Hi all,
I have C6 i386 with cr repo enabled;
problem is, I can't get x-forwarding to work, xorg-x11-auth rpm is installed, have checked sshd config for
#X11Forwarding no X11Forwarding yes #X11DisplayOffset 10
Here is a verbose ssh logon, I can't see any difference to a working server:
debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Entering interactive session. debug2: callback start debug2: x11_get_proto: /usr/bin/xauth list unix:10.0 2>/dev/null debug1: Requesting X11 forwarding with authentication spoofing. debug2: channel 0: request x11-req confirm 0 debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 0
and netstat does not show the open ports in the 60xx range:
# netstat -antp|grep 60 tcp 0 0 192.168.200.31:22 192.168.200.30:58604 VERBUNDEN 2537/sshd: xxx [
Display var is not set...:
[root@tr-centos ~]# env|grep -i DISPLAY [root@tr-centos ~]#
Any obvious mistake?
Thx Rainer
Hi,
I have a working configuration with CentOS 6. Can you try to set next lines in /etc/ssh/sshd_config and restart SSH server please?
#X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 X11UseLocalhost yes
In fact I do not have xorg-x11-auth rpm installed:
[root@Carmen ~]# rpm -qa|grep -i xorg-x11-auth [root@Carmen ~]#
and it works...
Give it a try and let us know. Regards,
El 26/10/11 11:56, Rainer Traut escribió:
Hi all,
I have C6 i386 with cr repo enabled;
problem is, I can't get x-forwarding to work, xorg-x11-auth rpm is installed, have checked sshd config for
#X11Forwarding no X11Forwarding yes #X11DisplayOffset 10
Here is a verbose ssh logon, I can't see any difference to a working server:
debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Entering interactive session. debug2: callback start debug2: x11_get_proto: /usr/bin/xauth list unix:10.0 2>/dev/null debug1: Requesting X11 forwarding with authentication spoofing. debug2: channel 0: request x11-req confirm 0 debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 0
and netstat does not show the open ports in the 60xx range:
# netstat -antp|grep 60 tcp 0 0 192.168.200.31:22 192.168.200.30:58604 VERBUNDEN 2537/sshd: xxx [
Display var is not set...:
[root@tr-centos ~]# env|grep -i DISPLAY [root@tr-centos ~]#
Any obvious mistake?
Thx Rainer _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Wed, 26 Oct 2011, Lorenzo Martínez Rodríguez wrote:
Hi,
I have a working configuration with CentOS 6. Can you try to set next lines in /etc/ssh/sshd_config and restart SSH server please?
#X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 X11UseLocalhost yes
In fact I do not have xorg-x11-auth rpm installed:
[root@Carmen ~]# rpm -qa|grep -i xorg-x11-auth [root@Carmen ~]#
and it works...
He meant xorg-x11-xauth and I'm 99% certain you *need* that installed on the target machine for ssh forwarding to work.
jh
Am 26.10.2011 15:18, schrieb John Hodrien:
On Wed, 26 Oct 2011, Lorenzo Martínez Rodríguez wrote:
Hi,
I have a working configuration with CentOS 6. Can you try to set next lines in /etc/ssh/sshd_config and restart SSH server please?
#X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 X11UseLocalhost yes
In fact I do not have xorg-x11-auth rpm installed:
[root@Carmen ~]# rpm -qa|grep -i xorg-x11-auth [root@Carmen ~]#
and it works...
He meant xorg-x11-xauth and I'm 99% certain you *need* that installed on the target machine for ssh forwarding to work.
Yes, you need this rpm on the target machine.
Ok, solved. I set debugging of sshd up and see this message: error: Failed to allocate internet-domain X11 display socket.
Google shows this: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/136947
And I have this in systl.conf:
# Disable ipv6 net.ipv6.conf.all.disable_ipv6 = 1
I added AddressFamily inet to sshd_config and now it works.
Thx guys, Rainer
On Wed, 26 Oct 2011, John Hodrien wrote:
On Wed, 26 Oct 2011, Lorenzo Martínez Rodríguez wrote:
Hi,
I have a working configuration with CentOS 6. Can you try to set next lines in /etc/ssh/sshd_config and restart SSH server please?
#X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 X11UseLocalhost yes
In fact I do not have xorg-x11-auth rpm installed:
[root@Carmen ~]# rpm -qa|grep -i xorg-x11-auth [root@Carmen ~]#
and it works...
He meant xorg-x11-xauth and I'm 99% certain you *need* that installed on the target machine for ssh forwarding to work.
I have a few "sl6.1" worstations that do not have "xorg-x11-xauth" installed and it does *not* seem to appear in the repos. Yet X11-Forwarding works fine.
