Re: Unable to set DISPLAY localhost:0.0 / Solved

From: Linux Beginner (linux_beginner_at_alexandria.cc)
Date: 03/21/05

  • Next message: Don Dupy: "Re: Big Brother 1.9c and Fedora Core 3"
    To: For users of Fedora Core releases <fedora-list@redhat.com>
    Date: Mon, 21 Mar 2005 14:03:08 GMT
    
    

    Jeff Vian writes:

    > On Mon, 2005-03-21 at 01:00 +0000, Linux Beginner wrote:
    >> Frank Vogel writes:
    >>
    >> > Alexander Dalloz wrote:
    >> >> Am Do, den 10.03.2005 schrieb Linux Beginner um 22:09:
    >> >>
    >> >>
    >
    >
    >> > Check your /etc/ssh/ssh_config on the host you are ssh-ing to.
    >> > Are these lines present:
    >> >
    >> > ForwardX11 yes
    >> > ForwardX11Trusted yes
    >> >
    >> > That should make it work.
    >> >
    >> > Gr,
    >> >
    >> > Frank
    >> >
    >>
    >> I wish to thank Frank and all the others who gave suggestions ;
    >> Finally i solved it myself after some R&D by providing a
    >> combination of more than one options. For the benefit of all, i
    >> am giving below the cut paste of what i did
    >>
    >> [root@localhost ssh]# ssh -F /etc/ssh/ssh_config -X
    >> root@localhost
    >> root@localhost's password:
    >> Last login: Sun Mar 20 16:54:13 2005 from localhost.localdomain
    >> [root@localhost root]# xhost +
    >> access control disabled, clients can connect from any host
    >
    > This is BAD.
    > It breaks many security features and leaves the system open for attack.
    >
    > Using the xhost option should at best be a very temporary option. The
    > warning above is there for a reason.
    >
    >> [root@localhost root]# /usr/X11R6/bin/xclock
    >>
    >> Gotcha!!!!!!!! There you go. It Works!!!!!!!!!
    >>
    >> Environment DELL PC with Celeron (FC2) and Dual Boot with
    >> Windoz.
    >>
    >> Thanks
    >>
    >> Linux Beginner
    >>
    >>
    >> --------------------------------------------------------------------------------

    As suggested i left out xhost + and tried .. it works but i am
    NOT able to use any other login (oracle in this case) as shown
    below

    [root@localhost root]# date
    Mon Mar 21 05:53:28 PST 2005
    [root@localhost root]# ssh -F /etc/ssh/ssh_config -X
    oracle@localhost
    oracle@localhost's password:
    Connection to localhost closed by remote host.
    Connection to localhost closed.
    [root@localhost root]#
    [root@localhost root]#
    [root@localhost root]#
    [root@localhost root]#
    [root@localhost root]# tail -2 /var/log/messages
    Mar 21 05:53:05 localhost sshd(pam_unix)[3345]: session opened
    for user oracle by (uid=501)
    Mar 21 05:53:34 localhost sshd(pam_unix)[3353]: session opened
    for user oracle by (uid=501)
    [root@localhost root]#

    The session seems to be getting opened and then connection is
    closed by remote host.

    I tried some searching on google and came up with

    http://www2.warwick.ac.uk/services/its/safe/diy/linux/remote/

    But i am not able to make much progress. Here are the entries
    for /etc/ssh/ssh_config and /etc/ssh/sshd_config files

    <etc_ssh_sshconfig>
    # $OpenBSD: ssh_config,v 1.16 2002/07/03 14:21:05 markus
    Exp $
     
    # This is the ssh client system-wide configuration file. See
    # ssh_config(5) for more information. This file provides
    defaults for
    # users, and the values can be changed in per-user configuration
    files
    # or on the command line.
     
    # Configuration data is parsed as follows:
    # 1. command line options
    # 2. user-specific file
    # 3. system-wide file
    # Any configuration value is only changed the first time it is
    set.
    # Thus, host-specific definitions should be at the beginning of
    the
    # configuration file, and defaults at the end.
     
