Re: Anyone have OpenSSH + X11-fwd working?
On Fri, 21 Apr 2000, Chuck Robey wrote: > While this whole thing is being discussed, does anyone know of either a > configuration variable or environmental variable that ssh reads, that will > give the same effect as the -q flag, so that I can stop seeing those > stupid warnings about the size of the key being off by one? There doesn't exist one..plead your case to the OpenSSH developers and see how you go there. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <[EMAIL PROTECTED]> To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Fri, 21 Apr 2000, Warner Losh wrote: > In message <[EMAIL PROTECTED]> "Andrew Reilly" writes: > : Have you got "X11Forwarding yes" > > Ahem. "ForwardX11 yes" is what's documented and is known to work. While this whole thing is being discussed, does anyone know of either a configuration variable or environmental variable that ssh reads, that will give the same effect as the -q flag, so that I can stop seeing those stupid warnings about the size of the key being off by one? Thanks. Chuck Robey| Interests include C & Java programming, FreeBSD, [EMAIL PROTECTED] | electronics, communications, and signal processing. New Year's Resolution: I will not sphroxify gullible people into looking up fictitious words in the dictionary. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Fri, 21 Apr 2000, Brian Fundakowski Feldman wrote: > Sorry, no dice :( It doesn't seem to be that. All I've got left is > maybe sending out every bit of configuration info, and maybe someone > could figure it out. I doubt it, though, so I'm not gonna. Silly question, but have you tried asking the OpenSSH developers? Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <[EMAIL PROTECTED]> To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Fri, 21 Apr 2000, Ben Smithurst wrote: > X11 forwarding is working for me now, but wasn't when I first tried > it. I found I was explicitly setting XAUTHORITY=~/.Xauthority in my > .zshrc file, so the temporary bits created in /tmp/ssh-foo/cookies by > ssh weren't being picked up. I missed the beginning of this thread, but > you're not doing anything similar are you? After fixing that, it seems > to be working for me. Of course, I'm on 4.0-stable, so if that works > for you anyway and it's just 5.0-current which is broken, ignore me. Sorry, no dice :( It doesn't seem to be that. All I've got left is maybe sending out every bit of configuration info, and maybe someone could figure it out. I doubt it, though, so I'm not gonna. > -- > Ben Smithurst / [EMAIL PROTECTED] / PGP: 0x99392F7D -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / [EMAIL PROTECTED]`--' To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
Brian Fundakowski Feldman wrote: > On Thu, 20 Apr 2000, Chris Piazza wrote: > >> It's working from my 5.0 box to my 4.0-R box across town, too. >> >> -Chris > > Okay, give me some more info, please: > > You're going from the 5.0 box to the 4.0 box. What's the /etc/hosts > look like on the 5.0 box? What's xauth list show (you don't have to > show me the cookies, of course :)? What does xauth list say when > you're ssh'd into the 4.0 box? X11 forwarding is working for me now, but wasn't when I first tried it. I found I was explicitly setting XAUTHORITY=~/.Xauthority in my .zshrc file, so the temporary bits created in /tmp/ssh-foo/cookies by ssh weren't being picked up. I missed the beginning of this thread, but you're not doing anything similar are you? After fixing that, it seems to be working for me. Of course, I'm on 4.0-stable, so if that works for you anyway and it's just 5.0-current which is broken, ignore me. -- Ben Smithurst / [EMAIL PROTECTED] / PGP: 0x99392F7D To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Fri, 21 Apr 2000, Andrew Reilly wrote: > > What man ssh(1) doesn't tell you in this paragraph is that even > if you say "ForwardX11 yes" in ~/.ssh/config, you will not get > a proxy X session unless the server has "X11Forwarding yes" in > /etc/ssh/sshd_config. The default that my system configured > itself with was "X11Forwarding no", and I've just changed it, > and now it works. > > That's what I found out as a result of this conversation. For better or for worse, my configuration files haven't changed at all, and are all still correct for OpenSSH, and nothing is fixed with the latest OpenSSH code either... All I can think of is perhaps reinstalling XFree. > -- > Andrew -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / [EMAIL PROTECTED]`--' To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Fri, 21 Apr 2000, Warner Losh wrote: > In message <[EMAIL PROTECTED]> "Andrew Reilly" writes: > : Have you got "X11Forwarding yes" > > Ahem. "ForwardX11 yes" is what's documented and is known to work. According to the documentation, ForwardX11 yes is for ssh configs and X11Forwarding yes is for sshd configs. (O_o) > Warner -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / [EMAIL PROTECTED]`--' To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
