Re: [gentoo-user] ssh -X problem [no help sofar on ssh group] - gentoo-user

From:	"J. Roeleveld" <joost@××××××××.org>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] ssh -X problem [no help sofar on ssh group]
Date:	Sat, 20 Dec 2014 19:05:45
Message-Id:	`54A43503-72A8-4E14-9AE2-0106E0934B76@antarean.org`
In Reply to:	[gentoo-user] ssh -X problem [no help sofar on ssh group] by Harry Putnam

1

On 20 December 2014 18:17:57 CET, Harry Putnam <reader@×××××××.com> wrote:

2

>This properly belongs on the ssh group, but posting there has not

3

>gotten

4

>any responses... and the list is quite slow to boot.

5

>

6

>I like using ssh -X to other lan remotes but with new versions of

7

>openssh

8

>or perhaps the configs, it only works 1 way.

9

>

10

>I can `ssh  -X' to the gentoo host from a debian host but not the other

11

>way round.

12

>

13

>Two different versions of openssh appear to be involved.  But not sure

14

>how different they are.

15

>

16

>RHOST=a debian HOST

17

>LHOST= Gentoo HOST

18

>

19

>ssh -vN $RHOST 2>&1|grep "remote software version"

20

>

21

>  [...] OpenSSH_6.7p1 Debian-3

22

>

23

>ssh -vN $LHOST 2>&1|grep "remote software version"

24

>

25

>  [...] OpenSSH_6.7p1-hpn14v5

26

>

27

>

28

>One thing I tried to do was to copy the RHOST sshd_config and

29

>ssh_config to

30

>LHOST.  Restart and try again... there were a few incompatible bits in

31

>the files so after commenting a few out until no config errors.

32

>

33

>However ssh -X still displayed the error and would NOT work when:

34

>  ssh -X RHOST from LHOST

35

>({Note that plain ssh LHOST or RHOST works in any direction}

36

>

37

>Error outut with ssh -X $RHOST "xterm"

38

>

39

>,----

40

>| Warning: untrusted X11 forwarding setup failed: xauth key data not

41

>generated

42

>| Warning: No xauth data; using fake authentication data for X11

43

>forwarding.

44

>| Invalid MIT-MAGIC-COOKIE-1 keyxterm: Xt error: Can't open display:

45

>localhost:10.0

46

>`----

47

>

48

>[Full Error output with ssh -vv -X is very lengthy so is attached at

49

>the end]

50

>

51

>I'm not seeing how to debug this further.  So going back to the stock

52

>version of sshd_config ssh_config on gentoo with two changes:

53

>

54

>commented out this line:

55

> PasswordAuthentication no

56

>

57

>added this:

58

> X11Forwarding yes

59

>

60

>-------       -------       ---=---       -------       -------

61

>Full sshd_config on LHOST: sudo grep ^[^#] /etc/ssh/sshd_config

62

>-------       -------       ---=---       -------       -------

63

>  UsePAM yes

64

>  X11Forwarding yes

65

>  PrintMotd no

66

>  PrintLastLog no

67

>  UsePrivilegeSeparation sandbox		# Default for new installations.

68

>  Subsystem	sftp	/usr/lib/misc/sftp-server

69

>  AcceptEnv LANG LC_*

70

>

71

>-------  Config END    -------

72

>

73

>

74

>-------       -------       ---=---       -------       -------

75

>Full ssh_config on LHOST:  sudo grep ^[^#] /etc/ssh/ssh_config

76

>-------       -------       ---=---       -------       -------

77

>

78

> ForwardX11 yes

79

> SendEnv LANG LC_*

80

>

81

>-------  Config END    -------

82

>

83

>#######################################################

84

>

85

>Now the same info for RHOST

86

>

87

>-------       -------       ---=---       -------       -------

88

>Full sshd_config on RHOST: ssh root@RHOST "grep ^[^#]

89

>/etc/ssh/sshd_config"

90

>-------       -------       ---=---       -------       -------

91

>

92

>HostKey /etc/ssh/ssh_host_rsa_key

93

>HostKey /etc/ssh/ssh_host_dsa_key

94

>HostKey /etc/ssh/ssh_host_ed25519_key

95

>AcceptEnv LANG LC_*

96

>ChallengeResponseAuthentication no

97

>IgnoreRhosts yes

98

>HostbasedAuthentication no

99

>KeyRegenerationInterval 3600

100

>LogLevel INFO

101

>LoginGraceTime 120

102

>PermitEmptyPasswords no

103

>PermitRootLogin yes

104

>Port 22

105

>PrintLastLog yes

106

>PrintMotd no

107

>Protocol 2

108

>PubkeyAuthentication yes

109

>RSAAuthentication yes

110

>RhostsRSAAuthentication no

111

>ServerKeyBits 1024

112

>SyslogFacility AUTH

113

>StrictModes yes

114

>Subsystem   sftp        /usr/lib/misc/sftp-server

115

>TCPKeepAlive yes

116

>UsePAM yes

117

>UsePrivilegeSeparation sandbox

118

>X11Forwarding yes

119

>

120

>-------  Config END    -------

121

>

122

>

123

>-------       -------       ---=---       -------       -------

124

>Full ssh_config on RHOST: ssh root@RHOST "grep ^[^#]

125

>/etc/ssh/ssh_config"

126

>-------       -------       ---=---       -------       -------

127

>Host *

128

>   ForwardX11 yes

129

>    SendEnv LANG LC_*

130

>    HashKnownHosts yes

131

>

132

>-------  Config END    -------

133

>

134

>############################################

135

>############################################

136

>

137

>The only thing more I can think to include is the full lengthy output

138

>of

139

>ssh -vv -X

140

141

Try "ssh -Y ".

