X forwarding over SSH with ipchains
From: Cuchlain (cuchlain_at_noaddress.net)
Date: 09/30/03
- Next message: Dan Pixley: "Mouse hangup bug"
- Previous message: Paul Lutus: "Re: Newbie to Linux needs help - CDROM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 30 Sep 2003 00:09:12 -0500
I recently added some ipchains rules, and since then X forwarding over ssh
refues to work. I don't get any error messages, but the programs never
return, and never display. They do work if I remove all the rules. I've
run ethereal to watch traffic to or from the computer in question, but all
the traffic appears as normal as I could expect.
132.161. is our subnet, and I'm trying to allow free reign from inside
that, but restrict outside use to ssh, http and https only.
[root@tux uc]# ipchains -L
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ 132.161.0.0/16 anywhere n/a
ACCEPT tcp ------ !132.161.0.0/16 anywhere any -> www
ACCEPT tcp ------ !132.161.0.0/16 anywhere any -> ssh
ACCEPT tcp ------ !132.161.0.0/16 anywhere any -> https
REJECT all ------ !132.161.0.0/16 anywhere n/a
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
It looks to me like ssh thinks x forwarding is working, but it simply
doesn't forward for some reason. Any thoughts?
James
Here's some ssh debugging info:
[michaelh@epona trapped]$ ssh -X -v root@ucdb.grinnell.edu
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to ucdb.grinnell.edu [132.161.136.22] port 22.
debug1: Connection established.
debug1: identity file /home/michaelh/.ssh/identity type 1
debug1: identity file /home/michaelh/.ssh/id_rsa type 1
debug1: identity file /home/michaelh/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ucdb.grinnell.edu' is known and matches the RSA host key.
debug1: Found key in /home/michaelh/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/michaelh/.ssh/identity
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /home/michaelh/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/michaelh/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
root@ucdb.grinnell.edu's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: channel 0: request pty-req
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: channel 0: request x11-req
debug1: channel 0: request shell
debug1: channel 0: open confirm rwindow 0 rmax 32768
Last login: Mon Sep 29 15:46:25 2003 from m00306583d914.grinnell.edu
- Next message: Dan Pixley: "Mouse hangup bug"
- Previous message: Paul Lutus: "Re: Newbie to Linux needs help - CDROM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
