Re: permissions problems in ssh session as root (WAS: apt-get install and upgrade errors)
An idea , may be !! in fact when you use su , without dash ( - ) , you log with the normal Environment and not with the root environment !!! try instead : su - , perhaps ?? any way since you are new to linux (or debian) I think it is better for you ( I repeat what I had said ) I suggest you to install knoppix on hard disk ( it works perfectly and detects most Hardware ) you can complete it, with apt-get . best regards bela -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: permissions problems in ssh session as root (WAS: apt-get install and upgrade errors)
james derry wrote: #hi, bela, #thanks for your reply. as a sanity check, i made sure that as root to run `apt-get upgrade` from root directory (/). same problem. #looking further, it seems the problem may have to do with root permissions problems, and not with apt-get or dpkg at all. logged in as root on ssh, i cannot `touch` a test file to /usr/bin/ directory: touch: creating '/usr/bin/testFile': Permission denied The only thing I can imagine is that /usr (or /usr/bin) is network-mounted from some other host, that doesn't permit writing. What does /proc/mounts say about how /usr is mounted? (If /usr were mounted read-only on a local device, root also would not be allowed to touch there, but the error message would be different). -- Groetjes joostje 47d3fcfe28f2a83497e79d9bc7d5087c-4a1ee1fddab4648175518cb4c1c9edb3ed0e89f0 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: permissions problems in ssh session as root (WAS: apt-get install and upgrade errors)
Title: RE: permissions problems in ssh session as root (WAS: apt-get install and upgrade errors) -Original Message- From: Joost Witteveen [mailto:[EMAIL PROTECTED]] Sent: Fri 11/5/2004 3:36 AM To: james derry Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: permissions problems in ssh session as root (WAS: apt-get install and upgrade errors) james derry wrote: #hi, bela, #thanks for your reply. as a sanity check, i made sure that as root to run `apt-get upgrade` from root directory (/). same problem. #looking further, it seems the problem may have to do with root permissions problems, and not with apt-get or dpkg at all. logged in as root on ssh, i cannot `touch` a test file to /usr/bin/ directory: touch: creating '/usr/bin/testFile': Permission denied The only thing I can imagine is that /usr (or /usr/bin) is network-mounted from some other host, that doesn't permit writing. What does /proc/mounts say about how /usr is mounted? /proc/mounts reads: /dev/sdb4 /usr ext2 rw 0 0 (If /usr were mounted read-only on a local device, root also would not be allowed to touch there, but the error message would be different). -- Groetjes joostje 47d3fcfe28f2a83497e79d9bc7d5087c-4a1ee1fddab4648175518cb4c1c9edb3ed0e89f0
permissions problems in ssh session as root (WAS: apt-get install and upgrade errors)
#hi, bela, #thanks for your reply. as a sanity check, i made sure that as root to run `apt-get upgrade` from root directory (/). same problem. #looking further, it seems the problem may have to do with root permissions problems, and not with apt-get or dpkg at all. logged in as root on ssh, i cannot `touch` a test file to /usr/bin/ directory: touch: creating '/usr/bin/testFile': Permission denied #this, although root is directory owner with rwxr-xr-x rights on the directory. this apt-get effort is the first maintenance i've tried since taking over this machine, and the former admin says he's never seen this problem before, and that ssh-ing into the machine should not be causing these problems (he did all his maintenance via ssh). i rebooted the machine, but that hasn't straightened the problem out (we thought some process might have locked the directory or binary that the upgrade was trying to replace) #any ideas? #apart from trying these commands at the machine console, i can't think of anything else to try; and if anybody has any suggestions about why this is happening or how i might be able to straighten it out, i'd really appreciate the help. #thanks, #james -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with SSH and X11
El lunes, 8 de septiembre de 2003, a las 22:33, Mariano Kamp escribe: I am behind a firewall. That should be ok then, shouldn't it? I find ssh lovely for tunneling almost every service across a firewall where only the port for the ssh server is open. Even better with compression enabled on slow links. Regards, Ismael -- Tout fourmille de commentaries; d'auteurs il en est grande cherté pgp0.pgp Description: PGP signature
Re: Problems with SSH and X11
