ssh i x11forwarding

lord_Niedzwiedz sir_Misiek w o2.pl
Pon, 15 Kwi 2013, 15:56:38 CEST


         A tak serio ;)

     Po stronie serwera:
-bash-4.2# grep -v "^#" /etc/ssh/sshd_config | grep .
Port 22
ListenAddress 172.20.80.44
Protocol 2
PermitRootLogin no
MaxAuthTries 1
MaxSessions 4
IgnoreRhosts yes
PasswordAuthentication yes
PermitEmptyPasswords no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AllowTcpForwarding no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
AcceptEnv LANG LC_* LANGUAGE TZ GIT_*
Subsystem    sftp    /usr/lib64/openssh/sftp-server
PrintMotd yes
Banner /etc/issue.net
AllowUSers grzegorz w 172.20.80.210/24

Po stronie klienta:
(chyba nie ma to znaczenia ;) )
[root w Misiek ~]# grep -v "^#" /etc/ssh/sshd_config | grep .
PermitRootLogin no
AuthorizedKeysFile    .ssh/authorized_keys
IgnoreRhosts yes
PasswordAuthentication yes
PermitEmptyPasswords no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AllowTcpForwarding no
UsePrivilegeSeparation sandbox        # Default for new installations.
AcceptEnv LANG LC_* LANGUAGE TZ GIT_*
Subsystem    sftp    /usr/lib64/openssh/sftp-server

Odpalam takie rzeczy jak KVM, czy VirtualBox.
Wszystko przechodzi bez pudła.

Pozdro
Grzegorz

On 15.04.2013 15:45, Paweł Lęcznar wrote:
> witam,
> czy obecnie działa komuś forwardowanie X'ów przez ssh? po stronie 
> serwera mam:
>
> [root w server ~]# grep -v "^#" /etc/ssh/sshd_config | grep .
> Port 22
> AddressFamily any
> PermitRootLogin no
> AuthorizedKeysFile      .ssh/authorized_keys
> IgnoreRhosts yes
> PasswordAuthentication yes
> PermitEmptyPasswords no
> GSSAPIAuthentication yes
> GSSAPICleanupCredentials yes
> UsePAM yes
> AllowTcpForwarding yes
> X11Forwarding yes
> X11DisplayOffset 10
> X11UseLocalhost yes
> UsePrivilegeSeparation sandbox          # Default for new installations.
> AcceptEnv LANG LC_* LANGUAGE TZ GIT_*
> Subsystem       sftp    /usr/lib/openssh/sftp-server
>
>
> po stronie klienta:
>
> [root w laptop ~]# grep -v "^#" /etc/ssh/ssh_config | grep .
> Host *
>         GSSAPIAuthentication yes
>         GSSAPIDelegateCredentials no
>         ForwardAgent no
>         ForwardX11 yes
>         ForwardX11Trusted yes
>         StrictHostKeyChecking no
>         ServerAliveInterval 60
>         ServerAliveCountMax 10
>         TCPKeepAlive no
>         SendEnv LANG LC_* LANGUAGE TZ GIT_*
>
>
> próba logowania wygląda tak (bez fragmentów nieskojarzonych z 
> forwardem x11):
> [user w laptop ~]# ssh 172.16.0.1 -l user -X -vvv
> ...
> debug2: x11_get_proto: /usr/bin/xauth  list :0 2>/dev/null
> debug1: Requesting X11 forwarding with authentication spoofing.
> debug2: channel 0: request x11-req confirm 1
> ...
> debug2: X11 forwarding request accepted on channel 0
> ...
>
> [user w server ~]$ echo $DISPLAY
> localhost:10.0
>
> [user w server ~]$ iceweasel
> debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
> debug1: client_request_x11: request from 127.0.0.1 41516
> debug2: fd 7 setting O_NONBLOCK
> debug3: fd 7 is O_NONBLOCK
> debug1: channel 1: new [x11]
> debug1: confirm x11
> debug1: client_input_channel_open: ctype x11 rchan 4 win 65536 max 16384
> debug1: client_request_x11: request from 127.0.0.1 41517
> debug2: fd 8 setting O_NONBLOCK
> debug3: fd 8 is O_NONBLOCK
> debug1: channel 2: new [x11]
> debug1: confirm x11
> [ i tutaj sobie wisi - nic się nie dzieje... ]
>
> na serwerze i kliencie wszystkie pakiety mam aktualne, gdzie szukać 
> problemu?
> _______________________________________________
> pld-users-pl mailing list
> pld-users-pl w lists.pld-linux.org
> http://lists.pld-linux.org/mailman/listinfo/pld-users-pl
>

-- 
Pozdro
lord_Niedzwiedz



Więcej informacji o liście pld-users-pl