ADSL, ssh & X (Was: ssh & X)

ADSL, ssh & X (Was: ssh & X)

Post by Dave K » Fri, 21 Dec 2001 20:32:55




Quote:>Or in default section (and 'ForwardX11 no' for hosts without X):
>Host *
>Compression yes
>ForwardX11 yes

Well, I tried it, with no luck.  It was not clear (anywhere I looked)
whether these config directives should reside in the local machine or
in the remote machine (I would appreciate clarification on this
point), so I put them in both.  In both machines, I have identical
files ~/.ssh/config, with contents:

# beginning of ~/.ssh/config
Host *
  Compression yes
  ForwardX11 yes
# end of ~/.ssh/config

Then I log on via ssh to the remote machine, and once I'm in, at the
remote machine's prompt I type:

 % echo $DISPLAY

 %

and get nothing back; i.e. the DISPLAY variable is not set.  Of
course, all X-based programs fail at this point, with a "can't open
display" error.

How can I troubleshoot this?

Could the X forwarding failure have anything to do with the fact that
I'm connecting to the remote machine via ADSL?  I use Verizon's ADSL
with Roaring Penguin's pppoe software.

Thanks,

Dave

 
 
 

ADSL, ssh & X (Was: ssh & X)

Post by MindLes » Fri, 21 Dec 2001 22:22:31




>>Or in default section (and 'ForwardX11 no' for hosts without X):

>>Host *
>>Compression yes
>>ForwardX11 yes

> Well, I tried it, with no luck.  It was not clear (anywhere I looked)
> whether these config directives should reside in the local machine or
> in the remote machine (I would appreciate clarification on this
> point), so I put them in both.  In both machines, I have identical
> files ~/.ssh/config, with contents:

> # beginning of ~/.ssh/config
> Host *
>   Compression yes
>   ForwardX11 yes
> # end of ~/.ssh/config

> Then I log on via ssh to the remote machine, and once I'm in, at the
> remote machine's prompt I type:

>  % echo $DISPLAY

>  %

> and get nothing back; i.e. the DISPLAY variable is not set.  Of
> course, all X-based programs fail at this point, with a "can't open
> display" error.

> How can I troubleshoot this?

> Could the X forwarding failure have anything to do with the fact that
> I'm connecting to the remote machine via ADSL?  I use Verizon's ADSL
> with Roaring Penguin's pppoe software.

> Thanks,

> Dave

I think you need "ForwardAgent yes" in the config also. Also check that
the remote side supports X11Forwarding in its sshd_config.

The Host * and other directives should be in the client connecting's
config.

You will also probably need xauth installed on the remote machine.

--
HKP: wwwkeys.pgp.net
KID: 3B8442FB

epl

 
 
 

ADSL, ssh & X (Was: ssh & X)

Post by Olivier Baudro » Sat, 22 Dec 2001 07:49:06



>> Host *
>> Compression yes
>> ForwardX11 yes

> Well, I tried it, with no luck.  It was not clear (anywhere I looked)
> whether these config directives should reside in the local machine or
> in the remote machine (I would appreciate clarification on this
> point), so I put them in both.

On the client side (i.e local machine), this is right.
On the server side, you must specify that X11Forwarding is enabled. So, in
/etc/ssh/sshd_config (remote machine) there should be:

        X11Forwarding yes
        X11DisplayOffset 10

See "man sshd" for further infos.
Then restart sshd on the remote machine.
From now on, when you connect to the server:
- your DISPLAY environment variable will be set to 10:0
- the server will start a "proxy" X11 server that forwards X11 connections
through the ssh tunnel to the local machine.

Olivier.

 
 
 

ADSL, ssh & X (Was: ssh & X)

Post by Dave K » Sat, 22 Dec 2001 08:38:00




>>> Host *
>>> Compression yes
>>> ForwardX11 yes

>> Well, I tried it, with no luck.  It was not clear (anywhere I looked)
>> whether these config directives should reside in the local machine or
>> in the remote machine (I would appreciate clarification on this
>> point), so I put them in both.
>On the client side (i.e local machine), this is right.
>On the server side, you must specify that X11Forwarding is enabled. So, in
>/etc/ssh/sshd_config (remote machine) there should be:
>    X11Forwarding yes
>    X11DisplayOffset 10

The problem seems to be deeper.  The remote machine has had the lines
above in sshd_config all along:

  % grep X11 /etc/sshd_config
  X11Forwarding yes
  X11DisplayOffset 10

OK, now my local .ssh/config file reads:

Host *
  Compression yes
  ForwardAgent yes
  ForwardX11 yes

For what it's worth:

  % which xauth
  /usr/bin/X11/xauth

Still, when I ssh to the remote host, the remote DISPLAY variable
remains unset.

