you mean here...forgive my n00b-ness...


Err, that should've said "try that command by hand". As in,

$ /tmp/ssh-WHATEVER/xauthfile generate [...] timeout 1200

(Drop the 2> /dev/null bit at the end, thus keeping the output from 
xauthfile from being redirected to /dev/null.)



--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/





--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/





--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/





--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues

2006-04-08 Thread Larry Hall (Cygwin X)

Brett Serkez wrote:

Still sounds like a ZoneAlarm issue.  It's worth another look.


There was a time when this worked with ZoneAlarm, from the best I can
recall, it was after a Cygwin update that it broke.  My older system
that I mentioned, is running almost the lastest ZA with an older
Cygwin install and it works fine.  I tried back reving a new system to
the older version cygwin packages, but this didn't work.

There was something that changed in cygwin that ZoneAlarm doesn't
like.  Since I'm unable to precisely identify what that is and
ZoneLabs has been horrible in terms of any sort of response (not only
this issue but many), I've written if off as unlikely to be resolved.



Well if you're absolutely sure ZoneAlarm is configured in exactly the
same way on both systems, then looking at Cygwin may make some sense.
Or if you're convinced that Cygwin is the problem regardless, take the
new Cygwin DLL to the old system and try this out.  Stepping forward
slowly is easier than trying to back up, which I assume is what you
meant when you said you tried to back rev and it "didn't work".   That
should allow you to home in on where the problem starts for you and
point you to where you'd want to concentrate your efforts to resolve it.


--
Larry Hall  http://www.rfk.com
RFK Partners, Inc.  (508) 893-9779 - RFK Office
838 Washington Street   (508) 893-9889 - FAX
Holliston, MA 01746

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues

2006-04-08 Thread Brett Serkez
> Still sounds like a ZoneAlarm issue.  It's worth another look.

There was a time when this worked with ZoneAlarm, from the best I can
recall, it was after a Cygwin update that it broke.  My older system
that I mentioned, is running almost the lastest ZA with an older
Cygwin install and it works fine.  I tried back reving a new system to
the older version cygwin packages, but this didn't work.

There was something that changed in cygwin that ZoneAlarm doesn't
like.  Since I'm unable to precisely identify what that is and
ZoneLabs has been horrible in terms of any sort of response (not only
this issue but many), I've written if off as unlikely to be resolved.

Brett

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues

2006-04-08 Thread Larry Hall (Cygwin X)

Brett Serkez wrote:

ZoneAlarm, but I have the remote PC in my trusted list.  Plus, both
Cygwin/X/putty and X-Win32/StarnetSSH work fine, so this seems to be a
Cygwin issue...


The only way I've been able to use either the -X or -Y switches is to
uninstall ZoneAlarm, shutting it down is insufficient.

The problem, atleast in my case seems to have something to do with
xauth getting stuck and never returning, it actually locks up to the
point of having to shutdown the X server and usually causes Windows to
hang when trying to logout or reboot.

This used to work, I have an older system that I use occasionally that
is running ZoneAlarm and an older version of Cygwin that I can use
-X/-Y and works great.  I've tried using this as a model to work
backwards to diagnose with no luck.

I've tried various times to debug and have given up, I manually set
the X display variable myself like:

ssh -R 6010:localhost:6000 target

then after login:

export DISPLAY=:10

Of course the issue is that I'm guessing on the target as to which
port is open, but so far this has worked for me.



Still sounds like a ZoneAlarm issue.  It's worth another look.


--
Larry Hall  http://www.rfk.com
RFK Partners, Inc.  (508) 893-9779 - RFK Office
838 Washington Street   (508) 893-9889 - FAX
Holliston, MA 01746

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues

2006-04-08 Thread Brett Serkez
> ZoneAlarm, but I have the remote PC in my trusted list.  Plus, both
> Cygwin/X/putty and X-Win32/StarnetSSH work fine, so this seems to be a
> Cygwin issue...

