[ale] ssh -X won't work

David Corbin dcorbin at machturtle.com
Sun Jun 15 12:32:25 EDT 2003


Sure....  It's pretty much a standard Debian config file, with the 
X11Forwarding enabled.


# Package generated configuration file
# See the sshd(8) manpage for defails

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 600
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile	%h/.ssh/authorized_keys

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Uncomment to disable s/key passwords 
#ChallengeResponseAuthentication no

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes

# Use PAM authentication via keyboard-interactive so PAM modules can
# properly interface with the user
PAMAuthenticationViaKbdInt yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
#PrintLastLog no
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem	sftp	/usr/lib/sftp-server

#UsePrivilegeSeparation yes

On Sunday 15 June 2003 11:17, matty91 at bellsouth.net wrote:
> Can you post your sshd_config as well?
>
> - Ryan
>
> On Sun, 15 Jun 2003, David Corbin wrote:
> > OpenSSH_3.6.1p2 Debian 1:3.6.1p2-3, SSH protocols 1.5/2.0, OpenSSL
> > 0x0090702f debug1: Reading configuration data /etc/ssh/ssh_config
> > debug1: Rhosts Authentication disabled, originating port will not be
> > trusted. debug2: ssh_connect: needpriv 0
> > debug1: Connecting to flute [192.168.26.1] port 22.
> > debug1: Connection established.
> > debug1: identity file /home/dcorbin/.ssh/identity type 0
> > debug1: identity file /home/dcorbin/.ssh/id_rsa type -1
> > debug3: Not a RSA1 key file /home/dcorbin/.ssh/id_dsa.
> > debug2: key_type_from_name: unknown key type '-----BEGIN'
> > debug3: key_read: missing keytype
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug3: key_read: missing whitespace
> > debug2: key_type_from_name: unknown key type '-----END'
> > debug3: key_read: missing keytype
> > debug1: identity file /home/dcorbin/.ssh/id_dsa type 2
> > debug1: Remote protocol version 2.0, remote software version
> > OpenSSH_3.4p1 Debian 1:3.4p1-1
> > debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1 pat OpenSSH*
> > debug1: Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-3
> > debug1: SSH2_MSG_KEXINIT sent
> > debug1: SSH2_MSG_KEXINIT received
> > debug2: kex_parse_kexinit:
> > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> > debug2: kex_parse_kexinit:
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cb
> >c,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit:
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cb
> >c,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit:
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96
> >,hmac-md5-96 debug2: kex_parse_kexinit:
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96
> >,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib
> > debug2: kex_parse_kexinit: none,zlib
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit: first_kex_follows 0
> > debug2: kex_parse_kexinit: reserved 0
> > debug2: kex_parse_kexinit:
> > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> > debug2: kex_parse_kexinit:
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cb
> >c,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit:
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cb
> >c,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit:
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96
> >,hmac-md5-96 debug2: kex_parse_kexinit:
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96
> >,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib
> > debug2: kex_parse_kexinit: none,zlib
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit: first_kex_follows 0
> > debug2: kex_parse_kexinit: reserved 0
> > debug2: mac_init: found hmac-md5
> > debug1: kex: server->client aes128-cbc hmac-md5 none
> > debug2: mac_init: found hmac-md5
> > debug1: kex: client->server aes128-cbc hmac-md5 none
> > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> > debug2: dh_gen_key: priv key bits set: 142/256
> > debug2: bits set: 1657/3191
> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > debug3: check_host_in_hostfile: filename /home/dcorbin/.ssh/known_hosts
> > debug3: check_host_in_hostfile: match line 51
> > debug3: check_host_in_hostfile: filename /home/dcorbin/.ssh/known_hosts
> > debug3: check_host_in_hostfile: match line 51
> > debug1: Host 'flute' is known and matches the RSA host key.
> > debug1: Found key in /home/dcorbin/.ssh/known_hosts:51
> > debug2: bits set: 1610/3191
> > debug1: ssh_rsa_verify: signature correct
> > debug2: kex_derive_keys
> > debug2: set_newkeys: mode 1
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: expecting SSH2_MSG_NEWKEYS
> > debug2: set_newkeys: mode 0
> > debug1: SSH2_MSG_NEWKEYS received
> > debug1: SSH2_MSG_SERVICE_REQUEST sent
> > debug2: service_accept: ssh-userauth
> > debug1: SSH2_MSG_SERVICE_ACCEPT received
> > debug1: Authentications that can continue:
> > publickey,password,keyboard-interactive
> > debug3: start over, passed a different list
> > publickey,password,keyboard-interactive
> > debug3: preferred publickey,keyboard-interactive,password
> > debug3: authmethod_lookup publickey
> > debug3: remaining preferred: keyboard-interactive,password
> > debug3: authmethod_is_enabled publickey
> > debug1: Next authentication method: publickey
> > debug2: userauth_pubkey_agent: no keys at all
> > debug2: userauth_pubkey_agent: no more keys
> > debug2: userauth_pubkey_agent: no message sent
> > debug1: Trying private key: /home/dcorbin/.ssh/id_rsa
> > debug3: no such identity: /home/dcorbin/.ssh/id_rsa
> > debug1: Offering public key: /home/dcorbin/.ssh/id_dsa
> > debug3: send_pubkey_test
> > debug2: we sent a publickey packet, wait for reply
> > debug1: Server accepts key: pkalg ssh-dss blen 433 lastkey 0x8083500 hint
> > 2 debug2: input_userauth_pk_ok: fp
> > 9a:a9:d8:08:d3:9b:fd:98:3f:d6:e0:20:d6:ad:f7:f0
> > debug3: sign_and_send_pubkey
> > debug1: read PEM private key done: type DSA
> > debug1: Authentication succeeded (publickey).
> > debug1: fd 6 setting O_NONBLOCK
> > debug1: channel 0: new [client-session]
> > debug3: ssh_session2_open: channel_new: 0
> > debug2: channel 0: send open
> > debug1: Entering interactive session.
> > debug2: callback start
> > debug2: ssh_session2_setup: id 0
> > debug1: channel 0: request pty-req
> > debug3: tty_make_modes: ospeed 38400
> > debug3: tty_make_modes: ispeed 38400
> > debug3: tty_make_modes: 1 3
> > debug3: tty_make_modes: 2 28
> > debug3: tty_make_modes: 3 127
> > debug3: tty_make_modes: 4 21
> > debug3: tty_make_modes: 5 4
> > debug3: tty_make_modes: 6 0
> > debug3: tty_make_modes: 7 0
> > debug3: tty_make_modes: 8 17
> > debug3: tty_make_modes: 9 19
> > debug3: tty_make_modes: 10 26
> > debug3: tty_make_modes: 12 18
> > debug3: tty_make_modes: 13 23
> > debug3: tty_make_modes: 14 22
> > debug3: tty_make_modes: 18 15
> > debug3: tty_make_modes: 30 0
> > debug3: tty_make_modes: 31 0
> > debug3: tty_make_modes: 32 0
> > debug3: tty_make_modes: 33 0
> > debug3: tty_make_modes: 34 0
> > debug3: tty_make_modes: 35 0
> > debug3: tty_make_modes: 36 1
> > debug3: tty_make_modes: 37 0
> > debug3: tty_make_modes: 38 1
> > debug3: tty_make_modes: 39 0
> > debug3: tty_make_modes: 40 0
> > debug3: tty_make_modes: 41 0
> > debug3: tty_make_modes: 50 1
> > debug3: tty_make_modes: 51 1
> > debug3: tty_make_modes: 52 0
> > debug3: tty_make_modes: 53 1
> > debug3: tty_make_modes: 54 1
> > debug3: tty_make_modes: 55 1
> > debug3: tty_make_modes: 56 0
> > debug3: tty_make_modes: 57 0
> > debug3: tty_make_modes: 58 0
> > debug3: tty_make_modes: 59 1
> > debug3: tty_make_modes: 60 1
> > debug3: tty_make_modes: 61 1
> > debug3: tty_make_modes: 62 0
> > debug3: tty_make_modes: 70 1
> > debug3: tty_make_modes: 71 0
> > debug3: tty_make_modes: 72 1
> > debug3: tty_make_modes: 73 0
> > debug3: tty_make_modes: 74 0
