Re: [Vserver] cannot x11 forward with suggested settings

From: Konstantinos Pachopoulos <kostaspaxos_at_yahoo.gr>
Date: Mon 18 Sep 2006 - 21:44:24 BST
Message-ID: <20060918204424.2772.qmail@web25508.mail.ukl.yahoo.com>

--- Herbert Poetzl <herbert@13thfloor.at> wrote:

> On Sun, Sep 17, 2006 at 09:39:51PM +0100,
> Konstantinos Pachopoulos wrote:
> > Hi,
> > i cannot ssh forward, through my "ipcop" guest
> > (10.0.0.6/24). In the host system i have made it
> > "visible" via "ip addr add 10.0.0.6/24 broadcast +
> dev
> > eth0".
> >
> > Here's what i get when i try to run firestarter or
> > nedit or xterm for example:
> >
> > --------------------
> > ipcop:~# firestarter
> > X11 connection rejected because of wrong
> > authentication.
> > The application 'firestarter' lost its connection
> to
> > the display localhost:10.0;
> > most likely the X server was shut down or you
> > killed/destroyed
> > the application.
> > ipcop:~# nedit
> > X11 connection rejected because of wrong
> > authentication.
> > X connection to localhost:10.0 broken (explicit
> kill
> > or server shutdown).
> > --------------------
> >
> > Here's the /etc/ssh/sshd_config of the "ipcop"
> server:
> > --------------------
> > # Package generated configuration file
> > # See the sshd(8) manpage for details
> >
> > # What ports, IPs and protocols we listen for
> > Port 22
> > # Use these options to restrict which
> > interfaces/protocols sshd will bind to
> > #ListenAddress ::
> > #ListenAddress 0.0.0.0
> > Protocol 2
> > # HostKeys for protocol version 2
> > HostKey /etc/ssh/ssh_host_rsa_key
> > HostKey /etc/ssh/ssh_host_dsa_key
> > #Privilege Separation is turned on for security
> > UsePrivilegeSeparation yes
> >
> > # Lifetime and size of ephemeral version 1 server
> key
> > KeyRegenerationInterval 3600
> > ServerKeyBits 768
> >
> > # Logging
> > SyslogFacility AUTH
> > LogLevel INFO
> >
> > # Authentication:
> > LoginGraceTime 600
> > PermitRootLogin yes
> > StrictModes yes
> >
> > RSAAuthentication yes
> > PubkeyAuthentication yes
> > #AuthorizedKeysFile %h/.ssh/authorized_keys
> >
> > # Don't read the user's ~/.rhosts and ~/.shosts
> files
> > IgnoreRhosts yes
> > # For this to work you will also need host keys in
> > /etc/ssh_known_hosts
> > RhostsRSAAuthentication no
> > # similar for protocol version 2
> > HostbasedAuthentication no
> > # Uncomment if you don't trust ~/.ssh/known_hosts
> for
> > RhostsRSAAuthentication
> > #IgnoreUserKnownHosts yes
> >
> > # To enable empty passwords, change to yes (NOT
> > RECOMMENDED)
> > PermitEmptyPasswords no
> >
> > # Change to no to disable s/key passwords
> > #ChallengeResponseAuthentication yes
> >
> > # Change to yes to enable tunnelled clear text
> > passwords
> > PasswordAuthentication no
> >
> > # To change Kerberos options
> > #KerberosAuthentication no
> > #KerberosOrLocalPasswd yes
> > #AFSTokenPassing no
> > #KerberosTicketCleanup no
> >
> > # Kerberos TGT Passing does only work with the AFS
> > kaserver
> > #KerberosTgtPassing yes
> >
> > X11Forwarding yes
> > X11DisplayOffset 10
> > PrintMotd no
> > PrintLastLog yes
> > KeepAlive yes
> > #UseLogin no
> >
> > #MaxStartups 10:30:60
> > #Banner /etc/issue.net
> >
> > Subsystem sftp /usr/lib/sftp-server
> >
> > UsePAM yes
> > X11UseLocalhost no #tried with as suggested and
> > without
> > --------------------
> >
> > Any ideas? I have been searching for a couple
> days,
> > but found nothing. Is this a routing, firewall
> issue
> > maybe? I do not know a lot about networking. I
> hope i
> > will learn through VServer :)
>
> check if $DISPLAY is set and what it contains,
> also double check that your guest has mk/xauth
> installed and the ssh client is not called with
> -x (maybe explicitely specify -X for a test)
>
> check the ssh logon with the -v option to ssh,
>
> HTH,
> Herbert
>
> > Thanks
> >
Hi,
i cannot find mkxauth command in a Debian Etch amd64
package. Is it the same with "xauth generate"? Anyway,
xauth (of xbase-clients) is installed- in general i
have the same package configuration both in the guest
and the host, but the host X-forwards OK.