The only way I've been able to use either the -X or -Y switches is to
uninstall ZoneAlarm, shutting it down is insufficient.

The problem, atleast in my case seems to have something to do with
xauth getting stuck and never returning, it actually locks up to the
point of having to shutdown the X server and usually causes Windows to
hang when trying to logout or reboot.

This used to work, I have an older system that I use occasionally that
is running ZoneAlarm and an older version of Cygwin that I can use
-X/-Y and works great.  I've tried using this as a model to work
backwards to diagnose with no luck.

I've tried various times to debug and have given up, I manually set
the X display variable myself like:

ssh -R 6010:localhost:6000 target

then after login:

export DISPLAY=:10

Of course the issue is that I'm guessing on the target as to which
port is open, but so far this has worked for me.

Brett

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues

2006-04-07 Thread Jack Tanner

Philip H. Schlesinger wrote:

Hi Brett.

ZoneAlarm, but I have the remote PC in my trusted list.  Plus, both 
Cygwin/X/putty and X-Win32/StarnetSSH work fine, so this seems to be a 
Cygwin issue...


It may well be a Cygwin/X issue (and I suggested you might go about 
debugging it), but it's really too bad you didn't bother with the FAQ. 
(And my bad for not picking up on the firewall potential. Thanks, Brett.)


http://x.cygwin.com/docs/faq/cygwin-x-faq.html#freeze-at-startup



- Phil

Brett Serkez wrote:

Freezes: I type my password, hit enter, and I don't get any additional
output.  -vvv says that things are being sent to /dev/null


What are you running for a firewall?  ZoneAlarm, Norton...

Brett

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/





--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/





--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues

2006-04-07 Thread Philip H. Schlesinger

Hi Brett.

ZoneAlarm, but I have the remote PC in my trusted list.  Plus, both 
Cygwin/X/putty and X-Win32/StarnetSSH work fine, so this seems to be a 
Cygwin issue...


- Phil

Brett Serkez wrote:

Freezes: I type my password, hit enter, and I don't get any additional
output.  -vvv says that things are being sent to /dev/null


What are you running for a firewall?  ZoneAlarm, Norton...

Brett

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/





--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues

2006-04-07 Thread Brett Serkez
> Freezes: I type my password, hit enter, and I don't get any additional
> output.  -vvv says that things are being sent to /dev/null

What are you running for a firewall?  ZoneAlarm, Norton...

Brett

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues (with verbose data)

2006-04-06 Thread Jack Tanner
No, it should be on the local computer. Try this: run startxwin.bat, 
then open two xterms. In one, run the ssh -Y -vv ... command. When it 
freezes, in the other xterm try to run the xauth command by hand.


By the way, I gave you the wrong command syntax below. That should've been

$ /usr/X11R6/bin/xauth -f /tmp/ssh-WHATEVER/...

If I'm wrong, and it is on the remote computer, then from the second 
xterm you should be able to ssh in without X forwarding, and try it on 
the remote machine.



Philip H. Schlesinger wrote:
That appears to be something generated on the fly - and by the looks of 
it, on the remote computer, as that directory doesn't exist.


- Phil

Jack Tanner wrote:

Philip H. Schlesinger wrote:

Jack Tanner wrote:
 >> debug2: x11_get_proto: /usr/X11R6/bin/xauth -f
 >> /tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0
 >> MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
 >
 > 1) What do you get if you try that by command hand (sans the 
/dev/null

 > redirection)?

Not sure what you mean here...forgive my n00b-ness...


Err, that should've said "try that command by hand". As in,

$ /tmp/ssh-WHATEVER/xauthfile generate [...] timeout 1200

(Drop the 2> /dev/null bit at the end, thus keeping the output from 
xauthfile from being redirected to /dev/null.)



--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/





--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/





--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues (with verbose data)

2006-04-06 Thread Philip H. Schlesinger
That appears to be something generated on the fly - and by the looks of 
it, on the remote computer, as that directory doesn't exist.


