Re: [gentoo-user] ssh -X problem [no help sofar on ssh group]
On Sun, Dec 21, 2014 at 1:17 AM, Harry Putnam wrote: > This properly belongs on the ssh group, but posting there has not gotten > any responses... and the list is quite slow to boot. > > I like using ssh -X to other lan remotes but with new versions of openssh > or perhaps the configs, it only works 1 way. > > I can `ssh -X' to the gentoo host from a debian host but not the other > way round. > > Two different versions of openssh appear to be involved. But not sure > how different they are. > > RHOST=a debian HOST > LHOST= Gentoo HOST > > ssh -vN $RHOST 2>&1|grep "remote software version" > > [...] OpenSSH_6.7p1 Debian-3 > > ssh -vN $LHOST 2>&1|grep "remote software version" > > [...] OpenSSH_6.7p1-hpn14v5 > > > One thing I tried to do was to copy the RHOST sshd_config and ssh_config to > LHOST. Restart and try again... there were a few incompatible bits in > the files so after commenting a few out until no config errors. > > However ssh -X still displayed the error and would NOT work when: > ssh -X RHOST from LHOST > ({Note that plain ssh LHOST or RHOST works in any direction} > > Error outut with ssh -X $RHOST "xterm" > > , > | Warning: untrusted X11 forwarding setup failed: xauth key data not > generated > | Warning: No xauth data; using fake authentication data for X11 > forwarding. > | Invalid MIT-MAGIC-COOKIE-1 keyxterm: Xt error: Can't open display: > localhost:10.0 > I believe you're looking for the "xhost" command and its archaic permissions setup settings. The idea is that the machine hosting the X server has an additional permissions setting that controls which hosts are allowed to use the X displays. Since you say that it's apparently the debian host that doesn't allow launching of X programs, what happens if, from the working GUI on the debian host, you run: xhost + Before you try connecting to it from the gentoo machine? It should say something like access control disabled, clients can connect from any host And you should be able to open your xterm using ssh -X. ` > > [Full Error output with ssh -vv -X is very lengthy so is attached at the > end] > > I'm not seeing how to debug this further. So going back to the stock > version of sshd_config ssh_config on gentoo with two changes: > > commented out this line: > PasswordAuthentication no > > added this: > X11Forwarding yes > > --- --- ---=--- --- --- > Full sshd_config on LHOST: sudo grep ^[^#] /etc/ssh/sshd_config > --- --- ---=--- --- --- > UsePAM yes > X11Forwarding yes > PrintMotd no > PrintLastLog no > UsePrivilegeSeparation sandbox# Default for new > installations. > Subsystem sftp/usr/lib/misc/sftp-server > AcceptEnv LANG LC_* > > --- Config END--- > > > --- --- ---=--- --- --- > Full ssh_config on LHOST: sudo grep ^[^#] /etc/ssh/ssh_config > --- --- ---=--- --- --- > > ForwardX11 yes > SendEnv LANG LC_* > > --- Config END--- > > ### > > Now the same info for RHOST > > --- --- ---=--- --- --- > Full sshd_config on RHOST: ssh root@RHOST "grep ^[^#] > /etc/ssh/sshd_config" > --- --- ---=--- --- --- > > HostKey /etc/ssh/ssh_host_rsa_key > HostKey /etc/ssh/ssh_host_dsa_key > HostKey /etc/ssh/ssh_host_ed25519_key > AcceptEnv LANG LC_* > ChallengeResponseAuthentication no > IgnoreRhosts yes > HostbasedAuthentication no > KeyRegenerationInterval 3600 > LogLevel INFO > LoginGraceTime 120 > PermitEmptyPasswords no > PermitRootLogin yes > Port 22 > PrintLastLog yes > PrintMotd no > Protocol 2 > PubkeyAuthentication yes > RSAAuthentication yes > RhostsRSAAuthentication no > ServerKeyBits 1024 > SyslogFacility AUTH > StrictModes yes > Subsystem sftp/usr/lib/misc/sftp-server > TCPKeepAlive yes > UsePAM yes > UsePrivilegeSeparation sandbox > X11Forwarding yes > > --- Config END--- > > > --- --- ---=--- --- --- > Full ssh_config on RHOST: ssh root@RHOST "grep ^[^#] /etc/ssh/ssh_config" > --- --- ---=--- --- --- > Host * >ForwardX11 yes > SendEnv LANG LC_* > HashKnownHosts yes > > --- Config END--- > > > > > The only thing more I can think to include is the full lengthy output of > ssh -vv -X > > -- This email is:[ ] actionable [ ] fyi[ ] social Response needed: [ ] yes [ ] up to you [ ] no Time-sensitive: [ ] immediate[ ] soon [ ] none