Here are some outputs:
-----------------------------
fire-deb:~# echo $DISPLAY
localhost:10.0
-----------------------------
kostas@vakhos:~$ ssh -vX root@10.0.0.8
OpenSSH_4.3p2 Debian-3, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.0.0.8 [10.0.0.8] port 22.
debug1: Connection established.
debug1: identity file /home/kostas/.ssh/identity type
-1
debug1: identity file /home/kostas/.ssh/id_rsa type -1
debug1: identity file /home/kostas/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software
version OpenSSH_4.3p2 Debian-3
debug1: match: OpenSSH_4.3p2 Debian-3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2
Debian-3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.0.0.8' is known and matches the RSA
host key.
debug1: Found key in /home/kostas/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/kostas/.ssh/identity
debug1: Trying private key: /home/kostas/.ssh/id_rsa
debug1: Trying private key: /home/kostas/.ssh/id_dsa
debug1: Next authentication method: password
root@10.0.0.8's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication
spoofing.
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Mon Sep 18 22:46:32 2006 from 10.0.0.1
fire-deb:~# xterm
_X11TransSocketINETConnect() can't get address for
localhost:6010: Name or service not known
Warning: This program is an suid-root program or is
being run by the root user.
The full text of the error or warning message cannot
be safely formatted
in this environment. You may get a more descriptive
message by running the
program as a non-root user or by removing the suid bit
on the executable.
xterm Xt error: Can't open display: %s
fire-deb:~#
--------------------------------
kostas@vakhos:~$ ssh -vY root@10.0.0.8
OpenSSH_4.3p2 Debian-3, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.0.0.8 [10.0.0.8] port 22.
debug1: Connection established.
debug1: identity file /home/kostas/.ssh/identity type
-1
debug1: identity file /home/kostas/.ssh/id_rsa type -1
debug1: identity file /home/kostas/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software
version OpenSSH_4.3p2 Debian-3
debug1: match: OpenSSH_4.3p2 Debian-3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2
Debian-3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.0.0.8' is known and matches the RSA
host key.
debug1: Found key in /home/kostas/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/kostas/.ssh/identity
debug1: Trying private key: /home/kostas/.ssh/id_rsa
debug1: Trying private key: /home/kostas/.ssh/id_dsa
debug1: Next authentication method: password
root@10.0.0.8's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication
spoofing.
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Mon Sep 18 22:56:55 2006 from 10.0.0.1
fire-deb:~# xterm
_X11TransSocketINETConnect() can't get address for
localhost:6010: Name or service not known
Warning: This program is an suid-root program or is
being run by the root user.
The full text of the error or warning message cannot
be safely formatted
in this environment. You may get a more descriptive
message by running the
program as a non-root user or by removing the suid bit
on the executable.
xterm Xt error: Can't open display: %s
fire-deb:~#
---------------------------------

Thanks,
Kostas

        
        
                
___________________________________________________________

All new Yahoo! Mail "The new Interface is stunning in
its simplicity and ease of use." - PC Magazine
http://uk.docs.yahoo.com/nowyoucan.html

        
        
                
___________________________________________________________
All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine
http://uk.docs.yahoo.com/nowyoucan.html
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Mon Sep 18 21:45:29 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 18 Sep 2006 - 21:45:36 BST by hypermail 2.1.8