ssh i x11forwarding
Paweł Lęcznar
maillistpld w gmail.com
Pon, 15 Kwi 2013, 21:35:49 CEST
On 15.04.2013 16:00, Grzesiek wrote:
> W dniu 15.04.2013 15:56, lord_Niedzwiedz pisze:
>> A tak serio ;)
>>
>> Po stronie serwera:
>> -bash-4.2# grep -v "^#" /etc/ssh/sshd_config | grep .
>> Port 22
>> ListenAddress 172.20.80.44
>> Protocol 2
>> PermitRootLogin no
>> MaxAuthTries 1
>> MaxSessions 4
>> IgnoreRhosts yes
>> PasswordAuthentication yes
>> PermitEmptyPasswords no
>> GSSAPIAuthentication yes
>> GSSAPICleanupCredentials yes
>> UsePAM yes
>> AllowTcpForwarding no
>> X11Forwarding yes
>> X11DisplayOffset 10
>> X11UseLocalhost yes
>> AcceptEnv LANG LC_* LANGUAGE TZ GIT_*
>> Subsystem sftp /usr/lib64/openssh/sftp-server
>> PrintMotd yes
>> Banner /etc/issue.net
>> AllowUSers grzegorz w 172.20.80.210/24
>>
>> Po stronie klienta:
>> (chyba nie ma to znaczenia ;) )
>> [root w Misiek ~]# grep -v "^#" /etc/ssh/sshd_config | grep .
>> PermitRootLogin no
>> AuthorizedKeysFile .ssh/authorized_keys
>> IgnoreRhosts yes
>> PasswordAuthentication yes
>> PermitEmptyPasswords no
>> GSSAPIAuthentication yes
>> GSSAPICleanupCredentials yes
>> UsePAM yes
>> AllowTcpForwarding no
>> UsePrivilegeSeparation sandbox # Default for new installations.
>> AcceptEnv LANG LC_* LANGUAGE TZ GIT_*
>> Subsystem sftp /usr/lib64/openssh/sftp-server
>>
>> Odpalam takie rzeczy jak KVM, czy VirtualBox.
>> Wszystko przechodzi bez pudła.
>>
>> Pozdro
>> Grzegorz
>>
>> On 15.04.2013 15:45, Paweł Lęcznar wrote:
>>> witam,
>>> czy obecnie działa komuś forwardowanie X'ów przez ssh? po stronie
>>> serwera mam:
>>>
>>> [root w server ~]# grep -v "^#" /etc/ssh/sshd_config | grep .
>>> Port 22
>>> AddressFamily any
>>> PermitRootLogin no
>>> AuthorizedKeysFile .ssh/authorized_keys
>>> IgnoreRhosts yes
>>> PasswordAuthentication yes
>>> PermitEmptyPasswords no
>>> GSSAPIAuthentication yes
>>> GSSAPICleanupCredentials yes
>>> UsePAM yes
>>> AllowTcpForwarding yes
>>> X11Forwarding yes
>>> X11DisplayOffset 10
>>> X11UseLocalhost yes
>>> UsePrivilegeSeparation sandbox # Default for new
>>> installations.
>>> AcceptEnv LANG LC_* LANGUAGE TZ GIT_*
>>> Subsystem sftp /usr/lib/openssh/sftp-server
>>>
>>>
>>> po stronie klienta:
>>>
>>> [root w laptop ~]# grep -v "^#" /etc/ssh/ssh_config | grep .
>>> Host *
>>> GSSAPIAuthentication yes
>>> GSSAPIDelegateCredentials no
>>> ForwardAgent no
>>> ForwardX11 yes
>>> ForwardX11Trusted yes
>>> StrictHostKeyChecking no
>>> ServerAliveInterval 60
>>> ServerAliveCountMax 10
>>> TCPKeepAlive no
>>> SendEnv LANG LC_* LANGUAGE TZ GIT_*
>>>
>>>
>>> próba logowania wygląda tak (bez fragmentów nieskojarzonych z
>>> forwardem x11):
>>> [user w laptop ~]# ssh 172.16.0.1 -l user -X -vvv
>>> ...
>>> debug2: x11_get_proto: /usr/bin/xauth list :0 2>/dev/null
>>> debug1: Requesting X11 forwarding with authentication spoofing.
>>> debug2: channel 0: request x11-req confirm 1
>>> ...
>>> debug2: X11 forwarding request accepted on channel 0
>>> ...
>>>
>>> [user w server ~]$ echo $DISPLAY
>>> localhost:10.0
>>>
>>> [user w server ~]$ iceweasel
>>> debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max
>>> 16384
>>> debug1: client_request_x11: request from 127.0.0.1 41516
>>> debug2: fd 7 setting O_NONBLOCK
>>> debug3: fd 7 is O_NONBLOCK
>>> debug1: channel 1: new [x11]
>>> debug1: confirm x11
>>> debug1: client_input_channel_open: ctype x11 rchan 4 win 65536 max
>>> 16384
>>> debug1: client_request_x11: request from 127.0.0.1 41517
>>> debug2: fd 8 setting O_NONBLOCK
>>> debug3: fd 8 is O_NONBLOCK
>>> debug1: channel 2: new [x11]
>>> debug1: confirm x11
>>> [ i tutaj sobie wisi - nic się nie dzieje... ]
>>>
>>> na serwerze i kliencie wszystkie pakiety mam aktualne, gdzie szukać
>>> problemu?
>
> Masz zainstalowane xorg-app-xauth ?
na configu wklejonym przez lord_Niedzwiedz'a nie działa to u mnie, efekt
jest taki sam jak napisałem wcześniej, xauth jest zainstalowane, dodam
że oba systemy (serwer, klient) są świeżo po instalacji... jakieś pomysły?
Więcej informacji o liście pld-users-pl