Re: [gentoo-user] SSH permission question (AGAIN)
Hi MAL and folks, Because of SSH being unstable in operation I upgraded it to the latest packages on RH9 box as follows; openssh-3.7.1p2-1.i386.rpm openssh-clients-3.7.1p2-1.i386.rpm openssh-askpass-3.7.1p2-1.i386.rpm openssh-askpass-gnome-3.7.1p2-1.i386.rpm openssh-server-3.7.1p2-1.i386.rpm After upgrade On Gentoo box === As USER *** $ ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: -bash-2.05b$ konqueror konqueror: cannot connect to X server $ ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Last login: Tue Nov 11 19:08:15 2003 from 192.168.0.2 [EMAIL PROTECTED] root]# konqueror konqueror: cannot connect to X server As ROOT *** # xhost + 192.168.0.1 xhost: unable to open display # ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Warning: No xauth data; using fake authentication data for X11 forwarding. -bash-2.05b$ # ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Warning: No xauth data; using fake authentication data for X11 forwarding. Last login: Tue Nov 11 19:37:02 2003 from 192.168.0.2 On RH9 box = As USER *** $ ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Last login: Tue Nov 11 18:43:19 2003 [EMAIL PROTECTED] satimis $ konqueror kbuildsycoca running... DirFilterPlugin: New URL: file:/home/satimis DirFilterPlugin: Current URL: ASSERT: m_widget in kaction.cpp (2993) ASSERT: m_widget in kaction.cpp (2993) Connect to X-server of RH9 box without problem $ ssh -X [EMAIL PROTECTED] also no problem As ROOT *** # ssh -X [EMAIL PROTECTED] Permission denied (publickey,password,keyboard-interactive). Could not login/connect X server of Gentoo box # ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Last login: Tue Nov 11 18:53:51 2003 from 192.168.0.1 localhost root # konqueror kbuildsycoca running... DirFilterPlugin: New URL: file:/root DirFilterPlugin: Current URL: DirFilterPlugin: New URL: file:/ DirFilterPlugin: Current URL: file:/root ASSERT: m_widget in kaction.cpp (2993) ASSERT: m_widget in kaction.cpp (2993) Connect to X-server of Gentoo box I tried more than an hour to find out the cause of this funny things without result including rebooting PCs /etc/ssh/sshd_config Host * ForwardX11=yes found on both boxes. Also tried adding ForwardAgent=yes Remark: On Gentoo box - iptables not running On RH9 box - iptables stopped running only Shorewall running B.R. Stephen Stephen Liu wrote: I will try your suggestion when the problem comes again. This time it works perfect. Without -X, the remote machine is connecting to the local machine's IP, and conversing with the X server via it's own TCP connection. If a firewall is in the way, this won't work. With -X, all X data is sent via the already existing SSH connection (the same connection you type commands via), and so will work even if all other ports are blocked. MAL -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question (AGAIN)
Stephen Liu wrote: Hi MAL and folks, snip On Gentoo box === As USER *** $ ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: -bash-2.05b$ konqueror konqueror: cannot connect to X server Firstly, something you should understand. There are two ways to do what you are attempting, and it seems that you're trying them both at once. To get machine A's X programs to display on machine B, you can either: One: 1) On machine A, type: xhost + 1) SSH from machine A to machine B: ssh [EMAIL PROTECTED] 2) On machine B, type: export DISPLAY=machineA:0.0 3) On machine B, run an X program: xterm 4) Providing there is no firewall on machine A, the program should appear on machine A's desktop. (don't forget to run xhost - on machine A after). Two: 1) On machine B, make sure you have X11Forwarding yes in your /etc/ssh/sshd_config file. If not, add it and restart SSHD: /etc/init.d/sshd restart 2) SSH from machine A to machine B, using the -X switch: ssh -X [EMAIL PROTECTED] 3) On machine B, run an X program: xterm 4) It should appear on machine A, even if a firewall is running on machine A (and blocking everything but SSH). It works even if there is a firewall, because machine B is not making any connections to machine A. Instead, it is connecting to itself, where an SSH tunnel is waiting to take the data back to machine A. You can check that this tunnel is set up correctly by typing the following on machine B, after SSHing to it with -X : export | grep DISPLAY You should see: declare -x DISPLAY=localhost:10.0 Hope that helps, MAL -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question (AGAIN)