- Phil

Jack Tanner wrote:

Philip H. Schlesinger wrote:

Jack Tanner wrote:
 >> debug2: x11_get_proto: /usr/X11R6/bin/xauth -f
 >> /tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0
 >> MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
 >
 > 1) What do you get if you try that by command hand (sans the /dev/null
 > redirection)?

Not sure what you mean here...forgive my n00b-ness...


Err, that should've said "try that command by hand". As in,

$ /tmp/ssh-WHATEVER/xauthfile generate [...] timeout 1200

(Drop the 2> /dev/null bit at the end, thus keeping the output from 
xauthfile from being redirected to /dev/null.)



--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/





--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues (with verbose data)

2006-04-06 Thread Jack Tanner

Philip H. Schlesinger wrote:

Jack Tanner wrote:
 >> debug2: x11_get_proto: /usr/X11R6/bin/xauth -f
 >> /tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0
 >> MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
 >
 > 1) What do you get if you try that by command hand (sans the /dev/null
 > redirection)?

Not sure what you mean here...forgive my n00b-ness...


Err, that should've said "try that command by hand". As in,

$ /tmp/ssh-WHATEVER/xauthfile generate [...] timeout 1200

(Drop the 2> /dev/null bit at the end, thus keeping the output from 
xauthfile from being redirected to /dev/null.)



--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues (with verbose data)

2006-04-06 Thread Philip H. Schlesinger

Jack Tanner wrote:
>> debug2: x11_get_proto: /usr/X11R6/bin/xauth -f
>> /tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0
>> MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
>
> 1) What do you get if you try that by command hand (sans the /dev/null
> redirection)?

Not sure what you mean here...forgive my n00b-ness...


> 2) What do you get if you skip X-forwarding altogether?

Works fine.

> 3) What do you get if you rm the xauthority data on both sides of the
> connection?

Only .Xauthority was on the remote PC, and problem still exists...

debug3: no such identity: /home/phil/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: x11_get_proto: /usr/X11R6/bin/xauth -f 
/tmp/ssh-Xc8hsbJjXZ/xauthfile generate 127.0.0.1:0.0 MIT-MAGIC-COOKIE-1 
untrusted timeout 1200 2>/dev/null



Jack Tanner wrote:

Philip H. Schlesinger wrote:

I tried the -vvv mode and here's the screen capture:

debug1: Authentication succeeded (keyboard-interactive).


OK, good. You're authenticated after entering your password.

debug2: x11_get_proto: /usr/X11R6/bin/xauth -f 
/tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0 
MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null


1) What do you get if you try that by command hand (sans the /dev/null 
redirection)? 2) What do you get if you skip X-forwarding altogether? 3) 
What do you get if you rm the xauthority data on both sides of the 
connection?



--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/





--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues (with verbose data)

2006-04-06 Thread Jack Tanner

Philip H. Schlesinger wrote:

I tried the -vvv mode and here's the screen capture:

debug1: Authentication succeeded (keyboard-interactive).


OK, good. You're authenticated after entering your password.

debug2: x11_get_proto: /usr/X11R6/bin/xauth -f 
/tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0 MIT-MAGIC-COOKIE-1 
untrusted timeout 1200 2>/dev/null


1) What do you get if you try that by command hand (sans the /dev/null 
redirection)? 2) What do you get if you skip X-forwarding altogether? 3) 
What do you get if you rm the xauthority data on both sides of the 
connection?



--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues

2006-04-06 Thread Philip H. Schlesinger

Hi Jack.  See my other post at 9:19 am with the -vvv output.

Freezes: I type my password, hit enter, and I don't get any additional 
output.  -vvv says that things are being sent to /dev/null


- Phil

Jack Tanner wrote:
-Y is really what you want. Aside from that, anything useful from -vv? 
What about the server logs? And /tmp/Xwin.log? And what do you mean by 
"freezes"?


Philip H. Schlesinger wrote:

Hi Sterling.

