Re: SSH X11 forwarding issues (with verbose data)
On 04/09/2006, Philip H. Schlesinger wrote: Somebody else posted that ZoneAlarm jumps in the way of Cygwin's OpenSSH - even if ZoneAlarm is shut down, but I have a hard time believing that's the issue... Well, you could help convince yourself one way or the other by uninstalling ZoneAlarm for the purposes of testing and try the failing scenario again. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 838 Washington Street (508) 893-9889 - FAX Holliston, MA 01746 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues (with verbose data)
Hi Jack. ssh -Y ended up with me doing the following: $ /usr/X11R6/bin/xauth list 127.0.0.1:0.0 /usr/X11R6/bin/xauth: creating new authority file /home/phil/.Xauthority Nothing happened on the other xterm window, so I went looking for /home/phil/.Xauthority - it didn't exist! (yes, I typed ls -a) :) So I tried ssh -X ... and ended up with me doing the following: $ /usr/X11R6/bin/xauth -f /tmp/ssh-Q7ut6XsxFY/xauthfile generate 127.0.0.1:0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 /usr/X11R6/bin/xauth: creating new authority file /tmp/ssh-Q7ut6XsxFY/xauthfile now a file called "xauthfile" was created in that directory, and its contents were: 0MIT-MAGIC-COOKIE-1&<12 character long pseudorandom string> But still, no movement on the xterm window. Here's the oddity: Why could I just start the Cygwin/X server and run putty for windows with X11 forwarding and it'll work just fine? Why would X-Win32 with its built-in StarnetSSH client work just fine completely on its own? Somebody else posted that ZoneAlarm jumps in the way of Cygwin's OpenSSH - even if ZoneAlarm is shut down, but I have a hard time believing that's the issue... - Phil Jack Tanner wrote: No, it should be on the local computer. Try this: run startxwin.bat, then open two xterms. In one, run the ssh -Y -vv ... command. When it freezes, in the other xterm try to run the xauth command by hand. By the way, I gave you the wrong command syntax below. That should've been $ /usr/X11R6/bin/xauth -f /tmp/ssh-WHATEVER/... If I'm wrong, and it is on the remote computer, then from the second xterm you should be able to ssh in without X forwarding, and try it on the remote machine. Philip H. Schlesinger wrote: That appears to be something generated on the fly - and by the looks of it, on the remote computer, as that directory doesn't exist. - Phil Jack Tanner wrote: Philip H. Schlesinger wrote: Jack Tanner wrote: >> debug2: x11_get_proto: /usr/X11R6/bin/xauth -f >> /tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0 >> MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null > > 1) What do you get if you try that by command hand (sans the /dev/null > redirection)? Not sure what you mean here...forgive my n00b-ness... Err, that should've said "try that command by hand". As in, $ /tmp/ssh-WHATEVER/xauthfile generate [...] timeout 1200 (Drop the 2> /dev/null bit at the end, thus keeping the output from xauthfile from being redirected to /dev/null.) -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues
Brett Serkez wrote: Still sounds like a ZoneAlarm issue. It's worth another look. There was a time when this worked with ZoneAlarm, from the best I can recall, it was after a Cygwin update that it broke. My older system that I mentioned, is running almost the lastest ZA with an older Cygwin install and it works fine. I tried back reving a new system to the older version cygwin packages, but this didn't work. There was something that changed in cygwin that ZoneAlarm doesn't like. Since I'm unable to precisely identify what that is and ZoneLabs has been horrible in terms of any sort of response (not only this issue but many), I've written if off as unlikely to be resolved. Well if you're absolutely sure ZoneAlarm is configured in exactly the same way on both systems, then looking at Cygwin may make some sense. Or if you're convinced that Cygwin is the problem regardless, take the new Cygwin DLL to the old system and try this out. Stepping forward slowly is easier than trying to back up, which I assume is what you meant when you said you tried to back rev and it "didn't work". That should allow you to home in on where the problem starts for you and point you to where you'd want to concentrate your efforts to resolve it. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 838 Washington Street (508) 893-9889 - FAX Holliston, MA 01746 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues
> Still sounds like a ZoneAlarm issue. It's worth another look. There was a time when this worked with ZoneAlarm, from the best I can recall, it was after a Cygwin update that it broke. My older system that I mentioned, is running almost the lastest ZA with an older Cygwin install and it works fine. I tried back reving a new system to the older version cygwin packages, but this didn't work. There was something that changed in cygwin that ZoneAlarm doesn't like. Since I'm unable to precisely identify what that is and ZoneLabs has been horrible in terms of any sort of response (not only this issue but many), I've written if off as unlikely to be resolved. Brett -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues
Brett Serkez wrote: ZoneAlarm, but I have the remote PC in my trusted list. Plus, both Cygwin/X/putty and X-Win32/StarnetSSH work fine, so this seems to be a Cygwin issue... The only way I've been able to use either the -X or -Y switches is to uninstall ZoneAlarm, shutting it down is insufficient. The problem, atleast in my case seems to have something to do with xauth getting stuck and never returning, it actually locks up to the point of having to shutdown the X server and usually causes Windows to hang when trying to logout or reboot. This used to work, I have an older system that I use occasionally that is running ZoneAlarm and an older version of Cygwin that I can use -X/-Y and works great. I've tried using this as a model to work backwards to diagnose with no luck. I've tried various times to debug and have given up, I manually set the X display variable myself like: ssh -R 6010:localhost:6000 target then after login: export DISPLAY=:10 Of course the issue is that I'm guessing on the target as to which port is open, but so far this has worked for me. Still sounds like a ZoneAlarm issue. It's worth another look. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 838 Washington Street (508) 893-9889 - FAX Holliston, MA 01746 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues
> ZoneAlarm, but I have the remote PC in my trusted list. Plus, both > Cygwin/X/putty and X-Win32/StarnetSSH work fine, so this seems to be a > Cygwin issue... The only way I've been able to use either the -X or -Y switches is to uninstall ZoneAlarm, shutting it down is insufficient. The problem, atleast in my case seems to have something to do with xauth getting stuck and never returning, it actually locks up to the point of having to shutdown the X server and usually causes Windows to hang when trying to logout or reboot. This used to work, I have an older system that I use occasionally that is running ZoneAlarm and an older version of Cygwin that I can use -X/-Y and works great. I've tried using this as a model to work backwards to diagnose with no luck. I've tried various times to debug and have given up, I manually set the X display variable myself like: ssh -R 6010:localhost:6000 target then after login: export DISPLAY=:10 Of course the issue is that I'm guessing on the target as to which port is open, but so far this has worked for me. Brett -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues
Philip H. Schlesinger wrote: Hi Brett. ZoneAlarm, but I have the remote PC in my trusted list. Plus, both Cygwin/X/putty and X-Win32/StarnetSSH work fine, so this seems to be a Cygwin issue... It may well be a Cygwin/X issue (and I suggested you might go about debugging it), but it's really too bad you didn't bother with the FAQ. (And my bad for not picking up on the firewall potential. Thanks, Brett.) http://x.cygwin.com/docs/faq/cygwin-x-faq.html#freeze-at-startup - Phil Brett Serkez wrote: Freezes: I type my password, hit enter, and I don't get any additional output. -vvv says that things are being sent to /dev/null What are you running for a firewall? ZoneAlarm, Norton... Brett -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues
Hi Brett. ZoneAlarm, but I have the remote PC in my trusted list. Plus, both Cygwin/X/putty and X-Win32/StarnetSSH work fine, so this seems to be a Cygwin issue... - Phil Brett Serkez wrote: Freezes: I type my password, hit enter, and I don't get any additional output. -vvv says that things are being sent to /dev/null What are you running for a firewall? ZoneAlarm, Norton... Brett -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues
> Freezes: I type my password, hit enter, and I don't get any additional > output. -vvv says that things are being sent to /dev/null What are you running for a firewall? ZoneAlarm, Norton... Brett -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues (with verbose data)
No, it should be on the local computer. Try this: run startxwin.bat, then open two xterms. In one, run the ssh -Y -vv ... command. When it freezes, in the other xterm try to run the xauth command by hand. By the way, I gave you the wrong command syntax below. That should've been $ /usr/X11R6/bin/xauth -f /tmp/ssh-WHATEVER/... If I'm wrong, and it is on the remote computer, then from the second xterm you should be able to ssh in without X forwarding, and try it on the remote machine. Philip H. Schlesinger wrote: That appears to be something generated on the fly - and by the looks of it, on the remote computer, as that directory doesn't exist. - Phil Jack Tanner wrote: Philip H. Schlesinger wrote: Jack Tanner wrote: >> debug2: x11_get_proto: /usr/X11R6/bin/xauth -f >> /tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0 >> MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null > > 1) What do you get if you try that by command hand (sans the /dev/null > redirection)? Not sure what you mean here...forgive my n00b-ness... Err, that should've said "try that command by hand". As in, $ /tmp/ssh-WHATEVER/xauthfile generate [...] timeout 1200 (Drop the 2> /dev/null bit at the end, thus keeping the output from xauthfile from being redirected to /dev/null.) -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues (with verbose data)
