1 |
On Sun, Dec 21, 2014 at 1:17 AM, Harry Putnam <reader@×××××××.com> wrote: |
2 |
|
3 |
> This properly belongs on the ssh group, but posting there has not gotten |
4 |
> any responses... and the list is quite slow to boot. |
5 |
> |
6 |
> I like using ssh -X to other lan remotes but with new versions of openssh |
7 |
> or perhaps the configs, it only works 1 way. |
8 |
> |
9 |
> I can `ssh -X' to the gentoo host from a debian host but not the other |
10 |
> way round. |
11 |
> |
12 |
> Two different versions of openssh appear to be involved. But not sure |
13 |
> how different they are. |
14 |
> |
15 |
> RHOST=a debian HOST |
16 |
> LHOST= Gentoo HOST |
17 |
> |
18 |
> ssh -vN $RHOST 2>&1|grep "remote software version" |
19 |
> |
20 |
> [...] OpenSSH_6.7p1 Debian-3 |
21 |
> |
22 |
> ssh -vN $LHOST 2>&1|grep "remote software version" |
23 |
> |
24 |
> [...] OpenSSH_6.7p1-hpn14v5 |
25 |
> |
26 |
> |
27 |
> One thing I tried to do was to copy the RHOST sshd_config and ssh_config to |
28 |
> LHOST. Restart and try again... there were a few incompatible bits in |
29 |
> the files so after commenting a few out until no config errors. |
30 |
> |
31 |
> However ssh -X still displayed the error and would NOT work when: |
32 |
> ssh -X RHOST from LHOST |
33 |
> ({Note that plain ssh LHOST or RHOST works in any direction} |
34 |
> |
35 |
> Error outut with ssh -X $RHOST "xterm" |
36 |
> |
37 |
> ,---- |
38 |
> | Warning: untrusted X11 forwarding setup failed: xauth key data not |
39 |
> generated |
40 |
> | Warning: No xauth data; using fake authentication data for X11 |
41 |
> forwarding. |
42 |
> | Invalid MIT-MAGIC-COOKIE-1 keyxterm: Xt error: Can't open display: |
43 |
> localhost:10.0 |
44 |
> |
45 |
|
46 |
I believe you're looking for the "xhost" command and its archaic |
47 |
permissions setup settings. |
48 |
|
49 |
The idea is that the machine hosting the X server has an additional |
50 |
permissions setting that controls which |
51 |
hosts are allowed to use the X displays. |
52 |
|
53 |
Since you say that it's apparently the debian host that doesn't allow |
54 |
launching of X programs, |
55 |
what happens if, from the working GUI on the debian host, you run: |
56 |
xhost + |
57 |
|
58 |
Before you try connecting to it from the gentoo machine? It should say |
59 |
something like |
60 |
access control disabled, clients can connect from any host |
61 |
|
62 |
And you should be able to open your xterm using ssh -X. |
63 |
|
64 |
|
65 |
`---- |
66 |
> |
67 |
> [Full Error output with ssh -vv -X is very lengthy so is attached at the |
68 |
> end] |
69 |
> |
70 |
> I'm not seeing how to debug this further. So going back to the stock |
71 |
> version of sshd_config ssh_config on gentoo with two changes: |
72 |
> |
73 |
> commented out this line: |
74 |
> PasswordAuthentication no |
75 |
> |
76 |
> added this: |
77 |
> X11Forwarding yes |
78 |
> |
79 |
> ------- ------- ---=--- ------- ------- |
80 |
> Full sshd_config on LHOST: sudo grep ^[^#] /etc/ssh/sshd_config |
81 |
> ------- ------- ---=--- ------- ------- |
82 |
> UsePAM yes |
83 |
> X11Forwarding yes |
84 |
> PrintMotd no |
85 |
> PrintLastLog no |
86 |
> UsePrivilegeSeparation sandbox # Default for new |
87 |
> installations. |
88 |
> Subsystem sftp /usr/lib/misc/sftp-server |
89 |
> AcceptEnv LANG LC_* |
90 |
> |
91 |
> ------- Config END ------- |
92 |
> |
93 |
> |
94 |
> ------- ------- ---=--- ------- ------- |
95 |
> Full ssh_config on LHOST: sudo grep ^[^#] /etc/ssh/ssh_config |
96 |
> ------- ------- ---=--- ------- ------- |
97 |
> |
98 |
> ForwardX11 yes |
99 |
> SendEnv LANG LC_* |
100 |
> |
101 |
> ------- Config END ------- |
102 |
> |
103 |
> ####################################################### |
104 |
> |
105 |
> Now the same info for RHOST |
106 |
> |
107 |
> ------- ------- ---=--- ------- ------- |
108 |
> Full sshd_config on RHOST: ssh root@RHOST "grep ^[^#] |
109 |
> /etc/ssh/sshd_config" |
110 |
> ------- ------- ---=--- ------- ------- |
111 |
> |
112 |
> HostKey /etc/ssh/ssh_host_rsa_key |
113 |
> HostKey /etc/ssh/ssh_host_dsa_key |
114 |
> HostKey /etc/ssh/ssh_host_ed25519_key |
115 |
> AcceptEnv LANG LC_* |
116 |
> ChallengeResponseAuthentication no |
117 |
> IgnoreRhosts yes |
118 |
> HostbasedAuthentication no |
119 |
> KeyRegenerationInterval 3600 |
120 |
> LogLevel INFO |
121 |
> LoginGraceTime 120 |
122 |
> PermitEmptyPasswords no |
123 |
> PermitRootLogin yes |
124 |
> Port 22 |
125 |
> PrintLastLog yes |
126 |
> PrintMotd no |
127 |
> Protocol 2 |
128 |
> PubkeyAuthentication yes |
129 |
> RSAAuthentication yes |
130 |
> RhostsRSAAuthentication no |
131 |
> ServerKeyBits 1024 |
132 |
> SyslogFacility AUTH |
133 |
> StrictModes yes |
134 |
> Subsystem sftp /usr/lib/misc/sftp-server |
135 |
> TCPKeepAlive yes |
136 |
> UsePAM yes |
137 |
> UsePrivilegeSeparation sandbox |
138 |
> X11Forwarding yes |
139 |
> |
140 |
> ------- Config END ------- |
141 |
> |
142 |
> |
143 |
> ------- ------- ---=--- ------- ------- |
144 |
> Full ssh_config on RHOST: ssh root@RHOST "grep ^[^#] /etc/ssh/ssh_config" |
145 |
> ------- ------- ---=--- ------- ------- |
146 |
> Host * |
147 |
> ForwardX11 yes |
148 |
> SendEnv LANG LC_* |
149 |
> HashKnownHosts yes |
150 |
> |
151 |
> ------- Config END ------- |
152 |
> |
153 |
> ############################################ |
154 |
> ############################################ |
155 |
> |
156 |
> The only thing more I can think to include is the full lengthy output of |
157 |
> ssh -vv -X |
158 |
> |
159 |
> |
160 |
|
161 |
|
162 |
-- |
163 |
This email is: [ ] actionable [ ] fyi [ ] social |
164 |
Response needed: [ ] yes [ ] up to you [ ] no |
165 |
Time-sensitive: [ ] immediate [ ] soon [ ] none |