Re: [gentoo-user] ssh -X problem [no help sofar on ssh group]
On Sun, Dec 21, 2014 at 1:17 AM, Harry Putnam wrote:
> This properly belongs on the ssh group, but posting there has not gotten
> any responses... and the list is quite slow to boot.
>
> I like using ssh -X to other lan remotes but with new versions of openssh
> or perhaps the configs, it only works 1 way.
>
> I can `ssh -X' to the gentoo host from a debian host but not the other
> way round.
>
> Two different versions of openssh appear to be involved. But not sure
> how different they are.
>
> RHOST=a debian HOST
> LHOST= Gentoo HOST
>
> ssh -vN $RHOST 2>&1|grep "remote software version"
>
> [...] OpenSSH_6.7p1 Debian-3
>
> ssh -vN $LHOST 2>&1|grep "remote software version"
>
> [...] OpenSSH_6.7p1-hpn14v5
>
>
> One thing I tried to do was to copy the RHOST sshd_config and ssh_config to
> LHOST. Restart and try again... there were a few incompatible bits in
> the files so after commenting a few out until no config errors.
>
> However ssh -X still displayed the error and would NOT work when:
> ssh -X RHOST from LHOST
> ({Note that plain ssh LHOST or RHOST works in any direction}
>
> Error outut with ssh -X $RHOST "xterm"
>
> ,
> | Warning: untrusted X11 forwarding setup failed: xauth key data not
> generated
> | Warning: No xauth data; using fake authentication data for X11
> forwarding.
> | Invalid MIT-MAGIC-COOKIE-1 keyxterm: Xt error: Can't open display:
> localhost:10.0
>
I believe you're looking for the "xhost" command and its archaic
permissions setup settings.
The idea is that the machine hosting the X server has an additional
permissions setting that controls which
hosts are allowed to use the X displays.
Since you say that it's apparently the debian host that doesn't allow
launching of X programs,
what happens if, from the working GUI on the debian host, you run:
xhost +
Before you try connecting to it from the gentoo machine? It should say
something like
access control disabled, clients can connect from any host
And you should be able to open your xterm using ssh -X.
`
>
> [Full Error output with ssh -vv -X is very lengthy so is attached at the
> end]
>
> I'm not seeing how to debug this further. So going back to the stock
> version of sshd_config ssh_config on gentoo with two changes:
>
> commented out this line:
> PasswordAuthentication no
>
> added this:
> X11Forwarding yes
>
> --- --- ---=--- --- ---
> Full sshd_config on LHOST: sudo grep ^[^#] /etc/ssh/sshd_config
> --- --- ---=--- --- ---
> UsePAM yes
> X11Forwarding yes
> PrintMotd no
> PrintLastLog no
> UsePrivilegeSeparation sandbox# Default for new
> installations.
> Subsystem sftp/usr/lib/misc/sftp-server
> AcceptEnv LANG LC_*
>
> --- Config END---
>
>
> --- --- ---=--- --- ---
> Full ssh_config on LHOST: sudo grep ^[^#] /etc/ssh/ssh_config
> --- --- ---=--- --- ---
>
> ForwardX11 yes
> SendEnv LANG LC_*
>
> --- Config END---
>
> ###
>
> Now the same info for RHOST
>
> --- --- ---=--- --- ---
> Full sshd_config on RHOST: ssh root@RHOST "grep ^[^#]
> /etc/ssh/sshd_config"
> --- --- ---=--- --- ---
>
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
> HostKey /etc/ssh/ssh_host_ed25519_key
> AcceptEnv LANG LC_*
> ChallengeResponseAuthentication no
> IgnoreRhosts yes
> HostbasedAuthentication no
> KeyRegenerationInterval 3600
> LogLevel INFO
> LoginGraceTime 120
> PermitEmptyPasswords no
> PermitRootLogin yes
> Port 22
> PrintLastLog yes
> PrintMotd no
> Protocol 2
> PubkeyAuthentication yes
> RSAAuthentication yes
> RhostsRSAAuthentication no
> ServerKeyBits 1024
> SyslogFacility AUTH
> StrictModes yes
> Subsystem sftp/usr/lib/misc/sftp-server
> TCPKeepAlive yes
> UsePAM yes
> UsePrivilegeSeparation sandbox
> X11Forwarding yes
>
> --- Config END---
>
>
> --- --- ---=--- --- ---
> Full ssh_config on RHOST: ssh root@RHOST "grep ^[^#] /etc/ssh/ssh_config"
> --- --- ---=--- --- ---
> Host *
>ForwardX11 yes
> SendEnv LANG LC_*
> HashKnownHosts yes
>
> --- Config END---
>
>
>
>
> The only thing more I can think to include is the full lengthy output of
> ssh -vv -X
>
>
--
This email is:[ ] actionable [ ] fyi[ ] social
Response needed: [ ] yes [ ] up to you [ ] no
Time-sensitive: [ ] immediate[ ] soon [ ] none
Re: [gentoo-user] ssh -X problem [no help sofar on ssh group]
On Sat, Dec 20, 2014 at 2:05 PM, J. Roeleveld wrote: > > Try "ssh -Y ". > It's what I have been using for a long time now. Correct - ssh -X hasn't worked on Gentoo for ages. It has been a while since I looked up the details but I seem to recall it being an upstream issue and that it is actually broken on many (but not all) distros. -- Rich
Re: [gentoo-user] ssh -X problem [no help sofar on ssh group]
On 20 December 2014 18:17:57 CET, Harry Putnam wrote:
>This properly belongs on the ssh group, but posting there has not
>gotten
>any responses... and the list is quite slow to boot.
