On Thu, May 7, 2015 at 9:55 AM, Gene Heskett <ghesk...@wdtv.com> wrote:
> > > > > Gene, > > > > Not sure why you had to do that in the ancient past either. The -X or > > -Y handles the X connection, the -X setting your display variable on > > the machine, and subjecting the connection to the X11 Security > > extensions by default. The -Y enables trusted X11 forwarding, and is > > less safe to use than the -X ssh connection since it does "not" > > subject the connection to the Security extensions. > > > > Either way, using the -X or -Y on the command line obviates the need > > for the xhost entries, since that's accomplished via the -X or -Y > > connection. Leaving the machine entries in the xhost list opens that > > machine to malicious attacks from any one of the machines listed. > > > > To troubleshoot ssh connections, try connecting with this next time: # > > ssh -X -vvv <machine>. The -vvv will give you verbose debugging > > messages while you are trying to connect, and hopefully narrow down > > what is causing the ssh -X or ssh -Y to not connect. > > > > Do you have X11 forwarding enabled in the /etc/ssh/sshd_config? > Humm. Yes, on all machines. By doing blink compares, the wheezy based > installs have this added line: > > HostKey /etc/ssh/ssh_host_ecdsa_key > > And the wheezy based machines have that key and a key.pub version of it, > that the 10.04-4 LTS version does not have. > > WTH is that? More to the point, can I nuke that line ? Commenting it > out and restarting the ssh daemon made no change. > > Cheers, Gene Heskett > Depends on what protocols you are using. Here at a US Gummint facility, we only use the rsa and dsa protocols. and ssh Protocol 2, with only very strong cipers and hmac-sha1. Here's the two HostKey lines we use: # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key You have to be careful with the keywords used in the sshd_config. Some affect the way other keywords work. Also, some keywords in your ssh_config (system-wide ssh client file) may conflict with what is allowed in the sshd_config file, but can be overridden by the command line qualifiers. Mark ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