I checked the man page and -Y is just -X with less security:

-X  Enables X11 forwarding.  This can also be specified on a 
per-host basis in a configuration file. X11 forwarding should be 
enabled with caution.  Users with the ability to bypass file 
permissions on the remote host (for the user's X authorization 
database) can access the local X11 display through the forwarded 
connection.  An attacker may then be able to perform activities such 
as keystroke monitoring.


-Y  Enables trusted X11 forwarding.  Trusted X11 forwardings are 
not subjected to the X11 SECURITY extension controls.


Nevertheless, same problem - it freezes after I type in my password.

Other ideas?

- Phil




Sterling Baker wrote:

I believe the use of '-X' has been depreciated.  Try using '-Y' instead.

Sterling


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Philip H.
Schlesinger
Sent: Wednesday, April 05, 2006 10:07 PM
To: cygwin-xfree@cygwin.com
Subject: SSH X11 forwarding issues

Hi all.  I just upgraded my Cygwin to the latest version and found a 
rather interesting problem:


I can do the following command in the bash window with no problem:

ssh @

it prompts me for my password and then takes me in from there.

--

However, if I:

startx
ssh -X @server location>

It prompts me for my password and then hangs.

--

If I:

startxwin.bat
ssh -X @server location>

same problem: It prompts me for my password and then hangs.

--

The only way I've successfully made a connection with X forwarding is:

startxwin.bat
Execute putty for windows with X11 forwarding enabled
Enter username and password
And I'm off and running...

Help?

- Phil



--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/





--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues

2006-04-06 Thread Jack Tanner
-Y is really what you want. Aside from that, anything useful from -vv? 
What about the server logs? And /tmp/Xwin.log? And what do you mean by 
"freezes"?


Philip H. Schlesinger wrote:

Hi Sterling.

I checked the man page and -Y is just -X with less security:

-X  Enables X11 forwarding.  This can also be specified on a 
per-host basis in a configuration file. X11 forwarding should be enabled 
with caution.  Users with the ability to bypass file permissions on the 
remote host (for the user's X authorization database) can access the 
local X11 display through the forwarded connection.  An attacker may 
then be able to perform activities such as keystroke monitoring.


-Y  Enables trusted X11 forwarding.  Trusted X11 forwardings are not 
subjected to the X11 SECURITY extension controls.


Nevertheless, same problem - it freezes after I type in my password.

Other ideas?

- Phil




Sterling Baker wrote:

I believe the use of '-X' has been depreciated.  Try using '-Y' instead.

Sterling


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Philip H.
Schlesinger
Sent: Wednesday, April 05, 2006 10:07 PM
To: cygwin-xfree@cygwin.com
Subject: SSH X11 forwarding issues

Hi all.  I just upgraded my Cygwin to the latest version and found a 
rather interesting problem:


I can do the following command in the bash window with no problem:

ssh @

it prompts me for my password and then takes me in from there.

--

However, if I:

startx
ssh -X @server location>

It prompts me for my password and then hangs.

--

If I:

startxwin.bat
ssh -X @server location>

same problem: It prompts me for my password and then hangs.

--

The only way I've successfully made a connection with X forwarding is:

startxwin.bat
Execute putty for windows with X11 forwarding enabled
Enter username and password
And I'm off and running...

Help?

- Phil



--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues (with verbose data)

2006-04-06 Thread Philip H. Schlesinger

I tried the -vvv mode and here's the screen capture:

debug3: no such identity: /home/phil/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: x11_get_proto: /usr/X11R6/bin/xauth -f 
/tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0 MIT-MAGIC-COOKIE-1 
untrusted timeout 1200 2>/dev/null





Sterling Baker wrote:

I believe the use of '-X' has been depreciated.  Try using '-Y' instead.

