SSH in Slackware
 

Hi Forum

How does one configure ssh in slackware so that a program installed in my machine can open xterm windows under a user login ?


Thing is... I am using no DE... I run this program over a WM, FluxBox, in its execution, this program tries to open an ssh connection ...



rsh -n -l root iskandhar.site echo hello

It waits endlessly, and I have to manually abort... shell pops this out... :


rsh: iskandhar.site : Name or service not known


I have enebled x11 forwarding and TCP in sshd_config and ssh_config...

my .rhosts is

iskandhar.site alex
iskandhar.site root
iskandhar.site localhost


I do not know much about ssh configuration, and I used the defaults of lackware files ssh_config and sshd_config...


In Debian one only has to change gdm_config, running under Gnome DE...

Can I run this app without a DE...? ... meaning are all ssh services enabled at runlevel 3... ?

I go directly to WM with startx...

Is this a problem...?


BRGDS

Alex

You will need to do the following as root first on the server or computer where your X applications originate:

Server:

As root, edit /etc/ssh/sshd_config, and make the following changes on that file by commenting out these lines:
Restart the ssh server for the changes to take effect:
To get better performance on the client, do this as root:
Comment out the following lines:
No need to restart the ssh service on the client after making these changes.

Now, when you ssh to your sever, do it with the following argument:
Alien Bob posted this a couple of years ago, and I have made a mental note on how to do this. The original thread is here.

Hope this helps!

rsh is not ssh.

Edit: if rsh is run from your system, the problem appears to be that your machine cannot resolve the name "iskandhar.site". This apparently has nothing to do with X11 forwarding.

Hi StormTracknole, rg3

Thks for yr help... :-)


My hostname is iskandhar.site, I have loopback connection enabled... when I type ifconfig, the connection 127.0.0.1 is active...

How can I enable the rsh... ?

BRGDS

Alex

Any reason why you want to use rsh instead of ssh? rsh is not encrypted and it's very easy to sniff it's packets.

Judging from this line:

It seems despite everything you said, the name is not resolved. Try "ping iskandhar.site" to verify this.

There's a line in /etc/inetd.conf that enables rsh. It's an insecure system, though. You'd better prevent people from the outside to reach you via rsh, using tcp wrappers (man hosts_access). in.rshd ships in the netkit-rsh package.

Hi @stormtracknole,@rg3


I just want to run a Finite elements solver that uses rsh/ssh ( and/or ???) to move temporary files created during a calculation...

http://www.code-aster.org/V2/spip.php?rubrique2

In Debian ( the Distro I am using now in my Lappy ) I usually install this running a Python script... it places all stuff in a folder /opt/aster...

In order to run it, I must first source an environment file, /opt/aster/aster_profile.sh, and add /opt/aster/outils to PATH...

This allows me to call the Interface of the program, astk, an application in tcl/tk from command line, having all the environment ready...

There is a test mode... astk --check which allows me to test the ssh connectivity in the machine... right now, under my Debian Lenny, the result is this... :

<INFO> Color theme active :
<INFO> Domain name not defined for localhost. Remote machines couldn't contact localhost. Fill the domain name through Configuration/Interface menu.
<INFO> Full name of localhost : iskandhar
<INFO> The DISPLAY above is without domain name. It's possible that remote machines could'nt open windows.
<INFO> Display applications to iskandhar:0.0
<INFO> Command ps used : ps
<INFO> Test connection from iskandhar to iskandhar...
<INFO> External command on iskandhar :
echo hello
<INFO> Process number : 5080
<INFO> ============================== STANDARD OUTPUT ==============================
hello
=============================================================================

<INFO>
============================== STANDARD ERROR ===============================

=============================================================================

<INFO> ... connection succeed
<INFO> Test connection from iskandhar to iskandhar...
<INFO> External command on iskandhar :
rsh -n -l alex iskandhar echo hello
<INFO> Process number : 5085
The authenticity of host 'iskandhar (127.0.1.1)' can't be established.
RSA key fingerprint is db:cc:c3:d5:f1:3e:8e:0f:72:b9:00:3b:7c:f5:e0:56.
Are you sure you want to continue connecting (yes/no)?
<INFO> ============================== STANDARD OUTPUT ==============================

=============================================================================

<INFO>
============================== STANDARD ERROR ===============================
Host key verification failed.
=============================================================================

<ERROR 025> Connection failed :@n-n@====== end of message ======
Check .rhosts file of alex on iskandhar, it should contain a such line :
iskandhar alex
<INFO> Check step completed : 1 error(s).
<INFO> Session ended : 11/11/2009 - 21:47:29
EXIT CODE : 1



But it works... my .rhosts is like this... :

alex@iskandhar:~$ cat ~/.rhosts
iskandhar alex
iskandhar localhost


My ssh_config is like this :

alex@iskandhar:~$ cat /etc/ssh/ssh_config

# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no


My sshd_config :

alex@iskandhar:~$ cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes
alex@iskandhar:~$

And finally, my /etc/gdm/gdm.conf :

.................................