142

It's what I have been using for a long time now.

143

--

144

Sent from my Android device with K-9 Mail. Please excuse my brevity.

Gentoo Archives: gentoo-user

Replies

1	On 20 December 2014 18:17:57 CET, Harry Putnam <reader@×××××××.com> wrote:
2	>This properly belongs on the ssh group, but posting there has not
3	>gotten
4	>any responses... and the list is quite slow to boot.
5	>
6	>I like using ssh -X to other lan remotes but with new versions of
7	>openssh
8	>or perhaps the configs, it only works 1 way.
9	>
10	>I can `ssh -X' to the gentoo host from a debian host but not the other
11	>way round.
12	>
13	>Two different versions of openssh appear to be involved. But not sure
14	>how different they are.
15	>
16	>RHOST=a debian HOST
17	>LHOST= Gentoo HOST
18	>
19	>ssh -vN $RHOST 2>&1\|grep "remote software version"
20	>
21	> [...] OpenSSH_6.7p1 Debian-3
22	>
23	>ssh -vN $LHOST 2>&1\|grep "remote software version"
24	>
25	> [...] OpenSSH_6.7p1-hpn14v5
26	>
27	>
28	>One thing I tried to do was to copy the RHOST sshd_config and
29	>ssh_config to
30	>LHOST. Restart and try again... there were a few incompatible bits in
31	>the files so after commenting a few out until no config errors.
32	>
33	>However ssh -X still displayed the error and would NOT work when:
34	> ssh -X RHOST from LHOST
35	>({Note that plain ssh LHOST or RHOST works in any direction}
36	>
37	>Error outut with ssh -X $RHOST "xterm"
38	>
39	>,----
40	>\| Warning: untrusted X11 forwarding setup failed: xauth key data not
41	>generated
42	>\| Warning: No xauth data; using fake authentication data for X11
43	>forwarding.
44	>\| Invalid MIT-MAGIC-COOKIE-1 keyxterm: Xt error: Can't open display:
45	>localhost:10.0
46	>`----
47	>
48	>[Full Error output with ssh -vv -X is very lengthy so is attached at
49	>the end]
50	>
51	>I'm not seeing how to debug this further. So going back to the stock
52	>version of sshd_config ssh_config on gentoo with two changes:
53	>
54	>commented out this line:
55	> PasswordAuthentication no
56	>
57	>added this:
58	> X11Forwarding yes
59	>
60	>------- ------- ---=--- ------- -------
61	>Full sshd_config on LHOST: sudo grep ^[^#] /etc/ssh/sshd_config
62	>------- ------- ---=--- ------- -------
63	> UsePAM yes
64	> X11Forwarding yes
65	> PrintMotd no
66	> PrintLastLog no
67	> UsePrivilegeSeparation sandbox # Default for new installations.
68	> Subsystem sftp /usr/lib/misc/sftp-server
69	> AcceptEnv LANG LC_*
70	>
71	>------- Config END -------
72	>
73	>
74	>------- ------- ---=--- ------- -------
75	>Full ssh_config on LHOST: sudo grep ^[^#] /etc/ssh/ssh_config
76	>------- ------- ---=--- ------- -------
77	>
78	> ForwardX11 yes
79	> SendEnv LANG LC_*
80	>
81	>------- Config END -------
82	>
83	>#######################################################
84	>
85	>Now the same info for RHOST
86	>
87	>------- ------- ---=--- ------- -------
88	>Full sshd_config on RHOST: ssh root@RHOST "grep ^[^#]
89	>/etc/ssh/sshd_config"
90	>------- ------- ---=--- ------- -------
91	>
92	>HostKey /etc/ssh/ssh_host_rsa_key
93	>HostKey /etc/ssh/ssh_host_dsa_key
94	>HostKey /etc/ssh/ssh_host_ed25519_key
95	>AcceptEnv LANG LC_*
96	>ChallengeResponseAuthentication no
97	>IgnoreRhosts yes
98	>HostbasedAuthentication no
99	>KeyRegenerationInterval 3600
100	>LogLevel INFO
101	>LoginGraceTime 120
102	>PermitEmptyPasswords no
103	>PermitRootLogin yes
104	>Port 22
105	>PrintLastLog yes
106	>PrintMotd no
107	>Protocol 2
108	>PubkeyAuthentication yes
109	>RSAAuthentication yes
110	>RhostsRSAAuthentication no
111	>ServerKeyBits 1024
112	>SyslogFacility AUTH
113	>StrictModes yes
114	>Subsystem sftp /usr/lib/misc/sftp-server
115	>TCPKeepAlive yes
116	>UsePAM yes
117	>UsePrivilegeSeparation sandbox
118	>X11Forwarding yes
119	>
120	>------- Config END -------
121	>
122	>
123	>------- ------- ---=--- ------- -------
124	>Full ssh_config on RHOST: ssh root@RHOST "grep ^[^#]
125	>/etc/ssh/ssh_config"
126	>------- ------- ---=--- ------- -------
127	>Host *
128	> ForwardX11 yes
129	> SendEnv LANG LC_*
130	> HashKnownHosts yes
131	>
132	>------- Config END -------
133	>
134	>############################################
135	>############################################
136	>
137	>The only thing more I can think to include is the full lengthy output
138	>of
139	>ssh -vv -X
140
141	Try "ssh -Y ".
142	It's what I have been using for a long time now.
143	--
144	Sent from my Android device with K-9 Mail. Please excuse my brevity.