On Wednesday, February 11, 2004, at 12:36 AM, Cristian Gutierrez wrote:
Mark Gillingham wrote:Your tip really helped. I had an authentication error, which I fixed. I think that B is not set up correctly. It is the only Debian box in the bunch. A is OS X and C is RH7.3. I offer lots of logs below and apologize for it, but I'm not sure what is important.I'm confused by ssh -X. The box that has my CVS work is on a private network. If I'm on that private network, I can forward X from the box to my Mac 10.2 box. If I'm outside the network, I can ssh to another box on the private network with a public IP and then ssh again to the private box. I cannot, however, ssh -X from A (outside the private network) to B (on the private network with a public address) to C (on the private network without a public address). I suspect this has to do with .xauth-esque privilege settings. Where to I go to hunt this down?
Try:
ssh -X B xclock
..to see if B allows X to be forwarded. And:
ssh -X B ssh -X C xclock
..to see is C allows the same from B. If either of them fails (not showing you a clock), repeat it with verbosity enabled (-v) and try to figure something out of that. If in trouble, ask here.
--
I used xcalc because xclock was not loaded on B (perhaps because x-server was not installed on B). So the log of ssh -X B xcalc from A (which shows a display error) is:
% ssh -X -v web2.mydomain.org /usr/X11R6/bin/xcalc
OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090609f
debug1: Reading configuration data /Volumes/X/Users/markgill/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to web2.mydomain.org [206.222.33.nnn] port 22.
debug1: Connection established.
debug1: identity file /Volumes/X/Users/markgill/.ssh/identity type -1
debug1: identity file /Volumes/X/Users/markgill/.ssh/id_rsa type 1
debug1: identity file /Volumes/X/Users/markgill/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1+CAN-2003-0693
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 141/256
debug1: bits set: 1570/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'web2.mydomain.org' is known and matches the RSA host key.
debug1: Found key in /Volumes/X/Users/markgill/.ssh/known_hosts:4
debug1: bits set: 1644/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /Volumes/X/Users/markgill/.ssh/identity
debug1: try pubkey: /Volumes/X/Users/markgill/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x85d60 hint 1
debug1: read PEM private key done: type RSA
debug1: ssh-userauth2 successful: method publickey
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: channel request 0: x11-req
debug1: Sending command: /usr/X11R6/bin/xcalc
debug1: channel request 0: exec
debug1: fd 3 setting TCP_NODELAY
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open -> closed
Error: Can't open display:
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.7 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 1
I still have a display error as seen by the following log from a session like ssh -X B ssh -X C xclock:
% ssh -X -v web2.mydomain.org ssh -X bitbox.mydomain.org /usr/X11R6/bin/xclock
OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090609f
debug1: Reading configuration data /Volumes/X/Users/markgill/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to web2.mydomain.org [206.222.33.147] port 22.
debug1: Connection established.
debug1: identity file /Volumes/X/Users/markgill/.ssh/identity type -1
debug1: identity file /Volumes/X/Users/markgill/.ssh/id_rsa type 1
debug1: identity file /Volumes/X/Users/markgill/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1+CAN-2003-0693
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 139/256
debug1: bits set: 1566/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'web2.mydomain.org' is known and matches the RSA host key.
debug1: Found key in /Volumes/X/Users/markgill/.ssh/known_hosts:4
debug1: bits set: 1604/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /Volumes/X/Users/markgill/.ssh/identity
debug1: try pubkey: /Volumes/X/Users/markgill/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x85d60 hint 1
debug1: read PEM private key done: type RSA
debug1: ssh-userauth2 successful: method publickey
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: channel request 0: x11-req
debug1: Sending command: ssh -X bitbox.mydomain.org /usr/X11R6/bin/xclock
debug1: channel request 0: exec
debug1: fd 3 setting TCP_NODELAY
debug1: channel 0: open confirm rwindow 0 rmax 32768
Error: Can't open display:
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 1.6 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 1
A's sshd_config file has the following settings (A is OS X Darwin):
X11Forwarding yes
#X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #KeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #Compression yes
B's sshd_config file has the following settings (B is Wood):
X11Forwarding yes X11DisplayOffset 10 PrintMotd no #PrintLastLog no KeepAlive yes #UseLogin no
C's sshd_config file has the following settings (C is HR7.3):
#X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #KeepAlive yes #UseLogin no
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