Hi MAL, Thanks for your advice. Your method 'One' worked. But method 'Two' did not work, running 'xterm' displaying it on machineB only NOT on machineA disregard whether firewall on machineA was up or down. Sorry, I have to explain what I was trying to achieve in this few days. I need from machineA to connect machineB doing administration work, including retrieving documents, solely controlled by one operator on machineA. In the same way an operator on machineB can do the same job when it is not navigated by machineA. machineA=RH9 machineB=Gentoo. Now machineA can navigate machineB but the other way round is only by luck B.R. Stephen On Gentoo box === As USER *** $ ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: -bash-2.05b$ konqueror konqueror: cannot connect to X server Firstly, something you should understand. There are two ways to do what you are attempting, and it seems that you're trying them both at once. To get machine A's X programs to display on machine B, you can either: One: 1) On machine A, type: xhost + 1) SSH from machine A to machine B: ssh [EMAIL PROTECTED] 2) On machine B, type: export DISPLAY=machineA:0.0 3) On machine B, run an X program: xterm 4) Providing there is no firewall on machine A, the program should appear on machine A's desktop. (don't forget to run xhost - on machine A after). Two: 1) On machine B, make sure you have X11Forwarding yes in your /etc/ssh/sshd_config file. If not, add it and restart SSHD: /etc/init.d/sshd restart 2) SSH from machine A to machine B, using the -X switch: ssh -X [EMAIL PROTECTED] 3) On machine B, run an X program: xterm 4) It should appear on machine A, even if a firewall is running on machine A (and blocking everything but SSH). It works even if there is a firewall, because machine B is not making any connections to machine A. Instead, it is connecting to itself, where an SSH tunnel is waiting to take the data back to machine A. You can check that this tunnel is set up correctly by typing the following on machine B, after SSHing to it with -X : export | grep DISPLAY You should see: declare -x DISPLAY=localhost:10.0 Hope that helps, MAL -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
Stephen Liu wrote: PC1-RH9 box == Recently I am testing Shorewall 1.4.7 on this box so that there are 2 firewalls, Shorewall and Iptables, running on the same box but without conflict. I have configured Shorewall 1.4.7 including IP masquerading leaving Iptables untouched as default firewall eversince the intallation of RH9. After stopping Iptables # /etc/init.d/iptables stop Then PC1-RH9 box, both as ROOT and USER, can connect both ROOT's and USER's X-server of PC2-Gentoo box. PC2-Gentoo box This box also has 2 NICs eth0connected to broadband via ADSL modem when it works as standalone workstation. At time of testing SSH there is no connection eth1connected to PC1-RH9 box If I add 'adsl-start' in /etc/conf.d/local.start, this box can't connect X-server of PC1-RH9 box (however login to PC1-RH9 box being possible). I have to remove it from /etc/conf.d/local.start. In the recent test I added it to reconfirm this discovery. Now another minor problem popup after removing 'adsl-start' at finish of the aforesaid reconfirmation. As ROOT PC1-Gentoo box can't connect X-server of PC1-RH9 box (login being possible) # ssh -l root 192.168.0.1 [EMAIL PROTECTED]'s password: Warning: No xauth data; using fake authentication data for X11 forwarding. Last login: Sun Nov 9 16:53:10 2003 from 192.168.0.2 # konqueror Xlib: connection to localhost:11.0 refused by server Xlib: Invalid MIT-MAGIC-COOKIE-1 key konqueror: cannot connect to X server localhost:11.0 # kedit Xlib: connection to localhost:11.0 refused by server Xlib: Invalid MIT-MAGIC-COOKIE-1 key kedit: cannot connect to X server localhost:11.0 These are not working because the applications can't connect to your Gentoo box's X server, probably due to the firewall. You have two options: 1) Stop the firewall on the Gentoo box: /etc/init.d/iptables stop (this will also wipe the tables) or 2) SSH to your RedHat box, using the X11 port tunnelling feature of SSH: ssh -X -l root 192.168.0.1 In order for this to work, you must have the following option set in your /etc/ssh/sshd_config: X11Forwarding yes For speed, I would also set the following (in the same file): Compression no 1) How to configure Iptables so that it can coexist with Shorewall without affecting SSH Why on earth do you want two firewalls? Shorewall probably uses iptables anyway! 2) How to solve the remaining problem in PC2-Gentoo box as mentioned above MAL -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