In message <[EMAIL PROTECTED]> "Andrew Reilly" writes: : Bzzzt. Man sshd(8): Ah, I'm confused and came in on the middle of a conversation. Never mind. : That's what I found out as a result of this conversation. That's good to know! Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Fri, Apr 21, 2000 at 01:25:20AM -0600, Warner Losh wrote: > In message <[EMAIL PROTECTED]> "Andrew Reilly" writes: > : Have you got "X11Forwarding yes" > > Ahem. "ForwardX11 yes" is what's documented and is known to work. Bzzzt. Man sshd(8): X11Forwarding Specifies whether X11 forwarding is permitted. The default is ``yes''. Note that disabling X11 forwarding does not improve se- curity in any way, as users can always install their own for- warders. Man ssh(1): ForwardX11 Specifies whether X11 connections will be automatically redirect- ed over the secure channel and DISPLAY set. The argument must be ``yes'' or ``no''. What man ssh(1) doesn't tell you in this paragraph is that even if you say "ForwardX11 yes" in ~/.ssh/config, you will not get a proxy X session unless the server has "X11Forwarding yes" in /etc/ssh/sshd_config. The default that my system configured itself with was "X11Forwarding no", and I've just changed it, and now it works. That's what I found out as a result of this conversation. -- Andrew To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
In message <[EMAIL PROTECTED]> "Andrew Reilly" writes: : Have you got "X11Forwarding yes" Ahem. "ForwardX11 yes" is what's documented and is known to work. Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
Peter Wemm wrote: > I hope we haven't changed the server default to stop forwarding.. the > security risk is to the client, not the remote sshd server, therefore it is > the client that should decide on whether to forward or not. I seem to recall the server default being changed, then discussion about why it should be the client instead. The decision was to change the _client_ default and change the server default back, but I don't know if that all happened. (In fact, I'm pretty sure it didn't.) Doug To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
"Andrew Reilly" wrote: > On Thu, Apr 20, 2000 at 07:23:00PM -0400, Brian Fundakowski Feldman wrote: > > On Thu, 20 Apr 2000, Chris Piazza wrote: > > > > > It's working from my 5.0 box to my 4.0-R box across town, too. > > > > > > -Chris > > > > Thanks. There's one data point. Now it's evidently nothing in the > > code, as it fails exactly the same way with 4.0-STABLE OpenSSH, > > -CURRENT OpenSSH, and my latest port update OpenSSH. > > > > I have no idea what it could be now. I suppose I'll investigate problems > > with XFree86 itself now :-/ This is extremely weird. > > Have you got "X11Forwarding yes" > > in the /etc/sshd_config? > > I had it set in my ~/.ssh/config file, but that made no > difference when the server was denying the requests. Thanks to > this conversation and man sshd, I've fixed the problem I was > having. Thanks. I hope we haven't changed the server default to stop forwarding.. the security risk is to the client, not the remote sshd server, therefore it is the client that should decide on whether to forward or not. Cheers, -Peter -- Peter Wemm - [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Thu, Apr 20, 2000 at 07:23:00PM -0400, Brian Fundakowski Feldman wrote: > On Thu, 20 Apr 2000, Chris Piazza wrote: > > > It's working from my 5.0 box to my 4.0-R box across town, too. > > > > -Chris > > Thanks. There's one data point. Now it's evidently nothing in the > code, as it fails exactly the same way with 4.0-STABLE OpenSSH, > -CURRENT OpenSSH, and my latest port update OpenSSH. > > I have no idea what it could be now. I suppose I'll investigate problems > with XFree86 itself now :-/ This is extremely weird. Have you got "X11Forwarding yes" in the /etc/sshd_config? I had it