Jacob, thanks for your detailed answer - it works now. On Tuesday 09 September 2003 05:12, Jacob Anawalt wrote: When you ssh with X11 forwarding, and the remote system at least has xbase-clients installed (the local would have a full X11 system) there should not be a need to use xhost. I haven't had to use the xhost command since I started using ssh. The X11 session data should be carried across the ssh tunnel instead of going unencrypted outside of the ssh tunnel between the two systems. If your $DISPLAY environment variable for your xterminal ssh session to rock is set to black:display[.screen] (ie black:10.0), then you would have to type xhost + or xhost +rock on black to get your X11 apps to appear on rock and the data is not being forwarded over ssh. Now that you've made the changes Collin suggested, when you ssh -X from black to rock, echo $DISPLAY should return localhost:display[.screen] (ie localhost:10.0) and not black:display[.screen]. It should automatically get set to localhost:display[.screen] as you connect. If it isn't being set to localhost:display[.screen] and you connected with ssh -X rock then something else is wrong. Maybe you haven't restarted the ssh daemon on black since you set ForwardX11 yes in the sshd_config file? restarted sshd [EMAIL PROTECTED]:~/.kde$ xhost - access control enabled, only authorized clients can connect [EMAIL PROTECTED]:~/.kde$ ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: [ abbreviated ... banner / last login ] rock:~# echo $DISPLAY localhost:10.0 rock:~# xterm works fine I feel much more save now ;-) I guess you were right about restarting the sshd ... Again, thanks for the help to anyone participating. P.s. The suggested format for posting on this list is to post your response at the bottom. Ok, will obey. Cheers, Mariano -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with SSH and X11
Paul, I am behind a firewall. That should be ok then, shouldn't it? Anyway, would there be any other way to enable one box to use of X from another box? Cheers, Mariano On Sunday 07 September 2003 19:01, Paul Johnson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Sep 06, 2003 at 11:16:02PM +0200, Mariano Kamp wrote: Silly me. After running xhost .. even those last problems vanished... xhost is great...if you don't mind anybody else being able to read your screen and what you're typing remotely without your knowledge. - -- .''`. Paul Johnson [EMAIL PROTECTED] : :' : `. `'` proud Debian admin and user `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/W2RRUzgNqloQMwcRAplmAKCUdzV2kRysndCwTNytww7Vr3xVJwCgk917 w19E4ttPBnjg/NBCUPs1Oq8= =312Q -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with SSH and X11
Mariano Kamp wrote: On Sunday 07 September 2003 19:01, Paul Johnson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Sep 06, 2003 at 11:16:02PM +0200, Mariano Kamp wrote: Silly me. After running xhost .. even those last problems vanished... xhost is great...if you don't mind anybody else being able to read your screen and what you're typing remotely without your knowledge. I am behind a firewall. That should be ok then, shouldn't it? Anyway, would there be any other way to enable one box to use of X from another box? I'll leave the Is xhost some option ok here question for others to discuss in depth, and just address the second half of your question. When you ssh with X11 forwarding, and the remote system at least has xbase-clients installed (the local would have a full X11 system) there should not be a need to use xhost. I haven't had to use the xhost command since I started using ssh. The X11 session data should be carried across the ssh tunnel instead of going unencrypted outside of the ssh tunnel between the two systems. If your $DISPLAY environment variable for your xterminal ssh session to rock is set to black:display[.screen] (ie black:10.0), then you would have to type xhost + or xhost +rock on black to get your X11 apps to appear on rock and the data is not being forwarded over ssh. Now that you've made the changes Collin suggested, when you ssh -X from black to rock, echo $DISPLAY should return localhost:display[.screen] (ie localhost:10.0) and not black:display[.screen]. It should automatically get set to localhost:display[.screen] as you connect. If it isn't being set to localhost:display[.screen] and you connected with ssh -X rock then something else is wrong. Maybe you haven't restarted the ssh daemon on black since you set ForwardX11 yes in the sshd_config file? Jacob P.s. The suggested format for posting on this list is to post your response at the bottom. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with SSH and X11
