1 |
This properly belongs on the ssh group, but posting there has not gotten |
2 |
any responses... and the list is quite slow to boot. |
3 |
|
4 |
I like using ssh -X to other lan remotes but with new versions of openssh |
5 |
or perhaps the configs, it only works 1 way. |
6 |
|
7 |
I can `ssh -X' to the gentoo host from a debian host but not the other |
8 |
way round. |
9 |
|
10 |
Two different versions of openssh appear to be involved. But not sure |
11 |
how different they are. |
12 |
|
13 |
RHOST=a debian HOST |
14 |
LHOST= Gentoo HOST |
15 |
|
16 |
ssh -vN $RHOST 2>&1|grep "remote software version" |
17 |
|
18 |
[...] OpenSSH_6.7p1 Debian-3 |
19 |
|
20 |
ssh -vN $LHOST 2>&1|grep "remote software version" |
21 |
|
22 |
[...] OpenSSH_6.7p1-hpn14v5 |
23 |
|
24 |
|
25 |
One thing I tried to do was to copy the RHOST sshd_config and ssh_config to |
26 |
LHOST. Restart and try again... there were a few incompatible bits in |
27 |
the files so after commenting a few out until no config errors. |
28 |
|
29 |
However ssh -X still displayed the error and would NOT work when: |
30 |
ssh -X RHOST from LHOST |
31 |
({Note that plain ssh LHOST or RHOST works in any direction} |
32 |
|
33 |
Error outut with ssh -X $RHOST "xterm" |
34 |
|
35 |
,---- |
36 |
| Warning: untrusted X11 forwarding setup failed: xauth key data not generated |
37 |
| Warning: No xauth data; using fake authentication data for X11 forwarding. |
38 |
| Invalid MIT-MAGIC-COOKIE-1 keyxterm: Xt error: Can't open display: localhost:10.0 |
39 |
`---- |
40 |
|
41 |
[Full Error output with ssh -vv -X is very lengthy so is attached at the end] |
42 |
|
43 |
I'm not seeing how to debug this further. So going back to the stock |
44 |
version of sshd_config ssh_config on gentoo with two changes: |
45 |
|
46 |
commented out this line: |
47 |
PasswordAuthentication no |
48 |
|
49 |
added this: |
50 |
X11Forwarding yes |
51 |
|
52 |
------- ------- ---=--- ------- ------- |
53 |
Full sshd_config on LHOST: sudo grep ^[^#] /etc/ssh/sshd_config |
54 |
------- ------- ---=--- ------- ------- |
55 |
UsePAM yes |
56 |
X11Forwarding yes |
57 |
PrintMotd no |
58 |
PrintLastLog no |
59 |
UsePrivilegeSeparation sandbox # Default for new installations. |
60 |
Subsystem sftp /usr/lib/misc/sftp-server |
61 |
AcceptEnv LANG LC_* |
62 |
|
63 |
------- Config END ------- |
64 |
|
65 |
|
66 |
------- ------- ---=--- ------- ------- |
67 |
Full ssh_config on LHOST: sudo grep ^[^#] /etc/ssh/ssh_config |
68 |
------- ------- ---=--- ------- ------- |
69 |
|
70 |
ForwardX11 yes |
71 |
SendEnv LANG LC_* |
72 |
|
73 |
------- Config END ------- |
74 |
|
75 |
####################################################### |
76 |
|
77 |
Now the same info for RHOST |
78 |
|
79 |
------- ------- ---=--- ------- ------- |
80 |
Full sshd_config on RHOST: ssh root@RHOST "grep ^[^#] /etc/ssh/sshd_config" |
81 |
------- ------- ---=--- ------- ------- |
82 |
|
83 |
HostKey /etc/ssh/ssh_host_rsa_key |
84 |
HostKey /etc/ssh/ssh_host_dsa_key |
85 |
HostKey /etc/ssh/ssh_host_ed25519_key |
86 |
AcceptEnv LANG LC_* |
87 |
ChallengeResponseAuthentication no |
88 |
IgnoreRhosts yes |
89 |
HostbasedAuthentication no |
90 |
KeyRegenerationInterval 3600 |
91 |
LogLevel INFO |
92 |
LoginGraceTime 120 |
93 |
PermitEmptyPasswords no |
94 |
PermitRootLogin yes |
95 |
Port 22 |
96 |
PrintLastLog yes |
97 |
PrintMotd no |
98 |
Protocol 2 |
99 |
PubkeyAuthentication yes |
100 |
RSAAuthentication yes |
101 |
RhostsRSAAuthentication no |
102 |
ServerKeyBits 1024 |
103 |
SyslogFacility AUTH |
104 |
StrictModes yes |
105 |
Subsystem sftp /usr/lib/misc/sftp-server |
106 |
TCPKeepAlive yes |
107 |
UsePAM yes |
108 |
UsePrivilegeSeparation sandbox |
109 |
X11Forwarding yes |
110 |
|
111 |
------- Config END ------- |
112 |
|
113 |
|
114 |
------- ------- ---=--- ------- ------- |
115 |
Full ssh_config on RHOST: ssh root@RHOST "grep ^[^#] /etc/ssh/ssh_config" |
116 |
------- ------- ---=--- ------- ------- |
117 |
Host * |
118 |
ForwardX11 yes |
119 |
SendEnv LANG LC_* |
120 |
HashKnownHosts yes |
121 |
|
122 |
------- Config END ------- |
123 |
|
124 |
############################################ |
125 |
############################################ |
126 |
|
127 |
The only thing more I can think to include is the full lengthy output of |
128 |
ssh -vv -X |