View previous topic :: View next topic |
Author |
Message |
lyallp Veteran
Joined: 15 Jul 2004 Posts: 1557 Location: Adelaide/Australia
|
Posted: Wed Sep 12, 2012 1:57 am Post subject: [Solved] Help forwarding X via SSH |
|
|
I am trying to get X forwarded from a remote pc to my desktop.
The remote pc and local pc are both Gentoo.
Between the local and remote pc, I have a proxy.
I use 'net-misc/corkscrew' to allow SSH to connect to the remote machine.
Code: | $ cat config
# Abbreviating hostnames
Host remote-pc
HostName remote-pc.example.com
Port 22
User lyall
IdentityFile ~/.ssh/identity
ProxyCommand corkscrew proxy.example.com 8080 %h %p |
I can connect, using my keys, no problems.
However, I cannot seem to get
The remote PC has a working X system, and I generally login, locally, using Fluxbox as my window manager. I use gdm as my greeter.
The local pc, has a similar setup, X, gdm and Fluxbox.
So, ssh remote-pc, just works.
ssh remote-pc -Y does not.
Output of ssh -v remote-pc -Y is as follows :-
Code: | $ ssh -v -Y lyalls-pc
OpenSSH_5.9p1-hpn13v11lpk, OpenSSL 1.0.0j 10 May 2012
debug1: Reading configuration data /home/pearcely/.ssh/config
debug1: /home/pearcely/.ssh/config line 2: Applying options for lyalls-pc
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Executing proxy command: exec corkscrew proxy.aus.hp.com 8080 lyalls-pc.dyndns.org 6503
debug1: permanently_drop_suid: 1000
debug1: identity file /home/pearcely/.ssh/identity type -1
debug1: identity file /home/pearcely/.ssh/identity-cert type -1
debug1: identity file /home/pearcely/.ssh/identity type -1
debug1: identity file /home/pearcely/.ssh/identity-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1-hpn13v11
debug1: match: OpenSSH_5.9p1-hpn13v11 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1-hpn13v11lpk
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 9a:72:42:23:d8:07:99:75:fe:24:dc:6b:d4:ac:13:d8
debug1: Host '[lyalls-pc.dyndns.org]:6503' is known and matches the RSA host key.
debug1: Found key in /home/pearcely/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /home/pearcely/.ssh/identity
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: Authentication succeeded (publickey).
Authenticated to lyalls-pc.dyndns.org (via proxy).
debug1: Final hpn_buffer_size = 131072
debug1: HPN Disabled: 0, HPN Buffer Size: 131072
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
X11 forwarding request failed on channel 0
Last login: Wed Sep 12 10:59:10 CST 2012 from snopxyout-03.asiapac.hp.net on pts/0
Agent pid 3346
lyall@lyalls-pc:~
|
Any suggestions would be appreciated _________________ ...Lyall
Last edited by lyallp on Wed Sep 12, 2012 5:46 am; edited 1 time in total |
|
Back to top |
|
|
DaggyStyle Watchman
Joined: 22 Mar 2006 Posts: 5909
|
Posted: Wed Sep 12, 2012 2:24 am Post subject: |
|
|
doesn't ssh -X host is needed for X11 forwarding? _________________ Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
Back to top |
|
|
BillWho Veteran
Joined: 03 Mar 2012 Posts: 1600 Location: US
|
Posted: Wed Sep 12, 2012 3:59 am Post subject: |
|
|
lyallp,
Is forwarding enabled on the server's sshd_config
To enable it on the client side set it in ssh_config or you can use -X for a one-time session. _________________ Good luck
Since installing gentoo, my life has become one long emerge |
|
Back to top |
|
|
dmpogo Advocate
Joined: 02 Sep 2004 Posts: 3267 Location: Canada
|
Posted: Wed Sep 12, 2012 4:06 am Post subject: |
|
|
DaggyStyle wrote: | doesn't ssh -X host is needed for X11 forwarding? |
-X has been flaky for the last few years, and I do remember an advice to use -Y instead. Indeed, on my machines -X does not work somehow, while -Y does.
and checking that X forwarding is allowed on the server side I think should solve this thread problem indeed. By default it is disabled. |
|
Back to top |
|
|
Hypnos Advocate
Joined: 18 Jul 2002 Posts: 2889 Location: Omnipresent
|
Posted: Wed Sep 12, 2012 4:16 am Post subject: |
|
|
BTW, for X11 forwarding to work, the ssh server must be emerged with the "X" USE flag -- this will pull in xauth . _________________ Personal overlay | Simple backup scheme |
|
Back to top |
|
|
dmpogo Advocate
Joined: 02 Sep 2004 Posts: 3267 Location: Canada
|
Posted: Wed Sep 12, 2012 4:46 am Post subject: |
|
|
Hypnos wrote: | BTW, for X11 forwarding to work, the ssh server must be emerged with the "X" USE flag -- this will pull in xauth . |
well, xauth is pulled in unconditionally by xorg-server, so it is probably on that system anyway |
|
Back to top |
|
|
DaggyStyle Watchman
Joined: 22 Mar 2006 Posts: 5909
|
Posted: Wed Sep 12, 2012 5:07 am Post subject: |
|
|
dmpogo wrote: | DaggyStyle wrote: | doesn't ssh -X host is needed for X11 forwarding? |
-X has been flaky for the last few years, and I do remember an advice to use -Y instead. Indeed, on my machines -X does not work somehow, while -Y does.
and checking that X forwarding is allowed on the server side I think should solve this thread problem indeed. By default it is disabled. |
funny, didn't know that feature exists, thanks for the clear up. _________________ Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
Back to top |
|
|
lyallp Veteran
Joined: 15 Jul 2004 Posts: 1557 Location: Adelaide/Australia
|
Posted: Wed Sep 12, 2012 5:46 am Post subject: |
|
|
I did not have X forwarding enabled on the server!
I found out about the -Y option (as opposed to the -X). Apparently, -X gives untrusted forwarding, whilst -Y gives trusted forwarding and is not reliant on the X11 Security extension. (so says the ssh man page).
Here I was thinking it was the proxy or something on the client side...
Thanks people. _________________ ...Lyall |
|
Back to top |
|
|
|