set in my ~/.ssh/config file, but that made no difference when the server was denying the requests. Thanks to this conversation and man sshd, I've fixed the problem I was having. Thanks. -- Andrew To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Thu, 20 Apr 2000, Chris Piazza wrote: > It's working from my 5.0 box to my 4.0-R box across town, too. > > -Chris Okay, give me some more info, please: You're going from the 5.0 box to the 4.0 box. What's the /etc/hosts look like on the 5.0 box? What's xauth list show (you don't have to show me the cookies, of course :)? What does xauth list say when you're ssh'd into the 4.0 box? -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / [EMAIL PROTECTED]`--' To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Thu, 20 Apr 2000, Chris Piazza wrote: > It's working from my 5.0 box to my 4.0-R box across town, too. > > -Chris Thanks. There's one data point. Now it's evidently nothing in the code, as it fails exactly the same way with 4.0-STABLE OpenSSH, -CURRENT OpenSSH, and my latest port update OpenSSH. I have no idea what it could be now. I suppose I'll investigate problems with XFree86 itself now :-/ This is extremely weird. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / [EMAIL PROTECTED]`--' To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Thu, Apr 20, 2000 at 06:10:18PM -0400, Brian Fundakowski Feldman wrote: > On Thu, 20 Apr 2000, Brooks Davis wrote: > > > It works for me. I just tested it from my laptop (current as of > > yesterday) to a 4.0-S machine, a 3.3-RC running ssh 1.2.26, and Solaris > > 2.6 system also running 1.2.26. I seem to recall that we were shipping > > with the server disabling forwarding which was bogus. It's not > > disabled in the default client config. > > > > -- Brooks > > No, I'm interested in a pure FreeBSD 4.X/5.X to 4x/5.X tunnel. Can you > try just ssh to localhost and using X forwarding there (display will > be localhost:10.0)? debug: Connecting to localhost.norn.ca.eu.org [:::127.0.0.1] port 22. debug: Allocated local port 1004. debug: Connection established. debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.3 .. debug: Received encrypted confirmation. debug: Trying RSA authentication via agent with '[EMAIL PROTECTED]' debug: Received RSA challenge from server. debug: Sending response to RSA challenge. debug: Remote: RSA authentication accepted. debug: RSA authentication accepted by server. debug: Requesting pty. debug: Requesting X11 forwarding with authentication spoofing. debug: Entering interactive session. norn% xcalc debug: Received X11 open request. debug: channel 0: new [X11 connection from norn.ca.eu.org port 1560] norn% uname -a FreeBSD norn.ca.eu.org 5.0-CURRENT FreeBSD 5.0-CURRENT #6: Tue Apr 18 18:03:19 PDT 2000 [EMAIL PROTECTED]:/usr/src/sys/compile/NORN i386 It's working from my 5.0 box to my 4.0-R box across town, too. -Chris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Thu, 20 Apr 2000, Brooks Davis wrote: > It works for me. I just tested it from my laptop (current as of > yesterday) to a 4.0-S machine, a 3.3-RC running ssh 1.2.26, and Solaris > 2.6 system also running 1.2.26. I seem to recall that we were shipping > with the server disabling forwarding which was bogus. It's not > disabled in the default client config. > > -- Brooks No, I'm interested in a pure FreeBSD 4.X/5.X to 4x/5.X tunnel. Can you try just ssh to localhost and using X forwarding there (display will be localhost:10.0)? > -- > Any statement of the form "X is the one, true Y" is FALSE. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / [EMAIL PROTECTED]`--' To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Thu, Apr 20, 2000 at 04:59:11PM -0400, Brian Fundakowski Feldman wrote: > It still doesn't work at all, after multiple make worlds with the latest > crypto sources all around. I'm going to update the port and then try that > instead. It works for me. I just tested it from my laptop (current as of yesterday) to a 4.0-S machine, a 3.3-RC running ssh 1.2.26, and Solaris 2.6 system also running 1.2.26. I seem to recall that we were shipping with the server disabling forwarding which was bogus. It's not disabled in the default client config. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
Just FYI: It still doesn't work at all, after multiple make worlds with the latest crypto sources all around. I'm going to update the port and then try that instead. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / [EMAIL PROTECTED]`--' To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
