ssh -X woes

From: hysterion@mac.com
Date: 04/10/02


From: hysterion@mac.com
Date: Wed, 10 Apr 2002 10:37:20 -0400


I have a configuration like this, with a Red Hat machine at school, and
at home a SuSE ppc box (doing NAT) and an iBook:

+----------+ +----------+ +---------+
| school |-----internet-----| SuSE ppc |-----LAN-----| iBook |
+----------+ +----------+ +---------+
  XFree86 XFree86 XDarwin
  OpenSSH OpenSSH OpenSSH

Now "ssh -X user@school" works fine for X11 forwarding to both other
machines:

================================ ==========================
[iBook:~] fz% ssh -X user@school ppc:~ > ssh -X user@school
user@school's password: user@school's password:
{school ~}$ echo $DISPLAY {school ~}$ echo $DISPLAY
localhost:13.0 localhost:15.0
{school ~}$ xeyes {school ~}$ xeyes
================================ ==========================

(xeyes show up on both the iBook and the ppc), BUT, I can't get X11
forwarding to work from the ppc at all:

=================================================
[iBook:~] fz% ssh -X hysterion@ppc
hysterion@ppc's password:
Have a lot of fun...
ppc:~ > echo $DISPLAY
localhost:10.0
ppc:~ > xeyes
ppc:~ > Error: Can't open display: localhost:10.0
=================================================

(and same error if I try from {school ~}). This is despite having
set "X11Forwarding yes" in sshd_config on the ppc. I've pasted below
the verbose/debug output of ssh and sshd during the operation. I'd
be *most grateful* for any insights into what I am missing?!?

Thanks!

*********

[iBook:~] fz% echo $DISPLAY
:0.0
[iBook:~] fz% ssh -X -v hysterion@ppc
OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 502 geteuid 502 anon 1
debug1: Connecting to ppc [192.168.1.99] port 22.
debug1: restore_uid
debug1: restore_uid
debug1: Connection established.
debug1: identity file /Users/fz/.ssh/identity type -1
debug1: identity file /Users/fz/.ssh/id_rsa type -1
debug1: identity file /Users/fz/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.0.2p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 121/256
debug1: bits set: 1585/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.1.99' is known and matches the RSA host key.
debug1: Found key in /Users/fz/.ssh/known_hosts:2
debug1: bits set: 1613/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /Users/fz/.ssh/identity
debug1: try privkey: /Users/fz/.ssh/id_rsa
debug1: try privkey: /Users/fz/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is password
hysterion@ppc's password:
debug1: packet_send2: adding 64 (len 55 padlen 9 extra_pad 64)
debug1: ssh-userauth2 successful: method password
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: channel request 0: shell
debug1: channel 0: open confirm rwindow 0 rmax 32768
lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or
directory
lastlog_openseek: /var/log/lastlog is not a file or directory!
lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or
directory
lastlog_openseek: /var/log/lastlog is not a file or directory!
Have a lot of fun...
Environment:
  USER=hysterion
  LOGNAME=hysterion
  HOME=/home/hysterion
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
  MAIL=/var/mail/hysterion
  SHELL=/bin/bash
  SSH_CLIENT=::ffff:192.168.1.4 61077 22
  SSH_TTY=/dev/pts/9
  TERM=vt100
  DISPLAY=localhost:10.0
Running /usr/X11R6/bin/xauth add unix:10.0 MIT-MAGIC-COOKIE-1
4e9e43bb2fad8415b325ff321559bf04
debug1: Received SIGCHLD.
ppc:~ > xeyes
Error: Can't open display: localhost:10.0
ppc:~ >

*********

ppc:/usr/local/sbin # ./sshd -d
debug1: sshd version OpenSSH_3.1p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from ::ffff:192.168.1.4 port 61077
debug1: Client protocol version 2.0; client software version
OpenSSH_3.0.2p1
debug1: match: OpenSSH_3.0.2p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.1p1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 136/256
debug1: bits set: 1613/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1585/3191
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user hysterion service ssh-connection method
none
debug1: attempt 0 failures 0
Failed none for hysterion from ::ffff:192.168.1.4 port 61077 ssh2
debug1: userauth-request for user hysterion service ssh-connection method
keyboard-interactive
debug1: attempt 1 failures 1
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=hysterion devs=
debug1: kbdint_alloc: devices ''
Failed keyboard-interactive for hysterion from ::ffff:192.168.1.4 port
61077 ssh2
debug1: userauth-request for user hysterion service ssh-connection method
password
debug1: attempt 2 failures 2
Accepted password for hysterion from ::ffff:192.168.1.4 port 61077 ssh2
debug1: Entering interactive session for SSH2.
debug1: fd 3 setting O_NONBLOCK
debug1: fd 7 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 32768 max
16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/9
debug1: Ignoring unsupported tty mode opcode 11 (0xb)
debug1: Ignoring unsupported tty mode opcode 17 (0x11)
debug1: server_input_channel_req: channel 0 request x11-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req x11-req
debug1: fd 10 setting O_NONBLOCK
debug1: channel 1: new [X11 inet listener]
debug1: server_input_channel_req: channel 0 request shell reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: fd 4 setting TCP_NODELAY
debug1: Setting controlling tty using TIOCSCTTY.
debug1: channel 0: rfd 9 isatty
debug1: fd 9 setting O_NONBLOCK



Relevant Pages

  • ssh working, but not sftp..
    ... but whenever i try to open an sftp session using the latest ... for eveyone who needs to sftp to our server.. ... debug1: channel 1: new ...
    (comp.security.ssh)
  • SSH login aborts with "Not a typewriter"
    ... I see the "not a typewriter" message (see CLIENT ... debug1: channel 0: output open -> drain ... Entering interactive session for SSH2. ...
    (comp.security.ssh)
  • OpenSSH daemon 2.5.1 crashing on HP
    ... After I start the daemon, it crashes after a few seconds. ... debug1: Entering interactive session for SSH2. ... debug1: channel 0: new ...
    (comp.security.ssh)
  • problems with ssh and ldap on solaris
    ... debug1: Entering interactive session for SSH2. ... debug1: channel 0: new ... # Authentication management ...
    (SunManagers)
  • ssh session exits after authentication
    ... I'm running Openssh-3.7.1p1 on a server. ... debug1: read PEM private key done: type RSA ... Entering interactive session for SSH2. ... debug1: channel 0: new ...
    (SSH)