LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   MEPIS (https://www.linuxquestions.org/questions/mepis-64/)
-   -   ssh X11 forwarding with Mepis 8.5 (https://www.linuxquestions.org/questions/mepis-64/ssh-x11-forwarding-with-mepis-8-5-a-802365/)

rich_c 04-16-2010 05:25 AM
ssh X11 forwarding with Mepis 8.5
 
I'm having problems forwarding X11 with my test machine I recently successfully (Other than this issue...) upgraded from Mepis 8.0 to 8.5. It was all working fine before the upgrade and I made sure the sshd_config file I was using was maintained but I keep getting cannot open display and/or cannot connect to server messages when I try to start an app remotely. I can ssh onto the box without issues but the forwarding thing has me stumped. I'm not sure if it's a KDE4 issue or something trivial I've overlooked...

kbp 04-16-2010 09:22 AM
When you connect via ssh, what does 'echo $DISPLAY' show ?

rich_c 04-16-2010 10:06 AM
Interestingly enough, it returns nothing! I logged in using ssh -XC user@host and echo $DISPLAY resulted in a blank line followed by my command prompt being displayed again.

rich_c 04-17-2010 06:04 AM
Just posted this on MepisLovers.

I think I might be onto something... I added -v to an attempt to ssh onto my machine. Amongst the debug was a line that said no xauth program. After a bit of Googling, I found that sshd looks for xauth in /usr/bin/X11/xauth. The thing is, xauth seems to be there... Any thoughts?

kbp 04-17-2010 06:16 AM
Maybe /etc/ssh/sshd_config no longer has 'X11Forwarding yes' after your upgrade ...

rich_c 04-17-2010 07:00 AM
It's not that. Here's my sshd_config.

Code:
#      $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $

# This sshd was compiled with PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin no
AllowUsers sshl0gin rich@192.168.1.*
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog no
TCPKeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

#RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no

# Uncomment to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

# To change Kerberos options
# NB: Debian's ssh ships without Kerberos Support
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

#CheckMail yes
#UseLogin no

#MaxStartups 10:30:60
Banner /home/shared/banner
#ReverseMappingCheck yes

Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes

DenyUsers onthego

kbp 04-17-2010 07:14 AM
Interesting ... running strings against mine indicates it looks in /usr/bin :
Code:
# strings /usr/sbin/sshd | grep xauth
/usr/bin/xauth
xauthlocation
maxauthtries
No xauth program; cannot forward with spoofing.
# which xauth
/usr/bin/xauth
According to the sshd_config man page:
Quote:
XAuthLocation
Specifies the full pathname of the xauth(1) program. The default
is /usr/bin/xauth.

hth

rich_c 04-18-2010 06:14 AM
I now think that it's an issue of ssh not being able to set DISPLAY. Any thoughts on how I can diagnose exactly where the problem lies?

kbp 04-18-2010 08:36 AM
Try running sshd with the '-d' flag, this should provide enough output to troubleshoot with

rich_c 04-18-2010 09:42 AM
I cracked it!!!

After much Googling, I added:

Code:
AddressFamily inet
to sshd_config in order to disable ipv6 and X11 forwarding now seems to work!

I wonder if the need for this is something to do with the kernel upgrade I did as part of the 8.0 to 8.5 upgrade...?


All times are GMT -5. The time now is 08:04 PM.