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Sep 06, 2003 at 05:30:19PM +0200, Mariano Kamp wrote: I have two boxes, one with X (black) and one without (rock). I want to run an X Application on rock, but always get the message that it is not possible to connect to the remote xserver. Gotta have X on both. ssh -C -X only works on X displays. - -- .''`. Paul Johnson [EMAIL PROTECTED] : :' : `. `'` proud Debian admin and user `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/W2QJUzgNqloQMwcRAl+uAJ4vv4btgP2dNe3tm92WpubgmRbY2QCcDzPN iJMPber2o1pq407uAIkwSA4= =Sjfs -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with SSH and X11
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Sep 06, 2003 at 11:16:02PM +0200, Mariano Kamp wrote: Silly me. After running xhost .. even those last problems vanished... xhost is great...if you don't mind anybody else being able to read your screen and what you're typing remotely without your knowledge. - -- .''`. Paul Johnson [EMAIL PROTECTED] : :' : `. `'` proud Debian admin and user `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/W2RRUzgNqloQMwcRAplmAKCUdzV2kRysndCwTNytww7Vr3xVJwCgk917 w19E4ttPBnjg/NBCUPs1Oq8= =312Q -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Problems with SSH and X11
Hi, I have two boxes, one with X (black) and one without (rock). I want to run an X Application on rock, but always get the message that it is not possible to connect to the remote xserver. What I do is the following: [EMAIL PROTECTED]:~$ ssh -X rock The authenticity of host 'rock (192.168.0.1)' can't be established. [EMAIL PROTECTED]'s password: Linux rock 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i686 GNU/Linux [..] abbreviated [EMAIL PROTECTED]:~$ echo $DISPLAY [ void - just one blank line ] From what I got from my googling. The DISPLAY variable should have been set, shouldn't it? At least I am sure I read that one shouldn't set it by hand... [EMAIL PROTECTED]:~$ xterm xterm Xt error: Can't open display: Hmmh?! [EMAIL PROTECTED]:~$ DISPLAY=black:0.0 xterm Xlib: connection to black:0.0 refused by server Xlib: No protocol specified xterm Xt error: Can't open display: black:0.0 So, my X-Server on black is refusing to talk On black kdm.log says this: AUDIT: Sat Sep 6 17:15:28 2003: 304 X: client 20 rejected from IP 192.168.0.1 port 32794 192.168.0.1 is the ip of rock. If I run xterm locally, but with explicit IP it works: [EMAIL PROTECTED]:~$ DISPLAY=black:0.0 xterm Besides that I have another thing with SSH bugging me. Maybe these issues are related? When I try to copy something with scp from rock to black, like this: [EMAIL PROTECTED]:~$ scp foo [EMAIL PROTECTED]:. [EMAIL PROTECTED]'s password: executing /etc/bash.bashrc [EMAIL PROTECTED]:~$ I just get the message that /etc/bash.bashrc has been executed, which is just some debug message for me that this file bas been executed on rock. Btw. I am running unstable. I am also wondering why I have ssh and ssh2 on my machine. Can I remove one of them? How? apt-get remove ssh? I am a bit lost and don't understand it. Any ideas? Cheers, Mariano -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with SSH and X11
On Sat, Sep 06, 2003 at 05:30:19PM +0200, Mariano Kamp wrote: [EMAIL PROTECTED]:~$ ssh -X rock The authenticity of host 'rock (192.168.0.1)' can't be established. [EMAIL PROTECTED]'s password: Linux rock 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i686 GNU/Linux [..] abbreviated [EMAIL PROTECTED]:~$ echo $DISPLAY [ void - just one blank line ] I bet you don't have xbase-clients installed on the remote system. Besides that I have another thing with SSH bugging me. Maybe these issues are related? No, they aren't. When I try to copy something with scp from rock to black, like this: [EMAIL PROTECTED]:~$ scp foo [EMAIL PROTECTED]:. [EMAIL PROTECTED]'s password: executing /etc/bash.bashrc [EMAIL PROTECTED]:~$ I just get the message that /etc/bash.bashrc has been executed, which is just some debug message for me that this file bas been executed on rock. You shouldn't do it like that. This is a common mistake, but it breaks the scp protocol. Guard the debug message such that it only gets displayed for interactive shells, something like this: case $- in *i*) echo 'executing /etc/bash.bashrc' # other interactive stuff goes here, if you want ;; esac I am also wondering why I have ssh and ssh2 on my machine. You installed them both, probably. ;) Can I remove one of them? How? apt-get remove ssh? ssh2 wasn't properly maintained for a long time, is non-free, and has been removed from Debian. 'dpkg --purge ssh2' is probably what you want. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with SSH and X11