On Mon, 17 Apr 2000, Shin-ichi YOSHIMOTO wrote: > At 10:01 -0400 04/17/2000, Brian Fundakowski Feldman wrote: > > Has anyone tried it recently and gotten it to work? > > Yes, sure. Check your config file. That doesn't explain the failures here. Look. The initial SSH_CHANNEL_X11_OPEN is totally fucked up basically nothing at all like it should be, and there's nothing to explain it. SSH Version OpenSSH-1.2.2, protocol version 1.5. Compiled with SSL. debug: Reading configuration data /home/green/.ssh/config debug: Applying options for * debug: Reading configuration data /etc/ssh/ssh_config debug: Applying options for * debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to green.dyndns.org [10.0.0.1] port 22. debug: Allocated local port 926. debug: Connection established. debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.2 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). debug: Host 'green.dyndns.org' is known and matches the host key. debug: Encryption type: blowfish debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Doing password authentication. debug: Requesting pty. debug: Requesting X11 forwarding with authentication spoofing. debug: Requesting shell. debug: Entering interactive session. Last login: Mon Apr 17 14:06:18 2000 from littlehost Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.0-CURRENT (GREEN) #15: Sun Apr 9 23:06:23 EDT 2000 Welcome to FreeBSD! Before seeking technical support, please use the following resources: o Security advisories and updated errata information for all releases are at http://www.FreeBSD.org/releases/ - always consult the ERRATA section for your release first as it's updated frequently. o The Handbook and FAQ documents are at http://www.freebsd.org/ and, along with the mailing lists, can be searched by going to http://www.FreeBSD.org/search.html. If the doc distribution has been installed, they're also available formatted in /usr/share/doc. If you still have a question or problem, please take the output of `uname -a', along with any relevant error messages, and email it as a question to the [EMAIL PROTECTED] mailing list. If you are unfamiliar with FreeBSD's directory layout, please refer to the hier(7) man page. If you are not familiar with man pages, type "man man". You may also use `/stand/sysinstall' to re-enter the installation and configuration utility. Edit /etc/motd to change this login announcement. /usr/X11R6/bin/xauth: creating new authority file /tmp/ssh-JfGYR325/cookies {"/home/green"}$ xterm debug: Received X11 open request. debug: channel 0: new [X11 connection from localhost port 1743] debug: X11 connection uses different authentication protocol. X11 connection rejected because of wrong authentication. debug: X11 rejected 0 i1/o16 debug: channel 0: INPUT_OPEN -> INPUT_WAIT_DRAIN [read failed] debug: channel 0: shutdown_read debug: channel 0: OUTPUT_OPEN -> OUTPUT_WAIT_IEOF [write failed] debug: channel 0: shutdown_write debug: X11 rejected 0 i2/o64 debug: channel 0: INPUT_WAIT_DRAIN -> INPUT_WAIT_OCLOSE [inbuf empty, send IEOF] debug: channel 0: OUTPUT_WAIT_IEOF -> OUTPUT_CLOSED [rvcd IEOF] debug: channel 0: INPUT_WAIT_OCLOSE -> INPUT_CLOSED [rcvd OCLOSE] debug: channel 0: full closed X connection to green.dyndns.org:12.0 broken (explicit kill or server shutdown). {"/home/green"}$ ^D Connection to green.dyndns.org closed. debug: Transferred: stdin 7, stdout 1533, stderr 40 bytes in 6.8 seconds debug: Bytes per second: stdin 1.0, stdout 225.7, stderr 5.9 debug: Exit status 1 -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / [EMAIL PROTECTED]`--' To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Anyone have OpenSSH + X11-fwd working?
At 10:01 -0400 04/17/2000, Brian Fundakowski Feldman wrote: > Has anyone tried it recently and gotten it to work? Yes, sure. Check your config file. $ cat ~/.ssh/config | grep ^ForwardX11 ForwardX11 yes -- KEK, High Energy Accelerator Research Organization Accelerator Laboratory Shin-ichi YOSHIMOTO <[EMAIL PROTECTED]> To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
RE: Anyone have OpenSSH + X11-fwd working?
On 17-Apr-00 Brian Fundakowski Feldman wrote: > I'm not able to get X11 connection forwarding to work anymore. Just a data point, it works fine in 4-stable (about a week old). To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message