Re: [gentoo-user] ssh -X problem [no help sofar on ssh group]
On Sat, Dec 20, 2014 at 2:05 PM, J. Roeleveld wrote: > > Try "ssh -Y ". > It's what I have been using for a long time now. Correct - ssh -X hasn't worked on Gentoo for ages. It has been a while since I looked up the details but I seem to recall it being an upstream issue and that it is actually broken on many (but not all) distros. -- Rich
Re: [gentoo-user] ssh -X problem [no help sofar on ssh group]
On 20 December 2014 18:17:57 CET, Harry Putnam wrote: >This properly belongs on the ssh group, but posting there has not >gotten >any responses... and the list is quite slow to boot. > >I like using ssh -X to other lan remotes but with new versions of >openssh >or perhaps the configs, it only works 1 way. > >I can `ssh -X' to the gentoo host from a debian host but not the other >way round. > >Two different versions of openssh appear to be involved. But not sure >how different they are. > >RHOST=a debian HOST >LHOST= Gentoo HOST > >ssh -vN $RHOST 2>&1|grep "remote software version" > > [...] OpenSSH_6.7p1 Debian-3 > >ssh -vN $LHOST 2>&1|grep "remote software version" > > [...] OpenSSH_6.7p1-hpn14v5 > > >One thing I tried to do was to copy the RHOST sshd_config and >ssh_config to >LHOST. Restart and try again... there were a few incompatible bits in >the files so after commenting a few out until no config errors. > >However ssh -X still displayed the error and would NOT work when: > ssh -X RHOST from LHOST >({Note that plain ssh LHOST or RHOST works in any direction} > >Error outut with ssh -X $RHOST "xterm" > >, >| Warning: untrusted X11 forwarding setup failed: xauth key data not >generated >| Warning: No xauth data; using fake authentication data for X11 >forwarding. >| Invalid MIT-MAGIC-COOKIE-1 keyxterm: Xt error: Can't open display: >localhost:10.0 >` > >[Full Error output with ssh -vv -X is very lengthy so is attached at >the end] > >I'm not seeing how to debug this further. So going back to the stock >version of sshd_config ssh_config on gentoo with two changes: > >commented out this line: > PasswordAuthentication no > >added this: > X11Forwarding yes > >--- --- ---=--- --- --- >Full sshd_config on LHOST: sudo grep ^[^#] /etc/ssh/sshd_config >--- --- ---=--- --- --- > UsePAM yes > X11Forwarding yes > PrintMotd no > PrintLastLog no > UsePrivilegeSeparation sandbox # Default for new installations. > Subsystemsftp/usr/lib/misc/sftp-server > AcceptEnv LANG LC_* > >--- Config END--- > > >--- --- ---=--- --- --- >Full ssh_config on LHOST: sudo grep ^[^#] /etc/ssh/ssh_config >--- --- ---=--- --- --- > > ForwardX11 yes > SendEnv LANG LC_* > >--- Config END--- > >### > >Now the same info for RHOST > >--- --- ---=--- --- --- >Full sshd_config on RHOST: ssh root@RHOST "grep ^[^#] >/etc/ssh/sshd_config" >--- --- ---=--- --- --- > >HostKey /etc/ssh/ssh_host_rsa_key >HostKey /etc/ssh/ssh_host_dsa_key >HostKey /etc/ssh/ssh_host_ed25519_key >AcceptEnv LANG LC_* >ChallengeResponseAuthentication no >IgnoreRhosts yes >HostbasedAuthentication no >KeyRegenerationInterval 3600 >LogLevel INFO >LoginGraceTime 120 >PermitEmptyPasswords no >PermitRootLogin yes >Port 22 >PrintLastLog yes >PrintMotd no >Protocol 2 >PubkeyAuthentication yes >RSAAuthentication yes >RhostsRSAAuthentication no >ServerKeyBits 1024 >SyslogFacility AUTH >StrictModes yes >Subsystem sftp/usr/lib/misc/sftp-server >TCPKeepAlive yes >UsePAM yes >UsePrivilegeSeparation sandbox >X11Forwarding yes > >--- Config END--- > > >--- --- ---=--- --- --- >Full ssh_config on RHOST: ssh root@RHOST "grep ^[^#] >/etc/ssh/ssh_config" >--- --- ---=--- --- --- >Host * > ForwardX11 yes >SendEnv LANG LC_* >HashKnownHosts yes > >--- Config END--- > > > > >The only thing more I can think to include is the full lengthy output >of >ssh -vv -X Try "ssh -Y ". It's what I have been using for a long time now. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