El sábado, 6 de septiembre de 2003, a las 17:30, Mariano Kamp escribe: I have two boxes, one with X (black) and one without (rock). I want to run an X Application on rock, but always get the message that it is not possible to connect to the remote xserver. With security in mind, X11 forwarding is disabled by default on the Debian stock sshd. Set X11Forwarding yes on your /etc/ssh/sshd_config and restart the server. # /etc/init.d/ssh restart Regards, Ismael -- Tout fourmille de commentaries; d'auteurs il en est grande cherté pgp0.pgp Description: PGP signature
Re: Problems with SSH and X11
Hi Christophe, thanks for taking the time. I double checked the syntax with the man pages and I believe I already set it up this way ... with no success. black:/etc/ssh# grep orward * ssh_config:ForwardAgent yes ssh_config:ForwardX11 yes sshd_config:X11Forwarding yes rock:/etc/ssh# grep orward * | grep -v '#' ssh_config:ForwardX11 yes ssh_config:ForwardAgent yes sshd_config:X11Forwarding yes And the result is still the same?! black:/etc/ssh# ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Linux rock 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i686 GNU/Linux The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Sat Sep 6 18:17:49 2003 from black rock:~# echo $DISPLAY rock:~# Do you know what part SSH2 plays here? I am always doing the config changes in /etc/ssh not in /etc/ssh2. Cheers, Mariano On Saturday 06 September 2003 17:41, you wrote: Le Samedi 6 Septembre 2003 17:30, Mariano Kamp a déclamé : I have two boxes, one with X (black) and one without (rock). I want to run an X Application on rock, but always get the message that it is not possible to connect to the remote xserver. Hope this helps: To launch X applications through ssh, i had only to : - set X11Forwarding to true in sshd_config on the server, AND in ssh_config on the client, - after a ssh login, $DISPLAY was localhost:10.0 (!) - and that's all ! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with SSH and X11
Hi Colin, Ismael, thanks very much for the help ... I can see progress now. I bet you don't have xbase-clients installed on the remote system. Yeah, the settings of the DISPLAY variable works fine now. rock:~# xterm Xlib: connection to localhost:10.0 refused by server Xlib: Invalid MIT-MAGIC-COOKIE-1 key Warning: This program is an suid-root program or is being run by the root user. The full text of the error or warning message cannot be safely formatted in this environment. You may get a more descriptive message by running the program as a non-root user or by removing the suid bit on the executable. xterm Xt error: Can't open display: %s rock:~# But the login still doesn't work. Somehow the xserver on black is rejecting my requests. AUDIT: Sat Sep 6 18:35:04 2003: 304 X: client 23 rejected from local host Auth name: MIT-MAGIC-COOKIE-1 ID: -1 You shouldn't do it like that. This is a common mistake, but it breaks the scp protocol. Guard the debug message such that it only gets displayed for interactive shells, something like this: Right. Changed that and it's all working fine now. Thanx again. Cheers, Mariano -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with SSH and X11
Silly me. After running xhost .. even those last problems vanished... On Saturday 06 September 2003 18:28, Mariano Kamp wrote: Hi Christophe, thanks for taking the time. I double checked the syntax with the man pages and I believe I already set it up this way ... with no success. black:/etc/ssh# grep orward * ssh_config:ForwardAgent yes ssh_config:ForwardX11 yes sshd_config:X11Forwarding yes rock:/etc/ssh# grep orward * | grep -v '#' ssh_config:ForwardX11 yes ssh_config:ForwardAgent yes sshd_config:X11Forwarding yes And the result is still the same?! black:/etc/ssh# ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Linux rock 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i686 GNU/Linux The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Sat Sep 6 18:17:49 2003 from black rock:~# echo $DISPLAY rock:~# Do you know what part SSH2 plays here? I am always doing the config changes in /etc/ssh not in /etc/ssh2. Cheers, Mariano On Saturday 06 September 2003 17:41, you wrote: Le Samedi 6 Septembre 2003 17:30, Mariano Kamp a déclamé : I have two boxes, one with X (black) and one without (rock). I want to run an X Application on rock, but always get the message that it is not possible to connect to the remote xserver. Hope this helps: To launch X applications through ssh, i had only to : - set X11Forwarding to true in sshd_config on the server, AND in ssh_config on the client, - after a ssh login, $DISPLAY was localhost:10.0 (!) - and that's all ! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Solved: AGAINdebian-newbe problems w. ssh
