Jeff Vian writes: > On Mon, 2005-03-21 at 01:00 +0000, Linux Beginner wrote: >> Frank Vogel writes: >> >> > Alexander Dalloz wrote: >> >> Am Do, den 10.03.2005 schrieb Linux Beginner um 22:09: >> >> >> >> > > >> > Check your /etc/ssh/ssh_config on the host you are ssh-ing to. >> > Are these lines present: >> > >> > ForwardX11 yes >> > ForwardX11Trusted yes >> > >> > That should make it work. >> > >> > Gr, >> > >> > Frank >> > >> >> I wish to thank Frank and all the others who gave suggestions ; >> Finally i solved it myself after some R&D by providing a >> combination of more than one options. For the benefit of all, i >> am giving below the cut paste of what i did >> >> [root@localhost ssh]# ssh -F /etc/ssh/ssh_config -X >> root@localhost >> root@localhost's password: >> Last login: Sun Mar 20 16:54:13 2005 from localhost.localdomain >> [root@localhost root]# xhost + >> access control disabled, clients can connect from any host > > This is BAD. > It breaks many security features and leaves the system open for attack. > > Using the xhost option should at best be a very temporary option. The > warning above is there for a reason. > >> [root@localhost root]# /usr/X11R6/bin/xclock >> >> Gotcha!!!!!!!! There you go. It Works!!!!!!!!! >> >> Environment DELL PC with Celeron (FC2) and Dual Boot with >> Windoz. >> >> Thanks >> >> Linux Beginner >> >> >> -------------------------------------------------------------------------------- As suggested i left out xhost + and tried .. it works but i am NOT able to use any other login (oracle in this case) as shown below [root@localhost root]# date Mon Mar 21 05:53:28 PST 2005 [root@localhost root]# ssh -F /etc/ssh/ssh_config -X oracle@localhost oracle@localhost's password: Connection to localhost closed by remote host. Connection to localhost closed. [root@localhost root]# [root@localhost root]# [root@localhost root]# [root@localhost root]# [root@localhost root]# tail -2 /var/log/messages Mar 21 05:53:05 localhost sshd(pam_unix)[3345]: session opened for user oracle by (uid=501) Mar 21 05:53:34 localhost sshd(pam_unix)[3353]: session opened for user oracle by (uid=501) [root@localhost root]# The session seems to be getting opened and then connection is closed by remote host. I tried some searching on google and came up with http://www2.warwick.ac.uk/services/its/safe/diy/linux/remote/ But i am not able to make much progress. Here are the entries for /etc/ssh/ssh_config and /etc/ssh/sshd_config files <etc_ssh_sshconfig> # $OpenBSD: ssh_config,v 1.16 2002/07/03 14:21:05 markus Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for various options # Host * # ForwardAgent no # ForwardX11 no # RhostsAuthentication no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # BatchMode no # CheckHostIP yes # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ Host * ForwardX11 yes </etc_ssh_sshconfig> <etc_ssh_sshd_config> # $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. #Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 3600 #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging #SyslogFacility AUTH SyslogFacility AUTHPRIV #LogLevel INFO # Authentication: #LoginGraceTime 120 #PermitRootLogin yes #StrictModes yes #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # rhosts authentication should not be used #RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #AFSTokenPassing no # Kerberos TGT Passing only works with the AFS kaserver #KerberosTgtPassing no # Set this to 'yes' to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAMAuthenticationViaKbdInt no #X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #KeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression yes #MaxStartups 10 # no default banner path #Banner /some/path #VerifyReverseMapping no # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server </etc_ssh_sshd_config> Thanks Linux Beginner -------------------------------------------------------------------------------- Get your free 15 Mb POP3 email @alexandria.cc Click here -> http://www.alexandria.cc/
