| 1 |
Hi there! |
| 2 |
|
| 3 |
For a little while now I have a problem on one of my hosts, X11 forwarding |
| 4 |
stopped working. I do not know where to look, but I thought maybe someone |
| 5 |
here has an idea? I have a .Xauthority file dated from Sept 19, this might |
| 6 |
be around the last time forwarding was working. |
| 7 |
|
| 8 |
Here is my /etc/ssh/sshd_config, stripped by all commented lines in order to |
| 9 |
save space: |
| 10 |
|
| 11 |
Protocol 2,1 |
| 12 |
PermitRootLogin no |
| 13 |
PasswordAuthentication no |
| 14 |
UsePAM yes |
| 15 |
X11Forwarding yes |
| 16 |
ClientAliveInterval 180 |
| 17 |
Banner /etc/ssh/tolles.banner |
| 18 |
Subsystem sftp /usr/lib/misc/sftp-server |
| 19 |
|
| 20 |
I stopped the ssh service and started sshd manually with option -d: |
| 21 |
|
| 22 |
root@zone:~ /usr/sbin/sshd -d |
| 23 |
debug1: sshd version OpenSSH_4.7p1 |
| 24 |
debug1: private host key: #0 type 0 RSA1 |
| 25 |
debug1: read PEM private key done: type RSA |
| 26 |
debug1: private host key: #1 type 1 RSA |
| 27 |
debug1: read PEM private key done: type DSA |
| 28 |
debug1: private host key: #2 type 2 DSA |
| 29 |
debug1: rexec_argv[0]='/usr/sbin/sshd' |
| 30 |
debug1: rexec_argv[1]='-d' |
| 31 |
debug1: Bind to port 22 on 0.0.0.0. |
| 32 |
Server listening on 0.0.0.0 port 22. |
| 33 |
socket: Address family not supported by protocol |
| 34 |
Generating 768 bit RSA key. |
| 35 |
RSA key generation complete. |
| 36 |
[Now comes the login] |
| 37 |
debug1: Server will not fork when running in debugging mode. |
| 38 |
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 |
| 39 |
debug1: inetd sockets after dupping: 3, 3 |
| 40 |
Connection from 192.168.1.4 port 38166 |
| 41 |
debug1: Client protocol version 2.0; client software version OpenSSH_4.6 |
| 42 |
debug1: match: OpenSSH_4.6 pat OpenSSH* |
| 43 |
debug1: Enabling compatibility mode for protocol 2.0 |
| 44 |
debug1: Local version string SSH-1.99-OpenSSH_4.7 |
| 45 |
debug1: permanently_set_uid: 22/22 |
| 46 |
debug1: list_hostkey_types: ssh-rsa,ssh-dss |
| 47 |
debug1: SSH2_MSG_KEXINIT sent |
| 48 |
debug1: SSH2_MSG_KEXINIT received |
| 49 |
debug1: kex: client->server aes128-cbc hmac-md5 none |
| 50 |
debug1: kex: server->client aes128-cbc hmac-md5 none |
| 51 |
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received |
| 52 |
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent |
| 53 |
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT |
| 54 |
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent |
| 55 |
debug1: SSH2_MSG_NEWKEYS sent |
| 56 |
debug1: expecting SSH2_MSG_NEWKEYS |
| 57 |
debug1: SSH2_MSG_NEWKEYS received |
| 58 |
debug1: KEX done |
| 59 |
debug1: userauth-request for user wonko service ssh-connection method none |
| 60 |
debug1: attempt 0 failures 0 |
| 61 |
debug1: PAM: initializing for "wonko" |
| 62 |
debug1: PAM: setting PAM_RHOST to "weird.wonkology.org" |
| 63 |
debug1: PAM: setting PAM_TTY to "ssh" |
| 64 |
debug1: userauth_send_banner: sent |
| 65 |
debug1: userauth-request for user wonko service ssh-connection method |
| 66 |
publickey |
| 67 |
debug1: attempt 1 failures 1 |
| 68 |
debug1: test whether pkalg/pkblob are acceptable |
| 69 |
debug1: temporarily_use_uid: 1000/100 (e=0/0) |
| 70 |
debug1: trying public key file /home/wonko/.ssh/authorized_keys |
| 71 |
debug1: restore_uid: 0/0 |
| 72 |
debug1: temporarily_use_uid: 1000/100 (e=0/0) |
| 73 |
debug1: trying public key file /home/wonko/.ssh/authorized_keys2 |
| 74 |
debug1: restore_uid: 0/0 |
| 75 |
Failed publickey for wonko from 192.168.1.4 port 38166 ssh2 |
| 76 |
debug1: userauth-request for user wonko service ssh-connection method |
| 77 |
publickey |
| 78 |
debug1: attempt 2 failures 2 |
| 79 |
debug1: temporarily_use_uid: 1000/100 (e=0/0) |
| 80 |
debug1: trying public key file /home/wonko/.ssh/authorized_keys |
| 81 |
debug1: matching key found: file /home/wonko/.ssh/authorized_keys, line 1 |
| 82 |
Found matching DSA key: 01:57:eb:6f:53:3f:6f:d8:a7:87:6f:c2:a7:a4:7a:18 |
| 83 |
