SSH in Slackware
Hi Forum
How does one configure ssh in slackware so that a program installed in my machine can open xterm windows under a user login ? Thing is... I am using no DE... I run this program over a WM, FluxBox, in its execution, this program tries to open an ssh connection ... rsh -n -l root iskandhar.site echo hello It waits endlessly, and I have to manually abort... shell pops this out... : rsh: iskandhar.site : Name or service not known I have enebled x11 forwarding and TCP in sshd_config and ssh_config... my .rhosts is iskandhar.site alex iskandhar.site root iskandhar.site localhost I do not know much about ssh configuration, and I used the defaults of lackware files ssh_config and sshd_config... In Debian one only has to change gdm_config, running under Gnome DE... Can I run this app without a DE...? ... meaning are all ssh services enabled at runlevel 3... ? I go directly to WM with startx... Is this a problem...? BRGDS Alex |
You will need to do the following as root first on the server or computer where your X applications originate:
Server: As root, edit /etc/ssh/sshd_config, and make the following changes on that file by commenting out these lines: Code:
AllowTcpForwarding yes Code:
/etc/rc.d/rc.sshd restart Code:
vi /etc/ssh/ssh_config Code:
ForwardAgent yes Now, when you ssh to your sever, do it with the following argument: Code:
ssh -Y servername Hope this helps! |
rsh is not ssh.
Edit: if rsh is run from your system, the problem appears to be that your machine cannot resolve the name "iskandhar.site". This apparently has nothing to do with X11 forwarding. |
Hi StormTracknole, rg3
Thks for yr help... :-) Quote:
How can I enable the rsh... ? BRGDS Alex |
Any reason why you want to use rsh instead of ssh? rsh is not encrypted and it's very easy to sniff it's packets.
|
Judging from this line:
Code:
rsh: iskandhar.site : Name or service not known There's a line in /etc/inetd.conf that enables rsh. It's an insecure system, though. You'd better prevent people from the outside to reach you via rsh, using tcp wrappers (man hosts_access). in.rshd ships in the netkit-rsh package. |
Hi @stormtracknole,@rg3
Quote:
http://www.code-aster.org/V2/spip.php?rubrique2 In Debian ( the Distro I am using now in my Lappy ) I usually install this running a Python script... it places all stuff in a folder /opt/aster... In order to run it, I must first source an environment file, /opt/aster/aster_profile.sh, and add /opt/aster/outils to PATH... This allows me to call the Interface of the program, astk, an application in tcl/tk from command line, having all the environment ready... There is a test mode... astk --check which allows me to test the ssh connectivity in the machine... right now, under my Debian Lenny, the result is this... : <INFO> Color theme active : <INFO> Domain name not defined for localhost. Remote machines couldn't contact localhost. Fill the domain name through Configuration/Interface menu. <INFO> Full name of localhost : iskandhar <INFO> The DISPLAY above is without domain name. It's possible that remote machines could'nt open windows. <INFO> Display applications to iskandhar:0.0 <INFO> Command ps used : ps <INFO> Test connection from iskandhar to iskandhar... <INFO> External command on iskandhar : echo hello <INFO> Process number : 5080 <INFO> ============================== STANDARD OUTPUT ============================== hello ============================================================================= <INFO> ============================== STANDARD ERROR =============================== ============================================================================= <INFO> ... connection succeed <INFO> Test connection from iskandhar to iskandhar... <INFO> External command on iskandhar : rsh -n -l alex iskandhar echo hello <INFO> Process number : 5085 The authenticity of host 'iskandhar (127.0.1.1)' can't be established. RSA key fingerprint is db:cc:c3:d5:f1:3e:8e:0f:72:b9:00:3b:7c:f5:e0:56. Are you sure you want to continue connecting (yes/no)? <INFO> ============================== STANDARD OUTPUT ============================== ============================================================================= <INFO> ============================== STANDARD ERROR =============================== Host key verification failed. ============================================================================= <ERROR 025> Connection failed :@n-n@====== end of message ====== Check .rhosts file of alex on iskandhar, it should contain a such line : iskandhar alex <INFO> Check step completed : 1 error(s). <INFO> Session ended : 11/11/2009 - 21:47:29 EXIT CODE : 1 But it works... my .rhosts is like this... : alex@iskandhar:~$ cat ~/.rhosts iskandhar alex iskandhar localhost My ssh_config is like this : alex@iskandhar:~$ cat /etc/ssh/ssh_config # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. Host * # ForwardAgent no # ForwardX11 no # ForwardX11Trusted yes # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # GSSAPIKeyExchange no # GSSAPITrustDNS no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no SendEnv LANG LC_* HashKnownHosts yes GSSAPIAuthentication yes GSSAPIDelegateCredentials no My sshd_config : alex@iskandhar:~$ cat /etc/ssh/sshd_config # Package generated configuration file # See the sshd(8) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes alex@iskandhar:~$ And finally, my /etc/gdm/gdm.conf : ................................. # For full reference documentation see the gnome help browser under # GNOME|System category. You can also find the docs in HTML form on # http://www.gnome.org/projects/gdm/ # # NOTE: Lines that begin with "#" are considered comments. # # Have fun! [daemon] [security] DisallowTCP=false [xdmcp] [gui] [greeter] [chooser] [debug] # Note that to disable servers defined in the GDM System Defaults # configuration file (such as 0=Standard, you must put a line in this file # that says 0=inactive, as described in the Configuration section of the GDM # documentation. # [servers] # Also note, that if you redefine a [server-foo] section, then GDM will # use the definition in this file, not the GDM System Defaults configuration # file. It is currently not possible to disable a [server-foo] section # defined in the GDM System Defaults configuration file. # When I install this in Debian, after installing it i run as user $ssh-keygen -t rsa do not enter any password.. just [enter], $cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys and then I edit /etc/gdm/gdm.conf to change [security] as above... or gdmsetup > security > uncheck [Deny TCP Connections to XServer]... This is the sequence I use to enable ssh in a Debian machine... In Debian... this works.... I mean... when i launch a calculation, the program opens an xterm window reporting the progress... and result files are created... trying to launch astk --check in Slackware under the current configuration, waits and waits and waits, to the poin that I have to click a dialog box to abort... I tried to use in Slackware the same ssh_config and sshd_config files that I have in Debian, and using the same sequence to activate the ssh service... no avail... :-( My ssh services are blocked to the exterior thru a firewall, no way to sniff packets... I only use it with this application... The hostname of my debian machine is iskandhar, the one of my slackware machine is iskandhar.site @rg3 : I am not at my Slaclexkware macine now... but I will check this as soon as I get back home... Best Regards Alex |
Hi again...
In my Debian, if i ping iskandhar, the result is this... alex@iskandhar:~$ ping iskandhar PING iskandhar (127.0.1.1) 56(84) bytes of data. 64 bytes from iskandhar (127.0.1.1): icmp_seq=1 ttl=64 time=0.022 ms 64 bytes from iskandhar (127.0.1.1): icmp_seq=2 ttl=64 time=0.020 ms 64 bytes from iskandhar (127.0.1.1): icmp_seq=3 ttl=64 time=0.019 ms 64 bytes from iskandhar (127.0.1.1): icmp_seq=4 ttl=64 time=0.019 ms 64 bytes from iskandhar (127.0.1.1): icmp_seq=5 ttl=64 time=0.022 ms 64 bytes from iskandhar (127.0.1.1): icmp_seq=6 ttl=64 time=0.021 ms 64 bytes from iskandhar (127.0.1.1): icmp_seq=7 ttl=64 time=0.022 ms 64 bytes from iskandhar (127.0.1.1): icmp_seq=8 ttl=64 time=0.022 ms ^C --- iskandhar ping statistics --- 8 packets transmitted, 8 received, 0% packet loss, time 6996ms rtt min/avg/max/mdev = 0.019/0.020/0.022/0.006 ms The result of ping localhost is alex@iskandhar:~$ ping localhost PING localhost (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.030 ms 64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.024 ms 64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.026 ms 64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.022 ms 64 bytes from localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.022 ms 64 bytes from localhost (127.0.0.1): icmp_seq=6 ttl=64 time=0.029 ms ^C --- localhost ping statistics --- 6 packets transmitted, 6 received, 0% packet loss, time 4999ms rtt min/avg/max/mdev = 0.022/0.025/0.030/0.006 ms I will check the result of ping iskandhar.site, and ping localhost in my Slackware box, as soon as I return home... Regards Alex |
Hi Again
In my Slacware box, when i ping iskandhar, it is reachable... but it uses the IP i assigned to my ethernet in the installation something like PING iskandhar (127.0.1.1) 56(84) bytes of data. 64 bytes from iskandhar (192.168.1.100): icmp_seq=1 ttl=64 time=0.022 ms 64 bytes from iskandhar (192.168.1.100): icmp_seq=2 ttl=64 time=0.020 ms 64 bytes from iskandhar (192.168.1.100): icmp_seq=3 ttl=64 time=0.019 ms 64 bytes from iskandhar (192.168.1.100): icmp_seq=4 ttl=64 time=0.019 ms 64 bytes from iskandhar (192.168.1.100): icmp_seq=5 ttl=64 time=0.022 ms Same results on ping iskandhar.site....... Instead of using the loopback connection like it did in Debian Can this be the problem....? BRGDS Alex |
Thanks Stormtracknole, and rg3
The issue is solved, now the check routine of the application tests ssh connection and it works... :-D I changed ssh_config, as well as sshd_config the way you told, and checked .rhosts as well as /etc/hosts. Thanks a lot ppl,,, Alex |
All times are GMT -5. The time now is 04:53 PM. |