Re: X11 tuneling: a hard to fix problem





You need to also have this line in the sshd_config:
AllowTcpForwarding yes

François


-----Nader Amadeu <nader@xxxxxxxxxxxxxxxxxxx> wrote: -----


To: secureshell@xxxxxxxxxxxxxxxxx
From: Nader Amadeu <nader@xxxxxxxxxxxxxxxxxxx>
Date: 04/18/2006 08:24AM
Subject: X11 tuneling: a hard to fix problem

Hi all, I've googled for more than a week trying to
fix this SSH X11 tuneling problem.
I appreciate some help and thank you in advance.

I have a remote Solaris 9 with the following options in
/etc/ssh/sshd_config:
X11Forwarding yes
X11DisplayOffset 10
ForwardX11Trusted yes

Then I ssh it from my local desktop: (only most important lines here)

[localdesktop]% ssh -vvv -XY user@remoteserver
OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to remoteserver [ip.address.here] port 22.
debug1: Connection established.
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903
debug2: fd 3 setting O_NONBLOCK
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: x11_get_proto: /usr/X11R6/bin/xauth list :0.0 . 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 0
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 0
debug2: channel 0: request shell confirm 0
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072

Now in the remoteserver:

user@remoteserver % echo $DISPLAY
DISPLAY: Undefined variable
user@remoteserver % netstat -a
remoteserver.ssh localdesktop.51899 66608 47 66608 0
ESTABLISHED

Even if i setenv DISPLAY to localhost:10, 11, 12 ... it does not work.
And from this netstat output I cannot find the X11 tuneling channel.
In another attempt below I have the following different debug messages:


[localdesktop]% ssh -vvv -o "ForwardX11Trusted no" user@remoteserver
debug2: x11_get_proto: /usr/X11R6/bin/xauth -f
/tmp/ssh-9xszkw26hB/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted
timeout 1200 2>/dev/null
debug2: x11_get_proto: /usr/X11R6/bin/xauth -f
/tmp/ssh-9xszkw26hB/xauthfile list :0.0 . 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 0


and again DISPLAY is an undefined variable.
Could anyone help me to get this X11 tunelling work?
Thanks all very much,
nader


Relevant Pages

  • Re: ssh xterm -> HPUX fails
    ... debug1: read PEM private key done: type RSA ... debug3: preauth child monitor started ... debug2: monitor_read: 0 used once, ... debug2: channel 0: sent ext data 106 ...
    (comp.security.ssh)
  • openssh3.7p1 chroot patch not work on solaris 7
    ... debug1: monitor_child_preauth: test has been authenticated by privileged process ... debug3: mm_get_keystate: Waiting for new keys ... debug2: mac_init: found hmac-sha1 ... debug1: channel 0: new ...
    (comp.security.ssh)
  • SSH works but SFtp does not work
    ... # This is the sshd server system-wide configuration file. ... debug1: read PEM private key done: type RSA ... debug2: bits set: 512/1024 ... debug1: session_open: channel 0 ...
    (comp.os.qnx)
  • SSH works but SFtp does not work
    ... # This is the sshd server system-wide configuration file. ... debug1: read PEM private key done: type RSA ... debug2: bits set: 512/1024 ... debug1: session_open: channel 0 ...
    (comp.security.ssh)
  • SSH works but SFtp does not work
    ... # This is the sshd server system-wide configuration file. ... debug1: read PEM private key done: type RSA ... debug2: bits set: 512/1024 ... debug1: session_open: channel 0 ...
    (comp.os.qnx)