debug1: restore_uid: 0/0 |
| 84 |
debug1: ssh_dss_verify: signature correct |
| 85 |
debug1: do_pam_account: called |
| 86 |
Accepted publickey for wonko from 192.168.1.4 port 38166 ssh2 |
| 87 |
debug1: monitor_child_preauth: wonko has been authenticated by privileged |
| 88 |
process |
| 89 |
debug1: PAM: establishing credentials |
| 90 |
debug1: permanently_set_uid: 1000/100 |
| 91 |
debug1: Entering interactive session for SSH2. |
| 92 |
debug1: server_init_dispatch_20 |
| 93 |
debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 |
| 94 |
debug1: input_session_request |
| 95 |
debug1: channel 0: new [server-session] |
| 96 |
debug1: session_new: init |
| 97 |
debug1: session_new: session 0 |
| 98 |
debug1: session_open: channel 0 |
| 99 |
debug1: session_open: session 0: link with channel 0 |
| 100 |
debug1: server_input_channel_open: confirm session |
| 101 |
debug1: server_input_channel_req: channel 0 request x11-req reply 0 |
| 102 |
debug1: session_by_channel: session 0 channel 0 |
| 103 |
debug1: session_input_channel_req: session 0 req x11-req |
| 104 |
debug1: server_input_channel_req: channel 0 request pty-req reply 0 |
| 105 |
debug1: session_by_channel: session 0 channel 0 |
| 106 |
debug1: session_input_channel_req: session 0 req pty-req |
| 107 |
debug1: Allocating pty. |
| 108 |
debug1: session_new: init |
| 109 |
debug1: session_new: session 0 |
| 110 |
debug1: session_pty_req: session 0 alloc /dev/pts/2 |
| 111 |
debug1: server_input_channel_req: channel 0 request shell reply 0 |
| 112 |
debug1: session_by_channel: session 0 channel 0 |
| 113 |
debug1: session_input_channel_req: session 0 req shell |
| 114 |
debug1: PAM: setting PAM_TTY to "/dev/pts/2" |
| 115 |
debug1: Setting controlling tty using TIOCSCTTY. |
| 116 |
|
| 117 |
|
| 118 |
I did the same on another host where forwarding is working. Here is a diff |
| 119 |
of the two logs: (< ok, > not ok) |
| 120 |
|
| 121 |
1a2 |
| 122 |
> debug1: private host key: #0 type 0 RSA1 |
| 123 |
3c4 |
| 124 |
< debug1: private host key: #0 type 1 RSA |
| 125 |
--- |
| 126 |
> debug1: private host key: #1 type 1 RSA |
| 127 |
5c6 |
| 128 |
< debug1: private host key: #1 type 2 DSA |
| 129 |
--- |
| 130 |
> debug1: private host key: #2 type 2 DSA |
| 131 |
10a12,14 |
| 132 |
> Generating 768 bit RSA key. |
| 133 |
> RSA key generation complete. |
| 134 |
> |
| 135 |
14c18 |
| 136 |
< Connection from 127.0.0.1 port 55291 |
| 137 |
--- |
| 138 |
> Connection from 192.168.1.4 port 35800 |
| 139 |
18c22 |
| 140 |
< debug1: Local version string SSH-2.0-OpenSSH_4.7 |
| 141 |
--- |
| 142 |
> debug1: Local version string SSH-1.99-OpenSSH_4.7 |
| 143 |
36c40 |
| 144 |
< debug1: PAM: setting PAM_RHOST to "localhost" |
| 145 |
--- |
| 146 |
> debug1: PAM: setting PAM_RHOST to "weird.wonkology.org" |
| 147 |
37a42 |
| 148 |
> debug1: userauth_send_banner: sent |
| 149 |
47c52 |
| 150 |
< Failed publickey for wonko from 127.0.0.1 port 55291 ssh2 |
| 151 |
--- |
| 152 |
> Failed publickey for wonko from 192.168.1.4 port 35800 ssh2 |
| 153 |
57c62 |
| 154 |
< Accepted publickey for wonko from 127.0.0.1 port 55291 ssh2 |
| 155 |
--- |
| 156 |
> Accepted publickey for wonko from 192.168.1.4 port 35800 ssh2 |
| 157 |
74,75d78 |
| 158 |
< debug1: x11_create_display_inet: Socket family 10 not supported |
| 159 |
< debug1: channel 1: new [X11 inet listener] |
| 160 |
82c85 |
| 161 |
< debug1: session_pty_req: session 0 alloc /dev/pts/19 |
| 162 |
--- |
| 163 |
> debug1: session_pty_req: session 0 alloc /dev/pts/7 |
| 164 |
86c89 |
| 165 |
< debug1: PAM: setting PAM_TTY to "/dev/pts/19" |
| 166 |
--- |
| 167 |
> debug1: PAM: setting PAM_TTY to "/dev/pts/7" |
| 168 |
|
| 169 |
So, this is the main difference, it appears only on the machine where |
| 170 |
forwarding is working: |
| 171 |
< debug1: x11_create_display_inet: Socket family 10 not supported |
| 172 |
< debug1: channel 1: new [X11 inet listener] |
| 173 |
|
| 174 |
Any idea what's wrong? |
| 175 |
|
| 176 |
Alex |
| 177 |
-- |
| 178 |
gentoo-user@g.o mailing list |
Archives