Clearly either the sshd on the remote host or ssh in the local host is
failing to heed the X11-forwarding directives.  Is there any way to
determine which of these two possibilities is the case?

One possible reason for the failure to forward X11 is that the remote
machine is somehow not using the contents of /etc/sshd_config, and
instead getting its configuration info from somewhere else...  But I
have no clue on how to determine where sshd is getting its information
from.

Or there may be some other directive in sshd_config that somehow
invalidates the X11-forwading directives.

I use ipchains for security.  I used

  % tail -f /var/log/messages

to check for any denied/rejected packets during ssh logging (which may
be the reason for why forwarding is not working), but there were none.

Any other ideas?

Many thanks to you all for your help with this!

Dave K.

 
 
 

ADSL, ssh & X (Was: ssh & X)

Post by Olivier Baudro » Mon, 24 Dec 2001 02:49:16



> Still, when I ssh to the remote host, the remote DISPLAY variable
> remains unset.

> Clearly either the sshd on the remote host or ssh in the local host is
> failing to heed the X11-forwarding directives.  Is there any way to
> determine which of these two possibilities is the case?

Turn on debugging logs on the ssh daemon:
In /etc/ssh/sshd_config:

        # Logging
        SyslogFacility AUTH
        LogLevel DEBUG

Or whatever syslog facility you want....

Then, make sure that you log debug level messages on your system. In
/etc/syslog.conf you should have something like:

        # sshd debugging messages
        auth.*  /var/log/daemon

If you modified something, restart syslogd:
(I assume you have redhat-like init scripts)

        /etc/init.d/syslog restart

Then, restart sshd:

        /etc/init.d/sshd restart

Finally ssh to this host (use "ssh -v" to also have debugging infos on the
client side), and look at the logs on the server. It should tell you why X11
forwarding is not enabled.

Olivier.

 
 
 

1. ppp && PPPoE && ADSL && net && buffer(s)

Hello!
i have a freebsd box (4.8-RELEASE) and a italian ADSL (256/128 if i remember good) line.
sometimes my freebsd box (that i use as firewall in my little lan) became stalled.
no data arrive and with ping IP i get error about some buffers full.
in ppp.log i see a lot of:
Jun 24 22:45:39 firewall ppp[66]: tun0: Phase: Clearing choked output queue

i search with google on newsgroups but i don't find nothing that work :)

i put some info on the configuration, because i read a lot of question about this parameters :)

kernel config:
maxusers        64
options         NMBCLUSTERS=32768       #expand nic buffer

in ppp.conf:
add default HISADDR

netstat -m:
1/400/131072 mbufs in use (current/peak/max):
        1 mbufs allocated to data
0/182/32768 mbuf clusters in use (current/peak/max)
464 Kbytes allocated to network (0% of mb_map in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

netstat -t:
Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.100.1      UGSc       15  8181837   tun0
localhost          localhost          UH         11   116358    lo0
192.168.0          link#1             UC          3        0    rl0
firewall           00:10:a7:06:7b:50  UHLW        3    31603    lo0
stefano            00:06:4f:01:08:86  UHLW       12 15328918    rl0    900
192.168.0.255      ff:ff:ff:ff:ff:ff  UHLWb       0     2635    rl0
192.168.100.1      hostXXX-172.pool62 UH         19        0   tun0

i hope that someone can help me :)

Regards,
        Stefano

--
Stefano Balocco
RIPE handle:    6BONE-SB27
Keyserver:      http://keyserver.linux.it ID:     8EF05AB2
Fingerprint:    DF65 A9E5 E307 D647 9E41 1CD1 9265 BF7D 8EF0 5AB2

2. Trying to access 2nd Lun on SCSI disk array under Linux

3. SSH-1.x for HPUX 10.20 & SSH-2 for RedHat, Digital Unix PROBLEM, HELP please !

4. HELP! Kernel 2.0.0 won't boot my perfectly good linux partition when other kernels will!!

5. can ssh-agent work between ssh-2.3 and ssh-3.5

6. dns/files resolution

7. &&&&----Looking for a unix shell------&&&&&

8. conflicts on fresh install

9. PPP & SSH & VPN

10. stability of: ssh & /dev/urandom & ANDIrand package

11. telnet & ssh & ping

12. 没有人用中文吗?

13. cygwin & win2k & ssh