At 19.01.2003 16:15, you wrote: [I would prefer it if you kept the conversation on the list, so that other people can help. Thanks.] Sorry for that, I just replied, that sent it direct to you ! On Sun, Jan 19, 2003 at 05:10:33PM +0100, Oliver wrote: At 19.01.2003 15:29, you wrote: On Sun, Jan 19, 2003 at 04:09:49PM +0100, Oliver wrote: When I try to load /etc/ssh/ssh_host_key a. if it is set to r-- --- --- Could not load .. host_key b. if it is set to rw- --- --- Could not load .. host_key b. if it is set to rw- r-- --- It says that the permissions are too open. but does not load it anyway ??? -rw--- owned by user root and group root is the correct set of permissions. Can you give me a transcript of exactly what you're doing and what you see? What I did: [...] Then I stopped sshd - /etc/init.d/ssh stop and restarted it /etc/init.d/ssh start then there came the messages I mentioned earlier. I would like to see *the exact messages*. Cut-and-paste from a terminal window would be ideal. Not summaries; I can't search through the source code for summaries. Thank you. It seems that some kind of hardware error was the reason. My harddisk is gone while I was trying this (and other) stuff, 'messages' got filled with bad block errors. Sometimes 'recycling' old components is not a real good idea. Now with a new disk and installation everything works as supposed. Anyway thanks for the help ! Oliver -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
debian-newbe problems w. ssh .profile
Hi folks, I just installed debian, and that´s why I installed debian, makes me trouble now;) ! I have to setup ssh, to use it with the windows TTSSH client. This only understands ssh 1.5, so I decided to use protocol 1. Also I have an old server, which also understands P1. I changed Protocol (etc/ssh/sshd_config) to 1,2 and restarted sshd. I got the message ...: sshd Could not load host key: /etc/ssh/ssh_host_key Disabling protocol version1 Ok, lets make a key 'ssh-keygen' but now the problem starts. It just shows me a lot of options :-X Could anybody point me how to make a protocol 1 key ? I´d like to set up '.profile' to have some commands be aliased. so I made a .profile in the /root directory. But it will not be read, or maybe not interpreted correct when I log in as root. BTW I would like to have a .profile for every user on the system. Can one also point me in the right direction ? Thanks In advance Oliver -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian-newbe problems w. ssh .profile
On Sun, Jan 19, 2003 at 01:50:52PM +0100, Oliver wrote: I have to setup ssh, to use it with the windows TTSSH client. This only understands ssh 1.5, so I decided to use protocol 1. Also I have an old server, which also understands P1. I changed Protocol (etc/ssh/sshd_config) to 1,2 and restarted sshd. I got the message ...: sshd Could not load host key: /etc/ssh/ssh_host_key Disabling protocol version1 Ok, lets make a key 'ssh-keygen' but now the problem starts. It just shows me a lot of options :-X Could anybody point me how to make a protocol 1 key ? 'ssh-keygen -t rsa1' Cheers, -- Colin Watson [[EMAIL PROTECTED]] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian-newbe problems w. ssh .profile
Hej Oliver! I'm a newbie in Debian, too, not in LinuX in general... At 13:50 19.01.2003 +0100, you wrote: Hi folks, I just installed debian, and that´s why I installed debian, makes me trouble now;) ! I have to setup ssh, to use it with the windows TTSSH client. This only understands ssh 1.5, so I decided to use protocol 1. Also I have an old server, which also understands P1. I changed Protocol (etc/ssh/sshd_config) to 1,2 and restarted sshd. I got the message ...: sshd Could not load host key: /etc/ssh/ssh_host_key Disabling protocol version1 Ok, lets make a key 'ssh-keygen' but now the problem starts. It just shows me a lot of options :-X Could anybody point me how to make a protocol 1 key ? I run a sshd on my LinuX-DSL-Router. There I simply use makekey to generate a collection of keys! It doesnt work on my Debian this way. I´d like to set up '.profile' to have some commands be aliased. so I made a .profile in the /root directory. But it will not be read, or maybe not interpreted correct when I log in as root. BTW I would like to have a .profile for every user on the system. Can one also point me in the right direction ? Find out which shell you run (typically bash)! Then edit in every users directory the .bashrc (.shellnamerc) for inserting aliases! Boris Thanks In advance Oliver -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