# For full reference documentation see the gnome help browser under
# GNOME|System category. You can also find the docs in HTML form on
# http://www.gnome.org/projects/gdm/
#
# NOTE: Lines that begin with "#" are considered comments.
#
# Have fun!

[daemon]

[security]

DisallowTCP=false

[xdmcp]

[gui]

[greeter]







[chooser]

[debug]

# Note that to disable servers defined in the GDM System Defaults
# configuration file (such as 0=Standard, you must put a line in this file
# that says 0=inactive, as described in the Configuration section of the GDM
# documentation.
#
[servers]

# Also note, that if you redefine a [server-foo] section, then GDM will
# use the definition in this file, not the GDM System Defaults configuration
# file. It is currently not possible to disable a [server-foo] section
# defined in the GDM System Defaults configuration file.
#



When I install this in Debian, after installing it i run as user

$ssh-keygen -t rsa

do not enter any password.. just [enter],
$cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys

and then I edit /etc/gdm/gdm.conf to change [security] as above... or gdmsetup > security > uncheck [Deny TCP Connections to XServer]...

This is the sequence I use to enable ssh in a Debian machine...

In Debian... this works.... I mean... when i launch a calculation, the program opens an xterm window reporting the progress... and result files are created... trying to launch astk --check in Slackware under the current configuration, waits and waits and waits, to the poin that I have to click a dialog box to abort...


I tried to use in Slackware the same ssh_config and sshd_config files that I have in Debian, and using the same sequence to activate the ssh service... no avail... :-(

My ssh services are blocked to the exterior thru a firewall, no way to sniff packets... I only use it with this application...

The hostname of my debian machine is iskandhar, the one of my slackware machine is iskandhar.site

@rg3 : I am not at my Slaclexkware macine now... but I will check this as soon as I get back home...

Best Regards

Alex

Hi again...

In my Debian, if i ping iskandhar, the result is this...


alex@iskandhar:~$ ping iskandhar
PING iskandhar (127.0.1.1) 56(84) bytes of data.
64 bytes from iskandhar (127.0.1.1): icmp_seq=1 ttl=64 time=0.022 ms
64 bytes from iskandhar (127.0.1.1): icmp_seq=2 ttl=64 time=0.020 ms
64 bytes from iskandhar (127.0.1.1): icmp_seq=3 ttl=64 time=0.019 ms
64 bytes from iskandhar (127.0.1.1): icmp_seq=4 ttl=64 time=0.019 ms
64 bytes from iskandhar (127.0.1.1): icmp_seq=5 ttl=64 time=0.022 ms
64 bytes from iskandhar (127.0.1.1): icmp_seq=6 ttl=64 time=0.021 ms
64 bytes from iskandhar (127.0.1.1): icmp_seq=7 ttl=64 time=0.022 ms
64 bytes from iskandhar (127.0.1.1): icmp_seq=8 ttl=64 time=0.022 ms
^C
--- iskandhar ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 6996ms
rtt min/avg/max/mdev = 0.019/0.020/0.022/0.006 ms

The result of ping localhost is
alex@iskandhar:~$ ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.024 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.026 ms
64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.022 ms
64 bytes from localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.022 ms
64 bytes from localhost (127.0.0.1): icmp_seq=6 ttl=64 time=0.029 ms
^C
--- localhost ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4999ms
rtt min/avg/max/mdev = 0.022/0.025/0.030/0.006 ms

I will check the result of

ping iskandhar.site, and ping localhost in my Slackware box, as soon as I return home...


Regards

Alex

Hi Again

In my Slacware box, when i ping iskandhar, it is reachable... but it uses the IP i assigned to my ethernet in the installation

something like

PING iskandhar (127.0.1.1) 56(84) bytes of data.
64 bytes from iskandhar (192.168.1.100): icmp_seq=1 ttl=64 time=0.022 ms
64 bytes from iskandhar (192.168.1.100): icmp_seq=2 ttl=64 time=0.020 ms
64 bytes from iskandhar (192.168.1.100): icmp_seq=3 ttl=64 time=0.019 ms
64 bytes from iskandhar (192.168.1.100): icmp_seq=4 ttl=64 time=0.019 ms
64 bytes from iskandhar (192.168.1.100): icmp_seq=5 ttl=64 time=0.022 ms

Same results on ping iskandhar.site.......

Instead of using the loopback connection like it did in Debian

Can this be the problem....?


BRGDS

Alex

Thanks Stormtracknole, and rg3

The issue is solved, now the check routine of the application tests ssh connection and it works... :-D

I changed ssh_config, as well as sshd_config the way you told, and checked .rhosts as well as /etc/hosts.

Thanks a lot ppl,,,

Alex