Sterling


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Philip H.
Schlesinger
Sent: Wednesday, April 05, 2006 10:07 PM
To: cygwin-xfree@cygwin.com
Subject: SSH X11 forwarding issues

Hi all.  I just upgraded my Cygwin to the latest version and found a 
rather interesting problem:


I can do the following command in the bash window with no problem:

ssh @

it prompts me for my password and then takes me in from there.

--

However, if I:

startx
ssh -X @server location>

It prompts me for my password and then hangs.

--

If I:

startxwin.bat
ssh -X @server location>

same problem: It prompts me for my password and then hangs.

--

The only way I've successfully made a connection with X forwarding is:

startxwin.bat
Execute putty for windows with X11 forwarding enabled
Enter username and password
And I'm off and running...

Help?

- Phil


--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/





--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



Re: SSH X11 forwarding issues

2006-04-06 Thread Philip H. Schlesinger

Hi Sterling.

I checked the man page and -Y is just -X with less security:

-X  Enables X11 forwarding.  This can also be specified on a 
per-host basis in a configuration file. X11 forwarding should be enabled 
with caution.  Users with the ability to bypass file permissions on the 
remote host (for the user's X authorization database) can access the 
local X11 display through the forwarded connection.  An attacker may 
then be able to perform activities such as keystroke monitoring.


-Y  Enables trusted X11 forwarding.  Trusted X11 forwardings are not 
subjected to the X11 SECURITY extension controls.


Nevertheless, same problem - it freezes after I type in my password.

Other ideas?

- Phil




Sterling Baker wrote:

I believe the use of '-X' has been depreciated.  Try using '-Y' instead.

Sterling


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Philip H.
Schlesinger
Sent: Wednesday, April 05, 2006 10:07 PM
To: cygwin-xfree@cygwin.com
Subject: SSH X11 forwarding issues

Hi all.  I just upgraded my Cygwin to the latest version and found a 
rather interesting problem:


I can do the following command in the bash window with no problem:

ssh @

it prompts me for my password and then takes me in from there.

--

However, if I:

startx
ssh -X @server location>

It prompts me for my password and then hangs.

--

If I:

startxwin.bat
ssh -X @server location>

same problem: It prompts me for my password and then hangs.

--

The only way I've successfully made a connection with X forwarding is:

startxwin.bat
Execute putty for windows with X11 forwarding enabled
Enter username and password
And I'm off and running...

Help?

- Phil


--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/





--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



RE: SSH X11 forwarding issues

2006-04-06 Thread Sterling Baker
I believe the use of '-X' has been depreciated.  Try using '-Y' instead.

Sterling


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Philip H.
Schlesinger
Sent: Wednesday, April 05, 2006 10:07 PM
To: cygwin-xfree@cygwin.com
Subject: SSH X11 forwarding issues

Hi all.  I just upgraded my Cygwin to the latest version and found a 
rather interesting problem:

I can do the following command in the bash window with no problem:

ssh @

it prompts me for my password and then takes me in from there.

--

However, if I:

startx
ssh -X @server location>

It prompts me for my password and then hangs.

--

If I:

startxwin.bat
ssh -X @server location>

same problem: It prompts me for my password and then hangs.

--

The only way I've successfully made a connection with X forwarding is:

startxwin.bat
Execute putty for windows with X11 forwarding enabled
Enter username and password
And I'm off and running...

Help?

- Phil


--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/



SSH X11 forwarding issues

2006-04-05 Thread Philip H. Schlesinger
Hi all.  I just upgraded my Cygwin to the latest version and found a 
rather interesting problem:


I can do the following command in the bash window with no problem:

ssh @

it prompts me for my password and then takes me in from there.

--

However, if I:

startx
ssh -X @server location>

It prompts me for my password and then hangs.

--

If I:

startxwin.bat
ssh -X @server location>

same problem: It prompts me for my password and then hangs.

--

The only way I've successfully made a connection with X forwarding is:

startxwin.bat
Execute putty for windows with X11 forwarding enabled
Enter username and password
And I'm off and running...

Help?

- Phil


--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ:   http://x.cygwin.com/docs/faq/