That appears to be something generated on the fly - and by the looks of it, on the remote computer, as that directory doesn't exist. - Phil Jack Tanner wrote: Philip H. Schlesinger wrote: Jack Tanner wrote: >> debug2: x11_get_proto: /usr/X11R6/bin/xauth -f >> /tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0 >> MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null > > 1) What do you get if you try that by command hand (sans the /dev/null > redirection)? Not sure what you mean here...forgive my n00b-ness... Err, that should've said "try that command by hand". As in, $ /tmp/ssh-WHATEVER/xauthfile generate [...] timeout 1200 (Drop the 2> /dev/null bit at the end, thus keeping the output from xauthfile from being redirected to /dev/null.) -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues (with verbose data)
Philip H. Schlesinger wrote: Jack Tanner wrote: >> debug2: x11_get_proto: /usr/X11R6/bin/xauth -f >> /tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0 >> MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null > > 1) What do you get if you try that by command hand (sans the /dev/null > redirection)? Not sure what you mean here...forgive my n00b-ness... Err, that should've said "try that command by hand". As in, $ /tmp/ssh-WHATEVER/xauthfile generate [...] timeout 1200 (Drop the 2> /dev/null bit at the end, thus keeping the output from xauthfile from being redirected to /dev/null.) -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues (with verbose data)
Jack Tanner wrote: >> debug2: x11_get_proto: /usr/X11R6/bin/xauth -f >> /tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0 >> MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null > > 1) What do you get if you try that by command hand (sans the /dev/null > redirection)? Not sure what you mean here...forgive my n00b-ness... > 2) What do you get if you skip X-forwarding altogether? Works fine. > 3) What do you get if you rm the xauthority data on both sides of the > connection? Only .Xauthority was on the remote PC, and problem still exists... debug3: no such identity: /home/phil/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password: debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 0 debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64) debug1: Authentication succeeded (keyboard-interactive). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Entering interactive session. debug2: callback start debug2: x11_get_proto: /usr/X11R6/bin/xauth -f /tmp/ssh-Xc8hsbJjXZ/xauthfile generate 127.0.0.1:0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null Jack Tanner wrote: Philip H. Schlesinger wrote: I tried the -vvv mode and here's the screen capture: debug1: Authentication succeeded (keyboard-interactive). OK, good. You're authenticated after entering your password. debug2: x11_get_proto: /usr/X11R6/bin/xauth -f /tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null 1) What do you get if you try that by command hand (sans the /dev/null redirection)? 2) What do you get if you skip X-forwarding altogether? 3) What do you get if you rm the xauthority data on both sides of the connection? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues (with verbose data)
Philip H. Schlesinger wrote: I tried the -vvv mode and here's the screen capture: debug1: Authentication succeeded (keyboard-interactive). OK, good. You're authenticated after entering your password. debug2: x11_get_proto: /usr/X11R6/bin/xauth -f /tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null 1) What do you get if you try that by command hand (sans the /dev/null redirection)? 2) What do you get if you skip X-forwarding altogether? 3) What do you get if you rm the xauthority data on both sides of the connection? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues
Hi Jack. See my other post at 9:19 am with the -vvv output. Freezes: I type my password, hit enter, and I don't get any additional output. -vvv says that things are being sent to /dev/null - Phil Jack Tanner wrote: -Y is really what you want. Aside from that, anything useful from -vv? What about the server logs? And /tmp/Xwin.log? And what do you mean by "freezes"? Philip H. Schlesinger wrote: Hi Sterling. I checked the man page and -Y is just -X with less security: -X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls. Nevertheless, same problem - it freezes after I type in my password. Other ideas? - Phil Sterling Baker wrote: I believe the use of '-X' has been depreciated. Try using '-Y' instead. Sterling -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philip H. Schlesinger Sent: Wednesday, April 05, 2006 10:07 PM To: cygwin-xfree@cygwin.com Subject: SSH X11 forwarding issues Hi all. I just upgraded my Cygwin to the latest version and found a rather interesting problem: I can do the following command in the bash window with no problem: ssh @ it prompts me for my password and then takes me in from there. -- However, if I: startx ssh -X @server location> It prompts me for my password and then hangs. -- If I: startxwin.bat ssh -X @server location> same problem: It prompts me for my password and then hangs. -- The only way I've successfully made a connection with X forwarding is: startxwin.bat Execute putty for windows with X11 forwarding enabled Enter username and password And I'm off and running... Help? - Phil -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues
