1 |
Hi there! |
2 |
|
3 |
For a little while now I have a problem on one of my hosts, X11 forwarding |
4 |
stopped working. I do not know where to look, but I thought maybe someone |
5 |
here has an idea? I have a .Xauthority file dated from Sept 19, this might |
6 |
be around the last time forwarding was working. |
7 |
|
8 |
Here is my /etc/ssh/sshd_config, stripped by all commented lines in order to |
9 |
save space: |
10 |
|
11 |
Protocol 2,1 |
12 |
PermitRootLogin no |
13 |
PasswordAuthentication no |
14 |
UsePAM yes |
15 |
X11Forwarding yes |
16 |
ClientAliveInterval 180 |
17 |
Banner /etc/ssh/tolles.banner |
18 |
Subsystem sftp /usr/lib/misc/sftp-server |
19 |
|
20 |
I stopped the ssh service and started sshd manually with option -d: |
21 |
|
22 |
root@zone:~ /usr/sbin/sshd -d |
23 |
debug1: sshd version OpenSSH_4.7p1 |
24 |
debug1: private host key: #0 type 0 RSA1 |
25 |
debug1: read PEM private key done: type RSA |
26 |
debug1: private host key: #1 type 1 RSA |
27 |
debug1: read PEM private key done: type DSA |
28 |
debug1: private host key: #2 type 2 DSA |
29 |
debug1: rexec_argv[0]='/usr/sbin/sshd' |
30 |
debug1: rexec_argv[1]='-d' |
31 |
debug1: Bind to port 22 on 0.0.0.0. |
32 |
Server listening on 0.0.0.0 port 22. |
33 |
socket: Address family not supported by protocol |
34 |
Generating 768 bit RSA key. |
35 |
RSA key generation complete. |
36 |
[Now comes the login] |
37 |
debug1: Server will not fork when running in debugging mode. |
38 |
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 |
39 |
debug1: inetd sockets after dupping: 3, 3 |
40 |
Connection from 192.168.1.4 port 38166 |
41 |
debug1: Client protocol version 2.0; client software version OpenSSH_4.6 |
42 |
debug1: match: OpenSSH_4.6 pat OpenSSH* |
43 |
debug1: Enabling compatibility mode for protocol 2.0 |
44 |
debug1: Local version string SSH-1.99-OpenSSH_4.7 |
45 |
debug1: permanently_set_uid: 22/22 |
46 |
debug1: list_hostkey_types: ssh-rsa,ssh-dss |
47 |
debug1: SSH2_MSG_KEXINIT sent |
48 |
debug1: SSH2_MSG_KEXINIT received |
49 |
debug1: kex: client->server aes128-cbc hmac-md5 none |
50 |
debug1: kex: server->client aes128-cbc hmac-md5 none |
51 |
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received |
52 |
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent |
53 |
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT |
54 |
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent |
55 |
debug1: SSH2_MSG_NEWKEYS sent |
56 |
debug1: expecting SSH2_MSG_NEWKEYS |
57 |
debug1: SSH2_MSG_NEWKEYS received |
58 |
debug1: KEX done |
59 |
debug1: userauth-request for user wonko service ssh-connection method none |
60 |
debug1: attempt 0 failures 0 |
61 |
debug1: PAM: initializing for "wonko" |
62 |
debug1: PAM: setting PAM_RHOST to "weird.wonkology.org" |
63 |
debug1: PAM: setting PAM_TTY to "ssh" |
64 |
debug1: userauth_send_banner: sent |
65 |
debug1: userauth-request for user wonko service ssh-connection method |
66 |
publickey |
67 |
debug1: attempt 1 failures 1 |
68 |
debug1: test whether pkalg/pkblob are acceptable |
69 |
debug1: temporarily_use_uid: 1000/100 (e=0/0) |
70 |
debug1: trying public key file /home/wonko/.ssh/authorized_keys |
71 |
debug1: restore_uid: 0/0 |
72 |
debug1: temporarily_use_uid: 1000/100 (e=0/0) |
73 |
debug1: trying public key file /home/wonko/.ssh/authorized_keys2 |
74 |
debug1: restore_uid: 0/0 |
75 |
Failed publickey for wonko from 192.168.1.4 port 38166 ssh2 |
76 |
debug1: userauth-request for user wonko service ssh-connection method |
77 |
publickey |
78 |
debug1: attempt 2 failures 2 |
79 |
debug1: temporarily_use_uid: 1000/100 (e=0/0) |
80 |
debug1: trying public key file /home/wonko/.ssh/authorized_keys |
81 |
debug1: matching key found: file /home/wonko/.ssh/authorized_keys, line 1 |
82 |
Found matching DSA key: 01:57:eb:6f:53:3f:6f:d8:a7:87:6f:c2:a7:a4:7a:18 |
