On Thursday 07 May 2015 10:31:18 Mark Wendt wrote: > On Thu, May 7, 2015 at 9:55 AM, Gene Heskett <ghesk...@wdtv.com> wrote: > > > Gene, > > > > > > Not sure why you had to do that in the ancient past either. The > > > -X or -Y handles the X connection, the -X setting your display > > > variable on the machine, and subjecting the connection to the X11 > > > Security extensions by default. The -Y enables trusted X11 > > > forwarding, and is less safe to use than the -X ssh connection > > > since it does "not" subject the connection to the Security > > > extensions. > > > > > > Either way, using the -X or -Y on the command line obviates the > > > need for the xhost entries, since that's accomplished via the -X > > > or -Y connection. Leaving the machine entries in the xhost list > > > opens that machine to malicious attacks from any one of the > > > machines listed. > > > > > > To troubleshoot ssh connections, try connecting with this next > > > time: # ssh -X -vvv <machine>. The -vvv will give you verbose > > > debugging messages while you are trying to connect, and hopefully > > > narrow down what is causing the ssh -X or ssh -Y to not connect. > > > > > > Do you have X11 forwarding enabled in the /etc/ssh/sshd_config? > > > > Humm. Yes, on all machines. By doing blink compares, the wheezy > > based installs have this added line: > > > > HostKey /etc/ssh/ssh_host_ecdsa_key > > > > And the wheezy based machines have that key and a key.pub version of > > it, that the 10.04-4 LTS version does not have. > > > > WTH is that? More to the point, can I nuke that line ? Commenting > > it out and restarting the ssh daemon made no change. > > > > Cheers, Gene Heskett > > Depends on what protocols you are using. Here at a US Gummint > facility, we only use the rsa and dsa protocols. and ssh Protocol 2, > with only very strong cipers and hmac-sha1. > > Here's the two HostKey lines we use: > > # HostKeys for protocol version 2 > HostKey /etc/ssh/ssh_host_rsa_key > HostKey /etc/ssh/ssh_host_dsa_key > Those are both active.
> You have to be careful with the keywords used in the sshd_config. > Some affect the way other keywords work. Also, some keywords in your > ssh_config (system-wide ssh client file) may conflict with what is > allowed in the sshd_config file, but can be overridden by the command > line qualifiers. I'll check those ssh_configs too. Thanks Mark Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