    # Site-wide defaults for various options
     
    # Host *
    # ForwardAgent no
    # ForwardX11 no
    # RhostsAuthentication no
    # RhostsRSAAuthentication no
    # RSAAuthentication yes
    # PasswordAuthentication yes
    # HostbasedAuthentication no
    # BatchMode no
    # CheckHostIP yes
    # StrictHostKeyChecking ask
    # IdentityFile ~/.ssh/identity
    # IdentityFile ~/.ssh/id_rsa
    # IdentityFile ~/.ssh/id_dsa
    # Port 22
    # Protocol 2,1
    # Cipher 3des
    # Ciphers
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    # EscapeChar ~
    Host *
            ForwardX11 yes
    </etc_ssh_sshconfig>

    <etc_ssh_sshd_config>
    # $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus
    Exp $
     
    # This is the sshd server system-wide configuration file. See
    # sshd_config(5) for more information.
     
    # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
     
    # The strategy used for options in the default sshd_config
    shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented. Uncommented options
    change a
    # default value.
     
    #Port 22
    #Protocol 2,1
    #ListenAddress 0.0.0.0
    #ListenAddress ::
     
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
     
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 3600
    #ServerKeyBits 768
     
    # Logging
    #obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    SyslogFacility AUTHPRIV
    #LogLevel INFO
     
    # Authentication:
     
    #LoginGraceTime 120
    #PermitRootLogin yes
    #StrictModes yes
     
    #RSAAuthentication yes
    #PubkeyAuthentication yes
    #AuthorizedKeysFile .ssh/authorized_keys
     
    # rhosts authentication should not be used
    #RhostsAuthentication no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    # For this to work you will also need host keys in
    /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
     
    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no
     
    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
     
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
     
    #AFSTokenPassing no
     
    # Kerberos TGT Passing only works with the AFS kaserver
    #KerberosTgtPassing no
     
    # Set this to 'yes' to enable PAM keyboard-interactive
    authentication
    # Warning: enabling this may bypass the setting of
    'PasswordAuthentication'
    #PAMAuthenticationViaKbdInt no
     
    #X11Forwarding no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #KeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression yes
     
    #MaxStartups 10
    # no default banner path
    #Banner /some/path
    #VerifyReverseMapping no
     
    # override default of no subsystems
    Subsystem sftp /usr/libexec/openssh/sftp-server
    </etc_ssh_sshd_config>

    Thanks

    Linux Beginner
    --------------------------------------------------------------------------------
    Get your free 15 Mb POP3 email @alexandria.cc
    Click here -> http://www.alexandria.cc/

    -- 
    fedora-list mailing list
    fedora-list@redhat.com
    To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
    

  • Next message: Don Dupy: "Re: Big Brother 1.9c and Fedora Core 3"

    Relevant Pages

    • ssh without password does not work
      ... ssh without password inside this network. ... # This is the sshd server system-wide configuration file. ... # Kerberos TGT Passing only works with the AFS kaserver ... 'PasswordAuthentication' ...
      (comp.security.ssh)
    • RE: SSH Access Issues
      ... # This is the ssh client system-wide configuration file. ... # Kerberos TGT Passing only works with the AFS kaserver ...
      (Fedora)
    • RE: PAM auth and account with openssh
      ... PasswordAuthentication no ... PAM auth and account with openssh ... # This is the sshd server system-wide configuration file. ... # Kerberos options ...
      (SSH)
    • Re: PAM auth and account with openssh
      ... # This is the sshd server system-wide configuration file. ... # Kerberos options ... If this is enabled, PAM authentication will ...
      (SSH)
    • Assistance on securing an OpenSSH server
      ... I have OpenSSH 3.5p1-1 and OpenSSL 0.9.6b-31 installed on a gateway ... PasswordAuthentication yes ... # Kerberos TGT Passing only works with the AFS kaserver ...
      (SSH)