83 |
debug1: restore_uid: 0/0 |
84 |
debug1: ssh_dss_verify: signature correct |
85 |
debug1: do_pam_account: called |
86 |
Accepted publickey for wonko from 192.168.1.4 port 38166 ssh2 |
87 |
debug1: monitor_child_preauth: wonko has been authenticated by privileged |
88 |
process |
89 |
debug1: PAM: establishing credentials |
90 |
debug1: permanently_set_uid: 1000/100 |
91 |
debug1: Entering interactive session for SSH2. |
92 |
debug1: server_init_dispatch_20 |
93 |
debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 |
94 |
debug1: input_session_request |
95 |
debug1: channel 0: new [server-session] |
96 |
debug1: session_new: init |
97 |
debug1: session_new: session 0 |
98 |
debug1: session_open: channel 0 |
99 |
debug1: session_open: session 0: link with channel 0 |
100 |
debug1: server_input_channel_open: confirm session |
101 |
debug1: server_input_channel_req: channel 0 request x11-req reply 0 |
102 |
debug1: session_by_channel: session 0 channel 0 |
103 |
debug1: session_input_channel_req: session 0 req x11-req |
104 |
debug1: server_input_channel_req: channel 0 request pty-req reply 0 |
105 |
debug1: session_by_channel: session 0 channel 0 |
106 |
debug1: session_input_channel_req: session 0 req pty-req |
107 |
debug1: Allocating pty. |
108 |
debug1: session_new: init |
109 |
debug1: session_new: session 0 |
110 |
debug1: session_pty_req: session 0 alloc /dev/pts/2 |
111 |
debug1: server_input_channel_req: channel 0 request shell reply 0 |
112 |
debug1: session_by_channel: session 0 channel 0 |
113 |
debug1: session_input_channel_req: session 0 req shell |
114 |
debug1: PAM: setting PAM_TTY to "/dev/pts/2" |
115 |
debug1: Setting controlling tty using TIOCSCTTY. |
116 |
|
117 |
|
118 |
I did the same on another host where forwarding is working. Here is a diff |
119 |
of the two logs: (< ok, > not ok) |
120 |
|
121 |
1a2 |
122 |
> debug1: private host key: #0 type 0 RSA1 |
123 |
3c4 |
124 |
< debug1: private host key: #0 type 1 RSA |
125 |
--- |
126 |
> debug1: private host key: #1 type 1 RSA |
127 |
5c6 |
128 |
< debug1: private host key: #1 type 2 DSA |
129 |
--- |
130 |
> debug1: private host key: #2 type 2 DSA |
131 |
10a12,14 |
132 |
> Generating 768 bit RSA key. |
133 |
> RSA key generation complete. |
134 |
> |
135 |
14c18 |
136 |
< Connection from 127.0.0.1 port 55291 |
137 |
--- |
138 |
> Connection from 192.168.1.4 port 35800 |
139 |
18c22 |
140 |
< debug1: Local version string SSH-2.0-OpenSSH_4.7 |
141 |
--- |
142 |
> debug1: Local version string SSH-1.99-OpenSSH_4.7 |
143 |
36c40 |
144 |
< debug1: PAM: setting PAM_RHOST to "localhost" |
145 |
--- |
146 |
> debug1: PAM: setting PAM_RHOST to "weird.wonkology.org" |
147 |
37a42 |
148 |
> debug1: userauth_send_banner: sent |
149 |
47c52 |
150 |
< Failed publickey for wonko from 127.0.0.1 port 55291 ssh2 |
151 |
--- |
152 |
> Failed publickey for wonko from 192.168.1.4 port 35800 ssh2 |
153 |
57c62 |
154 |
< Accepted publickey for wonko from 127.0.0.1 port 55291 ssh2 |
155 |
--- |
156 |
> Accepted publickey for wonko from 192.168.1.4 port 35800 ssh2 |
157 |
74,75d78 |
158 |
< debug1: x11_create_display_inet: Socket family 10 not supported |
159 |
< debug1: channel 1: new [X11 inet listener] |
160 |
82c85 |
161 |
< debug1: session_pty_req: session 0 alloc /dev/pts/19 |
162 |
--- |
163 |
> debug1: session_pty_req: session 0 alloc /dev/pts/7 |
164 |
86c89 |
165 |
< debug1: PAM: setting PAM_TTY to "/dev/pts/19" |
166 |
--- |
167 |
> debug1: PAM: setting PAM_TTY to "/dev/pts/7" |
168 |
|
169 |
So, this is the main difference, it appears only on the machine where |
170 |
forwarding is working: |
171 |
< debug1: x11_create_display_inet: Socket family 10 not supported |
172 |
< debug1: channel 1: new [X11 inet listener] |
173 |
|
174 |
Any idea what's wrong? |
175 |
|
176 |
Alex |
177 |
-- |
178 |
gentoo-user@g.o mailing list |