> > debug3: tty_make_modes: 75 0
> > debug3: tty_make_modes: 90 1
> > debug3: tty_make_modes: 91 1
> > debug3: tty_make_modes: 92 0
> > debug3: tty_make_modes: 93 0
> > debug2: x11_get_proto: /usr/bin/X11/xauth list unix:10.0 2>/dev/null
> > debug1: Requesting X11 forwarding with authentication spoofing.
> > debug1: channel 0: request x11-req
> > debug1: channel 0: request shell
> > debug2: fd 3 setting TCP_NODELAY
> > debug2: callback done
> > debug1: channel 0: open confirm rwindow 0 rmax 32768
> > debug2: channel 0: rcvd adjust 131072
> > debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
> > debug1: channel 0: rcvd eof
> > debug1: channel 0: output open -> drain
> > debug1: channel 0: obuf empty
> > debug1: channel 0: close_write
> > debug1: channel 0: output drain -> closed
> > debug1: channel 0: rcvd close
> > debug1: channel 0: close_read
> > debug1: channel 0: input open -> closed
> > debug3: channel 0: will not send data after close
> > debug1: channel 0: almost dead
> > debug1: channel 0: gc: notify user
> > debug1: channel 0: gc: user detached
> > debug1: channel 0: send close
> > debug1: channel 0: is dead
> > debug1: channel 0: garbage collecting
> > debug1: channel_free: channel 0: client-session, nchannels 1
> > debug3: channel_free: status: The following connections are open:\015
> >   #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1)\015
> >
> > debug3: channel_close_fds: channel 0: r -1 w -1 e 6
> > debug1: fd 2 clearing O_NONBLOCK
> >
> > On Sunday 15 June 2003 10:55, matty91 at bellsouth.net wrote:
> > > What does ssh -X -vvvv host spew out?
> > >
> > > - Ryan
> > >
> > > On Sun, 15 Jun 2003, David Corbin wrote:
> > > > There appears to be.  After ssh, I type "xauth", and it loads an
> > > > interactive program that appears to, in fact, be xauth.
> > > >
> > > > On Saturday 14 June 2003 22:38, matty91 at bellsouth.net wrote:
> > > > > Is there a "xauth: binary installed? If not, you need to specify
> > > > > the location with XAuthLocation.
> > > > >
> > > > > - Ryan
> > > > >
> > > > > On Sat, 14 Jun 2003, David Corbin wrote:
> > > > > > I have one particular server, that I "ssh -X " to, and it won't
> > > > > > set DISPLAY for me.  I've checked the sshd_config and it is does
> > > > > > have X11Forwarding enabled.  When I run sshd with -d I get
> > > > > >
> > > > > > debug1: server_input_channel_req: channel 0 request x11-req reply
> > > > > > 0 debug1: session_by_channel: session 0 channel 0
> > > > > > debug1: session_input_channel_req: session 0 req x11-req
> > > > > >
> > > > > > (not sure if this is relevant, but it's the part of the dump that
> > > > > > refers to X11).
> > > > > >
> > > > > > Any ideas on what might be wrong?
> > > > > >
> > > > > > David
> > > > > > _______________________________________________
> > > > > > Ale mailing list
> > > > > > Ale at ale.org
> > > > > > http://www.ale.org/mailman/listinfo/ale
> > > > >
> > > > > Ryan Matteson - UNIX Administrator | GPG ID: 92D5DFFF
> > > > > Public Key: http://www.daemons.net/~matty/public_key.txt
> > > > > Fingerprint = 4BEC 6145 30A6 BCE6 5602 FF11 4954 165D 92D5 DFFF
> > > > > _______________________________________________
> > > > > Ale mailing list
> > > > > Ale at ale.org
> > > > > http://www.ale.org/mailman/listinfo/ale
> > > >
> > > > _______________________________________________
> > > > Ale mailing list
> > > > Ale at ale.org
> > > > http://www.ale.org/mailman/listinfo/ale
> > >
> > > Ryan Matteson - UNIX Administrator | GPG ID: 92D5DFFF
> > > Public Key: http://www.daemons.net/~matty/public_key.txt
> > > Fingerprint = 4BEC 6145 30A6 BCE6 5602 FF11 4954 165D 92D5 DFFF
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
>
> Ryan Matteson - UNIX Administrator | GPG ID: 92D5DFFF
> Public Key: http://www.daemons.net/~matty/public_key.txt
> Fingerprint = 4BEC 6145 30A6 BCE6 5602 FF11 4954 165D 92D5 DFFF
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list