Re: [BackupPC-users] Configure ssh: X11 connection rejected because of wrong authentication.
Hi,
On Mon, Aug 10, 2009 at 10:19, Craig
Swanson wrote:
> host tapper: BackupPC on fedora 10 x86_64
> Created a public key as backuppc on the server, copied to the client's
> backuppc home dir.
> config.pl:$Conf{RsyncClientCmd} = '$sshPath -x -l backuppc $host nice -n
> 19 sudo $rsyncPath $argList+';
It's a long shot, but did you try to set up BackupPC SSH keys on the
target's root user and connect to the sshd with the root user without
using sudo? Does that work or do you have the same error? I've seen
some strange setups of sudo with some PAM modules that use GTK/GNOME
and consequently require X... if you test it without sudo and it
works, that is most likely the problem, if it doesn't work either, at
least that hypothesis is discarded...
> -q was removed, hoping to see more info.
So, you had the same problem with -q or not? It was not completely
clear from your original post...
Also, do you have something in /etc/ssh/ssh_config or
~backuppc/.ssh/config that might be triggering this issue?
HTH,
Filipe
--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Configure ssh: X11 connection rejected because of wrong authentication.
On Mon, Aug 10, 2009 at 10:19:32AM -0400, Craig Swanson wrote: > I have created a new installation of BackupPC, attempting to configure > ssh with sudo, per the BackupPC instructions. > BackupPC fails, echoing: X11 connection rejected because of wrong > authentication. Add a -x to your ssh command line. HTH, Tino. -- "What we nourish flourishes." - "Was wir nähren erblüht." www.lichtkreis-chemnitz.de www.craniosacralzentrum.de -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
[BackupPC-users] Configure ssh: X11 connection rejected because of wrong authentication.
I have created a new installation of BackupPC, attempting to configure
ssh with sudo, per the BackupPC instructions.
BackupPC fails, echoing: X11 connection rejected because of wrong
authentication.
Details follow.
Thanks in advance for your time,
Craig Swanson
host balsa: backup target on fedora 10 x86_64
Created a local non-root user (backuppc) on the client.
Modified /etc/sudoers to allow rsync, whoami for backuppc
host tapper: BackupPC on fedora 10 x86_64
Created a public key as backuppc on the server, copied to the
client's backuppc home dir.
config.pl:$Conf{RsyncClientCmd} = '$sshPath -x -l backuppc $host
nice -n 19 sudo $rsyncPath $argList+';
-q was removed, hoping to see more info.
iptables and SELinux are disabled on both hosts.
ssh is ok from the command line:
tapper# su -s /bin/bash backuppc
bash$ ssh -x -l backuppc balsa sudo whoami
root
BackupPC fails, echoing to tapper's terminal:
X11 connection rejected because of wrong authentication.
BackupPC log:
2009-08-10 09:09:45 User requested backup of balsa.midwest-tool.com
(balsa.midwest-tool.com)
2009-08-10 09:09:46 Started full backup on balsa.midwest-tool.com
(pid=22152, share=/var)
2009-08-10 09:09:52 Backup failed on balsa.midwest-tool.com
(fileListReceive failed)
Increased log level for sshd on the client to DEBUG.
/var/log/secure:
Aug 10 09:12:30 balsa sshd[5388]: debug1: Forked child 5433.
Aug 10 09:12:30 balsa sshd[5433]: debug1: rexec start in 5 out 5 newsock
5 pipe 7 sock 8
Aug 10 09:12:30 balsa sshd[5433]: debug1: inetd sockets after dupping: 3, 3
Aug 10 09:12:30 balsa sshd[5433]: Connection from 192.168.1.190 port 54524
Aug 10 09:12:30 balsa sshd[5433]: debug1: Client protocol version 2.0;
client software version OpenSSH_5.1
Aug 10 09:12:30 balsa sshd[5433]: debug1: match: OpenSSH_5.1 pat OpenSSH*
Aug 10 09:12:30 balsa sshd[5433]: debug1: Enabling compatibility mode
for protocol 2.0
Aug 10 09:12:30 balsa sshd[5433]: debug1: Local version string
SSH-2.0-OpenSSH_5.2
Aug 10 09:12:30 balsa sshd[5435]: debug1: permanently_set_uid: 74/74
Aug 10 09:12:30 balsa sshd[5435]: debug1: list_hostkey_types:
ssh-rsa,ssh-dss
Aug 10 09:12:30 balsa sshd[5435]: debug1: SSH2_MSG_KEXINIT sent
Aug 10 09:12:30 balsa sshd[5435]: debug1: SSH2_MSG_KEXINIT received
Aug 10 09:12:30 balsa sshd[5435]: debug1: kex: client->server aes128-cbc
hmac-md5 none
Aug 10 09:12:30 balsa sshd[5435]: debug1: kex: server->client aes128-cbc
hmac-md5 none
Aug 10 09:12:30 balsa sshd[5435]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST
received
Aug 10 09:12:30 balsa sshd[5435]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Aug 10 09:12:30 balsa sshd[5435]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Aug 10 09:12:30 balsa sshd[5435]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Aug 10 09:12:30 balsa sshd[5435]: debug1: SSH2_MSG_NEWKEYS sent
Aug 10 09:12:30 balsa sshd[5435]: debug1: expecting SSH2_MSG_NEWKEYS
Aug 10 09:12:30 balsa sshd[5435]: Connection closed by 192.168.1.190
Aug 10 09:12:30 balsa sshd[5435]: debug1: do_cleanup
Aug 10 09:12:30 balsa sshd[5433]: debug1: do_cleanup
/etc/ssh/sshd_config
Modified as a debug step:
X11UseLocalhost no (no change in result)
Current sshd_config attached:
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
LogLevel DEBUG
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords
