| 1 |
This properly belongs on the ssh group, but posting there has not gotten |
| 2 |
any responses... and the list is quite slow to boot. |
| 3 |
|
| 4 |
I like using ssh -X to other lan remotes but with new versions of openssh |
| 5 |
or perhaps the configs, it only works 1 way. |
| 6 |
|
| 7 |
I can `ssh -X' to the gentoo host from a debian host but not the other |
| 8 |
way round. |
| 9 |
|
| 10 |
Two different versions of openssh appear to be involved. But not sure |
| 11 |
how different they are. |
| 12 |
|
| 13 |
RHOST=a debian HOST |
| 14 |
LHOST= Gentoo HOST |
| 15 |
|
| 16 |
ssh -vN $RHOST 2>&1|grep "remote software version" |
| 17 |
|
| 18 |
[...] OpenSSH_6.7p1 Debian-3 |
| 19 |
|
| 20 |
ssh -vN $LHOST 2>&1|grep "remote software version" |
| 21 |
|
| 22 |
[...] OpenSSH_6.7p1-hpn14v5 |
| 23 |
|
| 24 |
|
| 25 |
One thing I tried to do was to copy the RHOST sshd_config and ssh_config to |
| 26 |
LHOST. Restart and try again... there were a few incompatible bits in |
| 27 |
the files so after commenting a few out until no config errors. |
| 28 |
|
| 29 |
However ssh -X still displayed the error and would NOT work when: |
| 30 |
ssh -X RHOST from LHOST |
| 31 |
({Note that plain ssh LHOST or RHOST works in any direction} |
| 32 |
|
| 33 |
Error outut with ssh -X $RHOST "xterm" |
| 34 |
|
| 35 |
,---- |
| 36 |
| Warning: untrusted X11 forwarding setup failed: xauth key data not generated |
| 37 |
| Warning: No xauth data; using fake authentication data for X11 forwarding. |
| 38 |
| Invalid MIT-MAGIC-COOKIE-1 keyxterm: Xt error: Can't open display: localhost:10.0 |
| 39 |
`---- |
| 40 |
|
| 41 |
[Full Error output with ssh -vv -X is very lengthy so is attached at the end] |
| 42 |
|
| 43 |
I'm not seeing how to debug this further. So going back to the stock |
| 44 |
version of sshd_config ssh_config on gentoo with two changes: |
| 45 |
|
| 46 |
commented out this line: |
| 47 |
PasswordAuthentication no |
| 48 |
|
| 49 |
added this: |
| 50 |
X11Forwarding yes |
| 51 |
|
| 52 |
------- ------- ---=--- ------- ------- |
| 53 |
Full sshd_config on LHOST: sudo grep ^[^#] /etc/ssh/sshd_config |
| 54 |
------- ------- ---=--- ------- ------- |
| 55 |
UsePAM yes |
| 56 |
X11Forwarding yes |
| 57 |
PrintMotd no |
| 58 |
PrintLastLog no |
| 59 |
UsePrivilegeSeparation sandbox # Default for new installations. |
| 60 |
Subsystem sftp /usr/lib/misc/sftp-server |
| 61 |
AcceptEnv LANG LC_* |
| 62 |
|
| 63 |
------- Config END ------- |
| 64 |
|
| 65 |
|
| 66 |
------- ------- ---=--- ------- ------- |
| 67 |
Full ssh_config on LHOST: sudo grep ^[^#] /etc/ssh/ssh_config |
| 68 |
------- ------- ---=--- ------- ------- |
| 69 |
|
| 70 |
ForwardX11 yes |
| 71 |
SendEnv LANG LC_* |
| 72 |
|
| 73 |
------- Config END ------- |
| 74 |
|
| 75 |
####################################################### |
| 76 |
|
| 77 |
Now the same info for RHOST |
| 78 |
|
| 79 |
------- ------- ---=--- ------- ------- |
| 80 |
Full sshd_config on RHOST: ssh root@RHOST "grep ^[^#] /etc/ssh/sshd_config" |
| 81 |
------- ------- ---=--- ------- ------- |
| 82 |
|
| 83 |
HostKey /etc/ssh/ssh_host_rsa_key |
| 84 |
HostKey /etc/ssh/ssh_host_dsa_key |
| 85 |
HostKey /etc/ssh/ssh_host_ed25519_key |
| 86 |
AcceptEnv LANG LC_* |
| 87 |
ChallengeResponseAuthentication no |
| 88 |
IgnoreRhosts yes |
| 89 |
HostbasedAuthentication no |
| 90 |
KeyRegenerationInterval 3600 |
| 91 |
LogLevel INFO |
| 92 |
LoginGraceTime 120 |
| 93 |
PermitEmptyPasswords no |
| 94 |
PermitRootLogin yes |
| 95 |
Port 22 |
| 96 |
PrintLastLog yes |
| 97 |
PrintMotd no |
| 98 |
Protocol 2 |
| 99 |
PubkeyAuthentication yes |
| 100 |
RSAAuthentication yes |
| 101 |
RhostsRSAAuthentication no |
| 102 |
ServerKeyBits 1024 |
| 103 |
SyslogFacility AUTH |
| 104 |
StrictModes yes |
| 105 |
Subsystem sftp /usr/lib/misc/sftp-server |
| 106 |
TCPKeepAlive yes |
| 107 |
UsePAM yes |
| 108 |
UsePrivilegeSeparation sandbox |
| 109 |
X11Forwarding yes |
| 110 |
|
| 111 |
------- Config END ------- |
| 112 |
|
| 113 |
|
| 114 |
------- ------- ---=--- ------- ------- |
| 115 |
Full ssh_config on RHOST: ssh root@RHOST "grep ^[^#] /etc/ssh/ssh_config" |
| 116 |
------- ------- ---=--- ------- ------- |
| 117 |
Host * |
| 118 |
ForwardX11 yes |
| 119 |
SendEnv LANG LC_* |
| 120 |
HashKnownHosts yes |
| 121 |
|
| 122 |
------- Config END ------- |
| 123 |
|
| 124 |
############################################ |
| 125 |
############################################ |
| 126 |
|
| 127 |
The only thing more I can think to include is the full lengthy output of |
| 128 |
ssh -vv -X |
Archives