AGAINdebian-newbe problems w. ssh
At 19.01.2003 13:05, you wrote: On Sun, Jan 19, 2003 at 01:50:52PM +0100, Oliver wrote: I have to setup ssh, to use it with the windows TTSSH client. This only understands ssh 1.5, so I decided to use protocol 1. Also I have an old server, which also understands P1. I changed Protocol (etc/ssh/sshd_config) to 1,2 and restarted sshd. I got the message ...: sshd Could not load host key: /etc/ssh/ssh_host_key Disabling protocol version1 Ok, lets make a key 'ssh-keygen' but now the problem starts. It just shows me a lot of options :-X Could anybody point me how to make a protocol 1 key ? 'ssh-keygen -t rsa1' Cheers, Thanks, I got my key, but now sshd is nagging! When I try to load /etc/ssh/ssh_host_key a. if it is set to r-- --- --- Could not load .. host_key b. if it is set to rw- --- --- Could not load .. host_key b. if it is set to rw- r-- --- It says that the permissions are too open. but does not load it anyway ??? TIA Oliver -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: AGAINdebian-newbe problems w. ssh
[I would prefer it if you kept the conversation on the list, so that other people can help. Thanks.] On Sun, Jan 19, 2003 at 05:10:33PM +0100, Oliver wrote: At 19.01.2003 15:29, you wrote: On Sun, Jan 19, 2003 at 04:09:49PM +0100, Oliver wrote: When I try to load /etc/ssh/ssh_host_key a. if it is set to r-- --- --- Could not load .. host_key b. if it is set to rw- --- --- Could not load .. host_key b. if it is set to rw- r-- --- It says that the permissions are too open. but does not load it anyway ??? -rw--- owned by user root and group root is the correct set of permissions. Can you give me a transcript of exactly what you're doing and what you see? What I did: [...] Then I stopped sshd - /etc/init.d/ssh stop and restarted it /etc/init.d/ssh start then there came the messages I mentioned earlier. I would like to see *the exact messages*. Cut-and-paste from a terminal window would be ideal. Not summaries; I can't search through the source code for summaries. Thank you. Cheers, -- Colin Watson [[EMAIL PROTECTED]] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: AGAINdebian-newbe problems w. ssh
Oliver wrote: I got the message ...: sshd Could not load host key: /etc/ssh/ssh_host_key Disabling protocol version1 Could anybody point me how to make a protocol 1 key ? 'ssh-keygen -t rsa1' The error message sounds to me like either an 'rsa' or a 'dsa' key is in the file instead of an 'rsa1' key. If it has only numbers in the key it is 'rsa1'. If it contains both numbers and letters it is 'rsa'. If you posted the contents of /etc/ssh/ssh_host_key.pub we could tell for sure. If it is the wrong key type then you will have to remake it as the correct type using the command that Karsten provided previously. Here is a recap. ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' Bob msg24990/pgp0.pgp Description: PGP signature
Re: AGAINdebian-newbe problems w. ssh
Bob Proulx wrote: command that Karsten provided previously. Here is a recap. Pardon me Colin! I meant that Colin posted previously. Ack. ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' Bob msg24995/pgp0.pgp Description: PGP signature
problems using ssh to execute rmt
Hi. I have been using ssh to go between one of my systems and another so I can execute rmt since the remote system has a much better tape drive. The following worked up to maybe last week, but I am confused as to what has changed. On the local system I need to be root while running the tape drive so I can get to all the files for a backup, but I want the remote system not to permit root login, so I have the tape drive on the remote system owned by a user, and from a root window -- to manipulate the tape drive I export MT_RSH to a one line shell command like this: ssh -l user -i /home/user/.ssh/id_rsa $* and this worked fine till very recently. Now if I do this rmt gives me i/o error, although the tape drive status is not changed. If I login to my local system as the user who owns the tape drive on the remote system and su to root it works! So, from a root window it doesn't work, but from the user window sued to root it does and I would like to understand what is happening? Anyway to get it to work the old way? The only change I know ofwas an upgrade of ssh (running sid Debian). Thanks much for your help. -- John Covici [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
anyone having problems with ssh (sshd) 1.2.27?
