On Thursday 07 May 2015 09:11:44 Mark Wendt wrote: > On Thu, May 7, 2015 at 8:44 AM, Gene Heskett <ghesk...@wdtv.com> wrote: > > > If you're using ssh -X or ssh -Y those are unnecessary xhost > > > entries. > > > > > > Mark > > > > ISTR I had to do that at some point back in the fog of ancient > > history. That should not be whats killing me now I would think. It > > would be one heck of a regression if thats the case. OTOH, I was > > never able to use ssh -X because of a similar error, and now even -Y > > only works for text terminal's? > > > > Thanks Mark. > > > > Cheers, Gene Heskett > > Gene, > > Not sure why you had to do that in the ancient past either. The -X or > -Y handles the X connection, the -X setting your display variable on > the machine, and subjecting the connection to the X11 Security > extensions by default. The -Y enables trusted X11 forwarding, and is > less safe to use than the -X ssh connection since it does "not" > subject the connection to the Security extensions. > > Either way, using the -X or -Y on the command line obviates the need > for the xhost entries, since that's accomplished via the -X or -Y > connection. Leaving the machine entries in the xhost list opens that > machine to malicious attacks from any one of the machines listed. > > To troubleshoot ssh connections, try connecting with this next time: # > ssh -X -vvv <machine>. The -vvv will give you verbose debugging > messages while you are trying to connect, and hopefully narrow down > what is causing the ssh -X or ssh -Y to not connect. > > Do you have X11 forwarding enabled in the /etc/ssh/sshd_config? Humm. Yes, on all machines. By doing blink compares, the wheezy based installs have this added line:
HostKey /etc/ssh/ssh_host_ecdsa_key And the wheezy based machines have that key and a key.pub version of it, that the 10.04-4 LTS version does not have. WTH is that? More to the point, can I nuke that line ? Commenting it out and restarting the ssh daemon made no change. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