Steve
On Fri, 28 Oct 2011, Steve Brooks wrote:
I have a few "sl6.1" worstations that do not have "xorg-x11-xauth" installed and it does *not* seem to appear in the repos. Yet X11-Forwarding works fine.
It's in the base repos for SL, so it definitely should be appearing. Without a functioning xauth, I've never seen functional X forwarding.
I would be interested to know what ssh -Yv that-host-without-xauth shows. Without xauth I get:
debug1: Remote: No xauth program; cannot forward with spoofing.
jh
El 28/10/11 10:30, John Hodrien escribió:
On Fri, 28 Oct 2011, Steve Brooks wrote:
I have a few "sl6.1" worstations that do not have "xorg-x11-xauth" installed and it does *not* seem to appear in the repos. Yet X11-Forwarding works fine.
It's in the base repos for SL, so it definitely should be appearing. Without a functioning xauth, I've never seen functional X forwarding.
I would be interested to know what ssh -Yv that-host-without-xauth shows. Without xauth I get:
debug1: Remote: No xauth program; cannot forward with spoofing.
I execute next command and, without xorg-x11-xauth packet installed, it works perfectly.
ssh -X -C -c blowfish-cbc,arcfour -Y -l root 192.168.52.133
jh _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
oooooopssss my fail! I have mistyped one character :(
[root@Carmen tmp]# rpm -qa| grep -i xorg-x11-xauth xorg-x11-xauth-1.0.2-7.1.el6.x86_64 [root@Carmen tmp]# rpm -qa|grep -i xorg-x11-auth [root@Carmen tmp]#
So, yes,.. I have that packet installed! Sorry for the misunderstood. Just the lack of one "x" started the flame.
El 29/10/11 00:56, Lorenzo Martínez Rodríguez escribió:
El 28/10/11 10:30, John Hodrien escribió:
On Fri, 28 Oct 2011, Steve Brooks wrote:
I have a few "sl6.1" worstations that do not have "xorg-x11-xauth" installed and it does *not* seem to appear in the repos. Yet X11-Forwarding works fine.
It's in the base repos for SL, so it definitely should be appearing. Without a functioning xauth, I've never seen functional X forwarding.
I would be interested to know what ssh -Yv that-host-without-xauth shows. Without xauth I get:
debug1: Remote: No xauth program; cannot forward with spoofing.
I execute next command and, without xorg-x11-xauth packet installed, it works perfectly.
ssh -X -C -c blowfish-cbc,arcfour -Y -l root 192.168.52.133
jh _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Fri, Oct 28, 2011 at 5:59 PM, Lorenzo Martínez Rodríguez lorenzo@lorenzomartinez.es wrote:
oooooopssss my fail! I have mistyped one character :(
[root@Carmen tmp]# rpm -qa| grep -i xorg-x11-xauth xorg-x11-xauth-1.0.2-7.1.el6.x86_64 [root@Carmen tmp]# rpm -qa|grep -i xorg-x11-auth [root@Carmen tmp]#
So, yes,.. I have that packet installed! Sorry for the misunderstood. Just the lack of one "x" started the flame.
Do some of the checkbox installs omit it? I just ran into this on a system where I chose the 'web server' install, then wanted to run gparted remotely.
On Sat, 29 Oct 2011, Les Mikesell wrote:
Do some of the checkbox installs omit it? I just ran into this on a system where I chose the 'web server' install, then wanted to run gparted remotely.
Yes, it's definitely possible to install without it. I've done the same as you when setting up servers and had to add xauth afterwards to get remote X working. It's a real gotcha for people who don't know about it, as other than DISPLAY not being set, nothing leaps out at you to say it's because xauth isn't installed. It'd be quite nice if default ssh emitted a warning message about this at a non-debug level.
jh
On 10/29/11 12:58 AM, John Hodrien wrote:
Yes, it's definitely possible to install without it. I've done the same as you when setting up servers and had to add xauth afterwards to get remote X working. It's a real gotcha for people who don't know about it, as other than DISPLAY not being set, nothing leaps out at you to say it's because xauth isn't installed. It'd be quite nice if default ssh emitted a warning message about this at a non-debug level.
well, there's the subtle clue that the first time you log onto a particular account with X forwarding, xauth prints a message about saving the .Xauth file....
On Sat, 29 Oct 2011, John R Pierce wrote:
well, there's the subtle clue that the first time you log onto a particular account with X forwarding, xauth prints a message about saving the .Xauth file....
Sure, but that means you're looking for absence of an info message (that you typically don't care all that much about) to let you know something's wrong. That's very easy to miss.
jh
On Saturday, October 29, 2011 07:28:27 AM John Hodrien wrote:
On Sat, 29 Oct 2011, John R Pierce wrote:
well, there's the subtle clue that the first time you log onto a particular account with X forwarding, xauth prints a message about saving the .Xauth file....
