1 |
On 20 December 2014 18:17:57 CET, Harry Putnam <reader@×××××××.com> wrote: |
2 |
>This properly belongs on the ssh group, but posting there has not |
3 |
>gotten |
4 |
>any responses... and the list is quite slow to boot. |
5 |
> |
6 |
>I like using ssh -X to other lan remotes but with new versions of |
7 |
>openssh |
8 |
>or perhaps the configs, it only works 1 way. |
9 |
> |
10 |
>I can `ssh -X' to the gentoo host from a debian host but not the other |
11 |
>way round. |
12 |
> |
13 |
>Two different versions of openssh appear to be involved. But not sure |
14 |
>how different they are. |
15 |
> |
16 |
>RHOST=a debian HOST |
17 |
>LHOST= Gentoo HOST |
18 |
> |
19 |
>ssh -vN $RHOST 2>&1|grep "remote software version" |
20 |
> |
21 |
> [...] OpenSSH_6.7p1 Debian-3 |
22 |
> |
23 |
>ssh -vN $LHOST 2>&1|grep "remote software version" |
24 |
> |
25 |
> [...] OpenSSH_6.7p1-hpn14v5 |
26 |
> |
27 |
> |
28 |
>One thing I tried to do was to copy the RHOST sshd_config and |
29 |
>ssh_config to |
30 |
>LHOST. Restart and try again... there were a few incompatible bits in |
31 |
>the files so after commenting a few out until no config errors. |
32 |
> |
33 |
>However ssh -X still displayed the error and would NOT work when: |
34 |
> ssh -X RHOST from LHOST |
35 |
>({Note that plain ssh LHOST or RHOST works in any direction} |
36 |
> |
37 |
>Error outut with ssh -X $RHOST "xterm" |
38 |
> |
39 |
>,---- |
40 |
>| Warning: untrusted X11 forwarding setup failed: xauth key data not |
41 |
>generated |
42 |
>| Warning: No xauth data; using fake authentication data for X11 |
43 |
>forwarding. |
44 |
>| Invalid MIT-MAGIC-COOKIE-1 keyxterm: Xt error: Can't open display: |
45 |
>localhost:10.0 |
46 |
>`---- |
47 |
> |
48 |
>[Full Error output with ssh -vv -X is very lengthy so is attached at |
49 |
>the end] |
50 |
> |
51 |
>I'm not seeing how to debug this further. So going back to the stock |
52 |
>version of sshd_config ssh_config on gentoo with two changes: |
53 |
> |
54 |
>commented out this line: |
55 |
> PasswordAuthentication no |
56 |
> |
57 |
>added this: |
58 |
> X11Forwarding yes |
59 |
> |
60 |
>------- ------- ---=--- ------- ------- |
61 |
>Full sshd_config on LHOST: sudo grep ^[^#] /etc/ssh/sshd_config |
62 |
>------- ------- ---=--- ------- ------- |
63 |
> UsePAM yes |
64 |
> X11Forwarding yes |
65 |
> PrintMotd no |
66 |
> PrintLastLog no |
67 |
> UsePrivilegeSeparation sandbox # Default for new installations. |
68 |
> Subsystem sftp /usr/lib/misc/sftp-server |
69 |
> AcceptEnv LANG LC_* |
70 |
> |
71 |
>------- Config END ------- |
72 |
> |
73 |
> |
74 |
>------- ------- ---=--- ------- ------- |
75 |
>Full ssh_config on LHOST: sudo grep ^[^#] /etc/ssh/ssh_config |
76 |
>------- ------- ---=--- ------- ------- |
77 |
> |
78 |
> ForwardX11 yes |
79 |
> SendEnv LANG LC_* |
80 |
> |
81 |
>------- Config END ------- |
82 |
> |
83 |
>####################################################### |
84 |
> |
85 |
>Now the same info for RHOST |
86 |
> |
87 |
>------- ------- ---=--- ------- ------- |
88 |
>Full sshd_config on RHOST: ssh root@RHOST "grep ^[^#] |
89 |
>/etc/ssh/sshd_config" |
90 |
>------- ------- ---=--- ------- ------- |
91 |
> |
92 |
>HostKey /etc/ssh/ssh_host_rsa_key |
93 |
>HostKey /etc/ssh/ssh_host_dsa_key |
94 |
>HostKey /etc/ssh/ssh_host_ed25519_key |
95 |
>AcceptEnv LANG LC_* |
96 |
>ChallengeResponseAuthentication no |
97 |
>IgnoreRhosts yes |
98 |
>HostbasedAuthentication no |
99 |
>KeyRegenerationInterval 3600 |
100 |
>LogLevel INFO |
101 |
>LoginGraceTime 120 |
102 |
>PermitEmptyPasswords no |
103 |
>PermitRootLogin yes |
104 |
>Port 22 |
105 |
>PrintLastLog yes |
106 |
>PrintMotd no |
107 |
>Protocol 2 |
108 |
>PubkeyAuthentication yes |
109 |
>RSAAuthentication yes |
110 |
>RhostsRSAAuthentication no |
111 |
>ServerKeyBits 1024 |
112 |
>SyslogFacility AUTH |
113 |
>StrictModes yes |
114 |
>Subsystem sftp /usr/lib/misc/sftp-server |
115 |
>TCPKeepAlive yes |
116 |
>UsePAM yes |
117 |
>UsePrivilegeSeparation sandbox |
118 |
>X11Forwarding yes |
119 |
> |
120 |
>------- Config END ------- |
121 |
> |
122 |
> |
123 |
>------- ------- ---=--- ------- ------- |
124 |
>Full ssh_config on RHOST: ssh root@RHOST "grep ^[^#] |
125 |
>/etc/ssh/ssh_config" |
126 |
>------- ------- ---=--- ------- ------- |
127 |
>Host * |
128 |
> ForwardX11 yes |
129 |
> SendEnv LANG LC_* |
130 |
> HashKnownHosts yes |
131 |
> |
132 |
>------- Config END ------- |
133 |
> |
134 |
>############################################ |
135 |
>############################################ |
136 |
> |
137 |
>The only thing more I can think to include is the full lengthy output |
138 |
>of |
139 |
>ssh -vv -X |
140 |
|
141 |
Try "ssh -Y ". |
142 |
It's what I have been using for a long time now. |
143 |
-- |
144 |
Sent from my Android device with K-9 Mail. Please excuse my brevity. |