>
>I like using ssh -X to other lan remotes but with new versions of
>openssh
>or perhaps the configs, it only works 1 way.
>
>I can `ssh -X' to the gentoo host from a debian host but not the other
>way round.
>
>Two different versions of openssh appear to be involved. But not sure
>how different they are.
>
>RHOST=a debian HOST
>LHOST= Gentoo HOST
>
>ssh -vN $RHOST 2>&1|grep "remote software version"
>
> [...] OpenSSH_6.7p1 Debian-3
>
>ssh -vN $LHOST 2>&1|grep "remote software version"
>
> [...] OpenSSH_6.7p1-hpn14v5
>
>
>One thing I tried to do was to copy the RHOST sshd_config and
>ssh_config to
>LHOST. Restart and try again... there were a few incompatible bits in
>the files so after commenting a few out until no config errors.
>
>However ssh -X still displayed the error and would NOT work when:
> ssh -X RHOST from LHOST
>({Note that plain ssh LHOST or RHOST works in any direction}
>
>Error outut with ssh -X $RHOST "xterm"
>
>,
>| Warning: untrusted X11 forwarding setup failed: xauth key data not
>generated
>| Warning: No xauth data; using fake authentication data for X11
>forwarding.
>| Invalid MIT-MAGIC-COOKIE-1 keyxterm: Xt error: Can't open display:
>localhost:10.0
>`
>
>[Full Error output with ssh -vv -X is very lengthy so is attached at
>the end]
>
>I'm not seeing how to debug this further. So going back to the stock
>version of sshd_config ssh_config on gentoo with two changes:
>
>commented out this line:
> PasswordAuthentication no
>
>added this:
> X11Forwarding yes
>
>--- --- ---=--- --- ---
>Full sshd_config on LHOST: sudo grep ^[^#] /etc/ssh/sshd_config
>--- --- ---=--- --- ---
> UsePAM yes
> X11Forwarding yes
> PrintMotd no
> PrintLastLog no
> UsePrivilegeSeparation sandbox # Default for new installations.
> Subsystemsftp/usr/lib/misc/sftp-server
> AcceptEnv LANG LC_*
>
>--- Config END---
>
>
>--- --- ---=--- --- ---
>Full ssh_config on LHOST: sudo grep ^[^#] /etc/ssh/ssh_config
>--- --- ---=--- --- ---
>
> ForwardX11 yes
> SendEnv LANG LC_*
>
>--- Config END---
>
>###
>
>Now the same info for RHOST
>
>--- --- ---=--- --- ---
>Full sshd_config on RHOST: ssh root@RHOST "grep ^[^#]
>/etc/ssh/sshd_config"
>--- --- ---=--- --- ---
>
>HostKey /etc/ssh/ssh_host_rsa_key
>HostKey /etc/ssh/ssh_host_dsa_key
>HostKey /etc/ssh/ssh_host_ed25519_key
>AcceptEnv LANG LC_*
>ChallengeResponseAuthentication no
>IgnoreRhosts yes
>HostbasedAuthentication no
>KeyRegenerationInterval 3600
>LogLevel INFO
>LoginGraceTime 120
>PermitEmptyPasswords no
>PermitRootLogin yes
>Port 22
>PrintLastLog yes
>PrintMotd no
>Protocol 2
>PubkeyAuthentication yes
>RSAAuthentication yes
>RhostsRSAAuthentication no
>ServerKeyBits 1024
>SyslogFacility AUTH
>StrictModes yes
>Subsystem sftp/usr/lib/misc/sftp-server
>TCPKeepAlive yes
>UsePAM yes
>UsePrivilegeSeparation sandbox
>X11Forwarding yes
>
>--- Config END---
>
>
>--- --- ---=--- --- ---
>Full ssh_config on RHOST: ssh root@RHOST "grep ^[^#]
>/etc/ssh/ssh_config"
>--- --- ---=--- --- ---
>Host *
> ForwardX11 yes
>SendEnv LANG LC_*
>HashKnownHosts yes
>
>--- Config END---
>
>
>
>
>The only thing more I can think to include is the full lengthy output
>of
>ssh -vv -X
Try "ssh -Y ".
