SSH and X Forwarding

SSH and X Forwarding

Post by Crist J. Clar » Tue, 26 Oct 1999 04:00:00



I had a look at the Deja archive, but I didn't seem to pick up what I
might be doing wrong. I built SSH 1.2.27 on my RedHat system and all
seems well except for X forwarding.

If I connect to this box with the '-v' option, I see,

% ssh -v 192.168.0.1
SSH Version 1.2.27 [i386--freebsd3.2], protocol version 1.5.
Compiled with RSAREF.
client.mydomain.com: Reading configuration data /usr/home/cjc/.ssh/config
client.mydomain.com: Reading configuration data /usr/local/etc/ssh_config
client.mydomain.com: ssh_connect: getuid 1001 geteuid 1001 anon 1
client.mydomain.com: Connecting to 192.168.0.1 port 22.
client.mydomain.com: Connection established.
client.mydomain.com: Remote protocol version 1.5, remote software version 1.2.27
client.mydomain.com: Waiting for server public key.
client.mydomain.com: Received server public key (768 bits) and host key (1024 bits).
client.mydomain.com: Host '192.168.0.1' is known and matches the host key.
client.mydomain.com: Initializing random; seed file /usr/home/cjc/.ssh/random_seed
client.mydomain.com: Encryption type: idea
client.mydomain.com: Sent encrypted session key.
client.mydomain.com: Installing crc compensation attack detector.
client.mydomain.com: Received encrypted confirmation.
client.mydomain.com: Remote: Server does not permit empty password login.
client.mydomain.com: Connection to authentication agent opened.

client.mydomain.com: Received RSA challenge from server.
client.mydomain.com: Sending response to RSA challenge.
client.mydomain.com: Remote: RSA authentication accepted.
client.mydomain.com: RSA authentication accepted by server.
client.mydomain.com: Requesting pty.
client.mydomain.com: Failed to get local xauth data.
client.mydomain.com: Requesting X11 forwarding with authentication spoofing.
client.mydomain.com: Requesting authentication agent forwarding.
client.mydomain.com: Requesting shell.
client.mydomain.com: Entering interactive session.
Last login: Sun Oct 24 23:21:24 1999 from 192.168.0.204

And that all looks OK... at least that is exactly how the output looks
when I connect to a machine where the X forwarding works.

If I try to start an xterm, the session just kind of hangs. I can look
at 'ps' output and yes, there is an xterm running... but where it is
living I don't know (the DISPLAY variable is being set to
'192.168.0.1:10.0', BTW). It never shows up and a tcpdump reveals that
no efforts are going on to bring it to life on my machine.

This machine is a firewall, but on this internal interface, there
should be no issues (and SSH is allowed in and out anyway). SSH works
fine among my other clients and servers[0], and I don't know what is
different about this machine, other than being the only RH Linux
one. Old DejaNews message talked about hosts.allow, but the sshd
daemon runs independently, I don't see how it would be effected.

Any ideas on what might be going on here? Thanks.

[0] I had a FreeBSD 3.x machine who didn't like to allow X
    forwarding. However, processes were never spawned, I would get
    timeouts. It disappeared last OS upgrade, never really understood
    what was wrong. It works fine now.
--

 
 
 

SSH and X Forwarding

Post by Crist J. Clar » Tue, 26 Oct 1999 04:00:00



> I had a look at the Deja archive, but I didn't seem to pick up what I
> might be doing wrong. I built SSH 1.2.27 on my RedHat system and all
> seems well except for X forwarding.

> If I connect to this box with the '-v' option, I see,

> % ssh -v 192.168.0.1
> SSH Version 1.2.27 [i386--freebsd3.2], protocol version 1.5.
> Compiled with RSAREF.
> client.mydomain.com: Reading configuration data /usr/home/cjc/.ssh/config
> client.mydomain.com: Reading configuration data /usr/local/etc/ssh_config
> client.mydomain.com: ssh_connect: getuid 1001 geteuid 1001 anon 1
> client.mydomain.com: Connecting to 192.168.0.1 port 22.
> client.mydomain.com: Connection established.
> client.mydomain.com: Remote protocol version 1.5, remote software version 1.2.27
> client.mydomain.com: Waiting for server public key.
> client.mydomain.com: Received server public key (768 bits) and host key (1024 bits).
> client.mydomain.com: Host '192.168.0.1' is known and matches the host key.
> client.mydomain.com: Initializing random; seed file /usr/home/cjc/.ssh/random_seed
> client.mydomain.com: Encryption type: idea
> client.mydomain.com: Sent encrypted session key.
> client.mydomain.com: Installing crc compensation attack detector.
> client.mydomain.com: Received encrypted confirmation.
> client.mydomain.com: Remote: Server does not permit empty password login.
> client.mydomain.com: Connection to authentication agent opened.

> client.mydomain.com: Received RSA challenge from server.
> client.mydomain.com: Sending response to RSA challenge.
> client.mydomain.com: Remote: RSA authentication accepted.
> client.mydomain.com: RSA authentication accepted by server.
> client.mydomain.com: Requesting pty.
> client.mydomain.com: Failed to get local xauth data.
> client.mydomain.com: Requesting X11 forwarding with authentication spoofing.
> client.mydomain.com: Requesting authentication agent forwarding.
> client.mydomain.com: Requesting shell.
> client.mydomain.com: Entering interactive session.
> Last login: Sun Oct 24 23:21:24 1999 from 192.168.0.204

> And that all looks OK... at least that is exactly how the output looks
> when I connect to a machine where the X forwarding works.

> If I try to start an xterm, the session just kind of hangs. I can look
> at 'ps' output and yes, there is an xterm running... but where it is
> living I don't know (the DISPLAY variable is being set to
> '192.168.0.1:10.0', BTW). It never shows up and a tcpdump reveals that
> no efforts are going on to bring it to life on my machine.

> This machine is a firewall, but on this internal interface, there
> should be no issues (and SSH is allowed in and out anyway). SSH works
> fine among my other clients and servers[0], and I don't know what is
> different about this machine, other than being the only RH Linux
> one. Old DejaNews message talked about hosts.allow, but the sshd
> daemon runs independently, I don't see how it would be effected.

> Any ideas on what might be going on here? Thanks.

> [0] I had a FreeBSD 3.x machine who didn't like to allow X
>     forwarding. However, processes were never spawned, I would get
>     timeouts. It disappeared last OS upgrade, never really understood
>     what was wrong. It works fine now.

I know, I know, following up my own post is bad form. I'm loathe to do
it, but I have some new info.

I was mistaken about things "just kind of*." I backgrounded a
'xhosts' command and forgot about. Quite a while later, I got the
following,

_X11TransSocketINETConnect: Can't connect: errno = 110
xhost:  unable to open display "gw.mydomain.com:10.0"

Where gw.mydomain.com is the name of the SSH server giving me the
problems. Anyone have any ideas how to fix this?
--