-Y is really what you want. Aside from that, anything useful from -vv? What about the server logs? And /tmp/Xwin.log? And what do you mean by "freezes"? Philip H. Schlesinger wrote: Hi Sterling. I checked the man page and -Y is just -X with less security: -X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls. Nevertheless, same problem - it freezes after I type in my password. Other ideas? - Phil Sterling Baker wrote: I believe the use of '-X' has been depreciated. Try using '-Y' instead. Sterling -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philip H. Schlesinger Sent: Wednesday, April 05, 2006 10:07 PM To: cygwin-xfree@cygwin.com Subject: SSH X11 forwarding issues Hi all. I just upgraded my Cygwin to the latest version and found a rather interesting problem: I can do the following command in the bash window with no problem: ssh @ it prompts me for my password and then takes me in from there. -- However, if I: startx ssh -X @server location> It prompts me for my password and then hangs. -- If I: startxwin.bat ssh -X @server location> same problem: It prompts me for my password and then hangs. -- The only way I've successfully made a connection with X forwarding is: startxwin.bat Execute putty for windows with X11 forwarding enabled Enter username and password And I'm off and running... Help? - Phil -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues (with verbose data)
I tried the -vvv mode and here's the screen capture: debug3: no such identity: /home/phil/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password: debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 0 debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64) debug1: Authentication succeeded (keyboard-interactive). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Entering interactive session. debug2: callback start debug2: x11_get_proto: /usr/X11R6/bin/xauth -f /tmp/ssh-zfHmWgkGRG/xauthfile generate 127.0.0.1:0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null Sterling Baker wrote: I believe the use of '-X' has been depreciated. Try using '-Y' instead. Sterling -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philip H. Schlesinger Sent: Wednesday, April 05, 2006 10:07 PM To: cygwin-xfree@cygwin.com Subject: SSH X11 forwarding issues Hi all. I just upgraded my Cygwin to the latest version and found a rather interesting problem: I can do the following command in the bash window with no problem: ssh @ it prompts me for my password and then takes me in from there. -- However, if I: startx ssh -X @server location> It prompts me for my password and then hangs. -- If I: startxwin.bat ssh -X @server location> same problem: It prompts me for my password and then hangs. -- The only way I've successfully made a connection with X forwarding is: startxwin.bat Execute putty for windows with X11 forwarding enabled Enter username and password And I'm off and running... Help? - Phil -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
Re: SSH X11 forwarding issues
Hi Sterling. I checked the man page and -Y is just -X with less security: -X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls. Nevertheless, same problem - it freezes after I type in my password. Other ideas? - Phil Sterling Baker wrote: I believe the use of '-X' has been depreciated. Try using '-Y' instead. Sterling -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philip H. Schlesinger Sent: Wednesday, April 05, 2006 10:07 PM To: cygwin-xfree@cygwin.com Subject: SSH X11 forwarding issues Hi all. I just upgraded my Cygwin to the latest version and found a rather interesting problem: I can do the following command in the bash window with no problem: ssh @ it prompts me for my password and then takes me in from there. -- However, if I: startx ssh -X @server location> It prompts me for my password and then hangs. -- If I: startxwin.bat ssh -X @server location> same problem: It prompts me for my password and then hangs. -- The only way I've successfully made a connection with X forwarding is: startxwin.bat Execute putty for windows with X11 forwarding enabled Enter username and password And I'm off and running... Help? - Phil -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/
RE: SSH X11 forwarding issues
I believe the use of '-X' has been depreciated. Try using '-Y' instead. Sterling -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philip H. Schlesinger Sent: Wednesday, April 05, 2006 10:07 PM To: cygwin-xfree@cygwin.com Subject: SSH X11 forwarding issues Hi all. I just upgraded my Cygwin to the latest version and found a rather interesting problem: I can do the following command in the bash window with no problem: ssh @ it prompts me for my password and then takes me in from there. -- However, if I: startx ssh -X @server location> It prompts me for my password and then hangs. -- If I: startxwin.bat ssh -X @server location> same problem: It prompts me for my password and then hangs. -- The only way I've successfully made a connection with X forwarding is: startxwin.bat Execute putty for windows with X11 forwarding enabled Enter username and password And I'm off and running... Help? - Phil -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/