I'm running slink (Debian 2.1). I downloaded and compiled ssh 1.2.27. The client works fine, but the server (sshd) will crash with a SEGV (segmentation violation) after a while. (I haven't yet determined what a while is, but it's over 1 hour.) I do not even have to connect to it to get it to die -- it does so all by itself. The only reason I know it's a SEGV is that I ran the debugger (gdb) on it (via attach) and it says Program exited with signal segmentation violation (or something like that). I'm guessing it may have something to do with the libraries included on slink: libc6. (I couldn't get sshd to compile using only libc5. I'm guessing that the other libraries that it links with need libc6.) If the libraries is indeed the problem, does anyone know of a tried-and-true method of tracking the problem libc6 library call(s) down? I tried linking sshd statically (i.e., w/o any dynamic libraries) and it fails in precisely the same way. I am willing to run a different version of ssh, as long as I can keep sshd from dying. P.S. I run sshd 1.2.27 on other Linux machines running Slackware 3.6 with no problems whatsoever. They, obviously, use libc5, not libc6.
Re: anyone having problems with ssh (sshd) 1.2.27?
The only reason I know it's a SEGV is that I ran the debugger (gdb) on it (via attach) and it says Program exited with signal segmentation violation (or something like that). If you haven't already, rebuild ssh with -g in the makefile and any -O options omitted. Then, wait for it to crash in gdb, and use where to locate what is happening. Reply with the stack trace. Personally, I'm running the Debian-packaged version of ssh on a machine with a 17+ day uptime with no problems. Then again, its also running 2.2.10 and potato with glibc 2.1. -- Stephen Pitts [EMAIL PROTECTED] webmaster - http://www.mschess.org
Problems (with ssh?)
-BEGIN PGP SIGNED MESSAGE- Hallo all, I've got a problem which I'm not able to solve myself. It looks rather strange to me. Situation: I'v got two computers (comp1 and comp2) and two accounts on both of them (acc1 and acc2). When I'm trying to connect via ssh from comp1:acc1 to comp2:acc1, all I get is only message buffer_get trying to get more bytes than in buffer. The same message I get when I'm trying comp1:acc1 - comp1:acc2. But when I try comp1:acc2 - anywhere, all is OK. The same applies to connection from comp2:any - comp1:any Connections via telnet are all OK. Can someone at least explain me why this strange problem occurs? Thanks in advance for any help, Petr Barta PGP key: http://orin.czech.net/pgp.key -BEGIN PGP SIGNATURE- Version: 2.6.3i Charset: noconv iQCVAwUBM5Z5T9yOtOi8pSQtAQFEjwP9ED+aFQFYf/8jZ/r15GjHnA4c7tmnzxO7 8YLyjzqlos1mIgC6SLlM28MZ3ZT+3uLoZE+G3cBfmQhNFdd//dtRvHq+4rOGkVSP FzwGdQKPjy+sqlWgFv1FasPrqZseNb+lXEcaHoEc5mf9lqvfbWP2BQlPrz7n0Ss0 dyoyU5DlTz4= =ubXo -END PGP SIGNATURE- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