[gentoo-user] ssh -X problem [no help sofar on ssh group]
This properly belongs on the ssh group, but posting there has not gotten any responses... and the list is quite slow to boot. I like using ssh -X to other lan remotes but with new versions of openssh or perhaps the configs, it only works 1 way. I can `ssh -X' to the gentoo host from a debian host but not the other way round. Two different versions of openssh appear to be involved. But not sure how different they are. RHOST=a debian HOST LHOST= Gentoo HOST ssh -vN $RHOST 2>&1|grep "remote software version" [...] OpenSSH_6.7p1 Debian-3 ssh -vN $LHOST 2>&1|grep "remote software version" [...] OpenSSH_6.7p1-hpn14v5 One thing I tried to do was to copy the RHOST sshd_config and ssh_config to LHOST. Restart and try again... there were a few incompatible bits in the files so after commenting a few out until no config errors. However ssh -X still displayed the error and would NOT work when: ssh -X RHOST from LHOST ({Note that plain ssh LHOST or RHOST works in any direction} Error outut with ssh -X $RHOST "xterm" , | Warning: untrusted X11 forwarding setup failed: xauth key data not generated | Warning: No xauth data; using fake authentication data for X11 forwarding. | Invalid MIT-MAGIC-COOKIE-1 keyxterm: Xt error: Can't open display: localhost:10.0 ` [Full Error output with ssh -vv -X is very lengthy so is attached at the end] I'm not seeing how to debug this further. So going back to the stock version of sshd_config ssh_config on gentoo with two changes: commented out this line: PasswordAuthentication no added this: X11Forwarding yes --- --- ---=--- --- --- Full sshd_config on LHOST: sudo grep ^[^#] /etc/ssh/sshd_config --- --- ---=--- --- --- UsePAM yes X11Forwarding yes PrintMotd no PrintLastLog no UsePrivilegeSeparation sandbox# Default for new installations. Subsystem sftp/usr/lib/misc/sftp-server AcceptEnv LANG LC_* --- Config END--- --- --- ---=--- --- --- Full ssh_config on LHOST: sudo grep ^[^#] /etc/ssh/ssh_config --- --- ---=--- --- --- ForwardX11 yes SendEnv LANG LC_* --- Config END--- ### Now the same info for RHOST --- --- ---=--- --- --- Full sshd_config on RHOST: ssh root@RHOST "grep ^[^#] /etc/ssh/sshd_config" --- --- ---=--- --- --- HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ed25519_key AcceptEnv LANG LC_* ChallengeResponseAuthentication no IgnoreRhosts yes HostbasedAuthentication no KeyRegenerationInterval 3600 LogLevel INFO LoginGraceTime 120 PermitEmptyPasswords no PermitRootLogin yes Port 22 PrintLastLog yes PrintMotd no Protocol 2 PubkeyAuthentication yes RSAAuthentication yes RhostsRSAAuthentication no ServerKeyBits 1024 SyslogFacility AUTH StrictModes yes Subsystem sftp/usr/lib/misc/sftp-server TCPKeepAlive yes UsePAM yes UsePrivilegeSeparation sandbox X11Forwarding yes --- Config END--- --- --- ---=--- --- --- Full ssh_config on RHOST: ssh root@RHOST "grep ^[^#] /etc/ssh/ssh_config" --- --- ---=--- --- --- Host * ForwardX11 yes SendEnv LANG LC_* HashKnownHosts yes --- Config END--- The only thing more I can think to include is the full lengthy output of ssh -vv -X HOST:gv ~ harry > ssh -vv -X harry@dv 'xterm' OpenSSH_6.7p1-hpn14v5, OpenSSL 1.0.1j 15 Oct 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 20: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to dv [192.168.0.5] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/harry/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/harry/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/harry/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/harry/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/harry/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/harry/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/harry/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/harry/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version st