Sure, but that means you're looking for absence of an info message (that you typically don't care all that much about) to let you know something's wrong. That's very easy to miss.
Sounds to me like something for the CentOS FAQ on the Wiki.....
Q: Why is my X forwarding not working, but the sshd config has it enabled?
A: One possibility is that the xorg-x11-xauth package needs to be installed.
On Sat, Oct 29, 2011 at 8:58 PM, John Hodrien J.H.Hodrien@leeds.ac.uk wrote:
On Sat, 29 Oct 2011, Les Mikesell wrote:
Do some of the checkbox installs omit it? I just ran into this on a system where I chose the 'web server' install, then wanted to run gparted remotely.
Yes, it's definitely possible to install without it. I've done the same as you when setting up servers and had to add xauth afterwards to get remote X working. It's a real gotcha for people who don't know about it, as other than DISPLAY not being set, nothing leaps out at you to say it's because xauth isn't installed. It'd be quite nice if default ssh emitted a warning message about this at a non-debug level.
It's not an ssh issue so why would ssh emit the message?
Cheers,
Cliff
On Sat, 29 Oct 2011, Cliff Pratt wrote:
On Sat, Oct 29, 2011 at 8:58 PM, John Hodrien J.H.Hodrien@leeds.ac.uk wrote:
On Sat, 29 Oct 2011, Les Mikesell wrote:
Do some of the checkbox installs omit it? I just ran into this on a system where I chose the 'web server' install, then wanted to run gparted remotely.
Yes, it's definitely possible to install without it. I've done the same as you when setting up servers and had to add xauth afterwards to get remote X working. It's a real gotcha for people who don't know about it, as other than DISPLAY not being set, nothing leaps out at you to say it's because xauth isn't installed. It'd be quite nice if default ssh emitted a warning message about this at a non-debug level.
It's not an ssh issue so why would ssh emit the message?
I think my view woudld be "because it can". You're asking for ssh to forward X traffic, only ssh can't for a reason that's not ssh's fault, but nonetheless it knows why. It can share that information with the user or not and that's its choice.
ssh tells you when it creates a .Xauthority file for the first time. Why does it do that? It's all about passing on useful information to the user when you think it's useful, and keeping it to yourself when you think it's not. I'm not making a big deal of this, but I think I'd draw the line in a slightly different place.
jh
On Saturday, October 29, 2011 07:26:04 PM John Hodrien wrote:
ssh tells you when it creates a .Xauthority file for the first time. Why does it do that?
Being totally pedantic here, but isn't it /usr/bin/xauth that issues the message telling that the .Xauthority file has been created?
On Sat, Oct 29, 2011 at 6:38 PM, Lamar Owen lowen@pari.edu wrote:
On Saturday, October 29, 2011 07:26:04 PM John Hodrien wrote:
ssh tells you when it creates a .Xauthority file for the first time. Why does it do that?
Being totally pedantic here, but isn't it /usr/bin/xauth that issues the message telling that the .Xauthority file has been created?
I think so, but ssh knows enough about what it tried to do and how it failed to report it when you use "-v".
On Friday, October 28, 2011 04:10:05 AM Steve Brooks wrote:
I have a few "sl6.1" worstations that do not have "xorg-x11-xauth" installed and it does *not* seem to appear in the repos. Yet X11-Forwarding works fine.
That's mighty strange, as a basically scratch SL6.1 install here shows: [root@pe1600sc-2 ~]# repoquery --qf "%-20{repoid} %{name}" xorg-x11-xauth sl xorg-x11-xauth [root@pe1600sc-2 ~]# cat /etc/issue Scientific Linux release 6.1 (Carbon) Kernel \r on an \m
[root@pe1600sc-2 ~]#
On a CentOS 6.0+CR VM here:
[root@z1-c6 ~]# repoquery --qf "%-20{repoid} %{name}" xorg-x11-xauth base xorg-x11-xauth [root@z1-c6 ~]# cat /etc/issue CentOS Linux release 6.0 (Final) Kernel \r on an \m
[root@z1-c6 ~]#
I did absolutely nothing special to either of these two boxes (just a basic installation that included GNOME and other server things (these boxes get used as remote desktop servers in addition to other duties, so GUI is required), and X forwarding works fine. I typically use X forwarding to run a few GUI programs that are mighty handy, such as palimpsest (GNOME Disk Utility) which puts all in one place lots and lots of useful information about your disk devices that would otherwise require many command line invocations to grab.
Both boxes have xorg-x11-xauth installed.
-
Cliff Pratt -
John Hodrien -
John R Pierce -
Lamar Owen -
Les Mikesell -
Lorenzo Martínez Rodríguez -
Rainer Traut -
Steve Brooks