It's what I have been using for a long time now.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
[gentoo-user] ssh -X problem [no help sofar on ssh group]
This properly belongs on the ssh group, but posting there has not gotten
any responses... and the list is quite slow to boot.
I like using ssh -X to other lan remotes but with new versions of openssh
or perhaps the configs, it only works 1 way.
I can `ssh -X' to the gentoo host from a debian host but not the other
way round.
Two different versions of openssh appear to be involved. But not sure
how different they are.
RHOST=a debian HOST
LHOST= Gentoo HOST
ssh -vN $RHOST 2>&1|grep "remote software version"
[...] OpenSSH_6.7p1 Debian-3
ssh -vN $LHOST 2>&1|grep "remote software version"
[...] OpenSSH_6.7p1-hpn14v5
One thing I tried to do was to copy the RHOST sshd_config and ssh_config to
LHOST. Restart and try again... there were a few incompatible bits in
the files so after commenting a few out until no config errors.
However ssh -X still displayed the error and would NOT work when:
ssh -X RHOST from LHOST
({Note that plain ssh LHOST or RHOST works in any direction}
Error outut with ssh -X $RHOST "xterm"
,
| Warning: untrusted X11 forwarding setup failed: xauth key data not generated
| Warning: No xauth data; using fake authentication data for X11 forwarding.
| Invalid MIT-MAGIC-COOKIE-1 keyxterm: Xt error: Can't open display:
localhost:10.0
`
[Full Error output with ssh -vv -X is very lengthy so is attached at the end]
I'm not seeing how to debug this further. So going back to the stock
version of sshd_config ssh_config on gentoo with two changes:
commented out this line:
PasswordAuthentication no
added this:
X11Forwarding yes
--- --- ---=--- --- ---
Full sshd_config on LHOST: sudo grep ^[^#] /etc/ssh/sshd_config
--- --- ---=--- --- ---
UsePAM yes
X11Forwarding yes
PrintMotd no
PrintLastLog no
UsePrivilegeSeparation sandbox# Default for new installations.
Subsystem sftp/usr/lib/misc/sftp-server
AcceptEnv LANG LC_*
--- Config END---
--- --- ---=--- --- ---
Full ssh_config on LHOST: sudo grep ^[^#] /etc/ssh/ssh_config
--- --- ---=--- --- ---
ForwardX11 yes
SendEnv LANG LC_*
--- Config END---
###
Now the same info for RHOST
--- --- ---=--- --- ---
Full sshd_config on RHOST: ssh root@RHOST "grep ^[^#] /etc/ssh/sshd_config"
--- --- ---=--- --- ---
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
AcceptEnv LANG LC_*
ChallengeResponseAuthentication no
IgnoreRhosts yes
HostbasedAuthentication no
KeyRegenerationInterval 3600
LogLevel INFO
LoginGraceTime 120
PermitEmptyPasswords no
PermitRootLogin yes
Port 22
PrintLastLog yes
PrintMotd no
Protocol 2
PubkeyAuthentication yes
RSAAuthentication yes
RhostsRSAAuthentication no
ServerKeyBits 1024
SyslogFacility AUTH
StrictModes yes
Subsystem sftp/usr/lib/misc/sftp-server
TCPKeepAlive yes
UsePAM yes
UsePrivilegeSeparation sandbox
X11Forwarding yes
--- Config END---
--- --- ---=--- --- ---
Full ssh_config on RHOST: ssh root@RHOST "grep ^[^#] /etc/ssh/ssh_config"
--- --- ---=--- --- ---
Host *
ForwardX11 yes
SendEnv LANG LC_*
HashKnownHosts yes
--- Config END---
The only thing more I can think to include is the full lengthy output of
ssh -vv -X
HOST:gv ~
harry > ssh -vv -X harry@dv 'xterm'
OpenSSH_6.7p1-hpn14v5, OpenSSL 1.0.1j 15 Oct 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to dv [192.168.0.5] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version st
