Re: X11 tuneling: a hard to fix problem

Hi Nader,

I agree, stay away from xhost.

I see from your debug output below that your ssh server is OpenSSH 4.2 and
not the default Sun_SSH_1.0.1 that comes with Solaris 9. Are you sure you
are looking at the right config file for sshd?

Check your sshd process to see where it is started from:
# ps -eo pid,comm,args | grep sshd

If the output indicates that the sshd is /usr/lib/ssh/sshd then your config
file in the expected /etc/ssh/sshd_config
If the output indicates that sshd is in /usr/local/sbin/sshd, then your
config file might very well be located in /usr/local/etc/sshd_config.

Check this out...

François

-----Nader Amadeu <nader@chemie.fu-berlin.de> wrote: -----


To: secureshell@securityfocus.com
From: Nader Amadeu <nader@chemie.fu-berlin.de>
Date: 04/19/2006 12:31PM
Subject: Re: X11 tuneling: a hard to fix problem

Hi François, yes i have the options below in my /etc/ssh/sshd_config

AllowTcpForwarding yes
GatewayPorts yes

I ran out of ideas where could be the problem...
Thanks anyway and i still apreciate some tips.
I dont want to use xhost because of security problems.
nader

> You need to also have this line in the sshd_config:
> AllowTcpForwarding yes
>
> François
>
> -----Nader Amadeu <nader@chemie.fu-berlin.de> wrote: -----
>
> I have a remote Solaris 9 with the following options in
> /etc/ssh/sshd_config:
> X11Forwarding yes
> X11DisplayOffset 10
> ForwardX11Trusted yes
>
> Then I ssh it from my local desktop: (only most important lines here)
>
> [localdesktop]% ssh -vvv -XY user@remoteserver
> OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to remoteserver [ip.address.here] port 22.
> debug1: Connection established.
> debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
> debug1: match: OpenSSH_4.2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903
> debug2: fd 3 setting O_NONBLOCK
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug3: ssh_session2_open: channel_new: 0
> debug2: channel 0: send open
> debug1: Entering interactive session.
> debug2: callback start
> debug2: x11_get_proto: /usr/X11R6/bin/xauth  list :0.0 . 2>/dev/null
> debug1: Requesting X11 forwarding with authentication spoofing.
> debug2: channel 0: request x11-req confirm 0
> debug2: client_session2_setup: id 0
> debug2: channel 0: request pty-req confirm 0
> debug2: channel 0: request shell confirm 0
> debug2: fd 3 setting TCP_NODELAY
> debug2: callback done
> debug2: channel 0: open confirm rwindow 0 rmax 32768
> debug2: channel 0: rcvd adjust 131072
>
> Now in the remoteserver:
>
> user@remoteserver % echo $DISPLAY
>      DISPLAY: Undefined variable
> user@remoteserver % netstat -a
>      remoteserver.ssh        localdesktop.51899 66608     47 66608      0
>      ESTABLISHED
>
> Even if i setenv DISPLAY to localhost:10, 11, 12 ... it does not work.
> And from this netstat output I cannot find the X11 tuneling channel.
> In another attempt below I have the following different debug messages:
>
>
> [localdesktop]% ssh -vvv -o "ForwardX11Trusted no" user@remoteserver
> debug2: x11_get_proto: /usr/X11R6/bin/xauth -f
> /tmp/ssh-9xszkw26hB/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted
> timeout 1200 2>/dev/null
> debug2: x11_get_proto: /usr/X11R6/bin/xauth -f
> /tmp/ssh-9xszkw26hB/xauthfile list :0.0 . 2>/dev/null
> debug1: Requesting X11 forwarding with authentication spoofing.
> debug2: channel 0: request x11-req confirm 0
>
>
> and again DISPLAY is an undefined variable.
> Could anyone help me to get this X11 tunelling work?
> Thanks all very much,