Hi Andrej, Stroller and others Finally I discover the cause of the problem but still there are some minor problems remained unsolved. PC1-RH9 box == Recently I am testing Shorewall 1.4.7 on this box so that there are 2 firewalls, Shorewall and Iptables, running on the same box but without conflict. I have configured Shorewall 1.4.7 including IP masquerading leaving Iptables untouched as default firewall eversince the intallation of RH9. After stopping Iptables # /etc/init.d/iptables stop Then PC1-RH9 box, both as ROOT and USER, can connect both ROOT's and USER's X-server of PC2-Gentoo box. PC2-Gentoo box This box also has 2 NICs eth0connected to broadband via ADSL modem when it works as standalone workstation. At time of testing SSH there is no connection eth1connected to PC1-RH9 box If I add 'adsl-start' in /etc/conf.d/local.start, this box can't connect X-server of PC1-RH9 box (however login to PC1-RH9 box being possible). I have to remove it from /etc/conf.d/local.start. In the recent test I added it to reconfirm this discovery. Now another minor problem popup after removing 'adsl-start' at finish of the aforesaid reconfirmation. As ROOT PC1-Gentoo box can't connect X-server of PC1-RH9 box (login being possible) # ssh -l root 192.168.0.1 [EMAIL PROTECTED]'s password: Warning: No xauth data; using fake authentication data for X11 forwarding. Last login: Sun Nov 9 16:53:10 2003 from 192.168.0.2 # konqueror Xlib: connection to localhost:11.0 refused by server Xlib: Invalid MIT-MAGIC-COOKIE-1 key konqueror: cannot connect to X server localhost:11.0 # kedit Xlib: connection to localhost:11.0 refused by server Xlib: Invalid MIT-MAGIC-COOKIE-1 key kedit: cannot connect to X server localhost:11.0 But as USER PC2-Gentoo box can connect X-server of PC1-RH9 box. My new questions are; 1) How to configure Iptables so that it can coexist with Shorewall without affecting SSH 2) How to solve the remaining problem in PC2-Gentoo box as mentioned above Thanks in advance. B.R. Stephen On Sun, 09 Nov 2003 08:28:59 +0800 Stephen Liu [EMAIL PROTECTED] wrote: sudo grep -i Root /etc/ssh/sshd_config #PermitRootLogin yes Shouldn't that be uncommented (without leading '#') ? -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
On Nov 9, 2003, at 12:28 am, Stephen Liu wrote: - snip - $ sudo grep -i Root /etc/ssh/sshd_config Password(enter satimis password) sendmail: Cannot open mail:25 satimis is not in the sudoers file. This incident will be reported. The sudo is for a regular user to have root permissions. The user needs to be in the sudoers file needs to enter _their own_ password. But ignore that. Login as root # grep -i Root /etc/ssh/sshd_config Then log out again. # sudo grep -i Root /etc/ssh/sshd_config #PermitRootLogin yes You should be doing this on the machine which you are unable to ssh into; IE 192.168.0.2 # ssh -l root 192.168.0.2 ssh: connect to host 192.168.0.2 port 22: Connection refused Can you ssh into that machine as regular user..? Yes. I use it quite often $ ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Permission denied, please try again. [EMAIL PROTECTED]'s password: Last login: Sun Nov 9 00:08:54 2003 from localhost.localdomain So clearly you need to uncomment the #PermitRootLogin yes line, don't you think..? Does that not fix it..? Stroller. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
Hi Stroller, Can you ssh into that machine as regular user..? Yes. I use it quite often $ ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Permission denied, please try again. [EMAIL PROTECTED]'s password: Last login: Sun Nov 9 00:08:54 2003 from localhost.localdomain So clearly you need to uncomment the #PermitRootLogin yes line, don't you think..? Does that not fix it..? I tried on both PCs. It did not help. Please see my previous posting which is repeated hereinunder Hi Andrej, Stroller and others Finally I discover the cause of the problem but still there are some minor problems remained unsolved. PC1-RH9 box == Recently I am testing Shorewall 1.4.7 on this box so that there are 2 firewalls, Shorewall and Iptables, running on the same box but without conflict. I have configured Shorewall 1.4.7 including IP masquerading leaving Iptables untouched as default firewall eversince the intallation of RH9. After stopping Iptables # /etc/init.d/iptables stop Then PC1-RH9 box, both as ROOT and USER, can connect both ROOT's and USER's X-server of PC2-Gentoo box. PC2-Gentoo box This box also has 2 NICs eth0connected to broadband via ADSL modem when it works as standalone workstation. At time of testing SSH there is no connection eth1connected to PC1-RH9 box If I add 'adsl-start' in /etc/conf.d/local.start, this box can't connect X-server of PC1-RH9 box (however login to PC1-RH9 box being possible). I have to remove it from /etc/conf.d/local.start. In the recent test I added it to reconfirm this discovery. Now another minor problem popup after removing 'adsl-start' at finish of the aforesaid reconfirmation. As ROOT PC1-Gentoo box can't connect X-server of PC1-RH9 box (login being possible) # ssh -l root 192.168.0.1 [EMAIL PROTECTED]'s password: Warning: No xauth data; using fake authentication data for X11 forwarding. Last login: Sun Nov 9 16:53:10 2003 from 192.168.0.2 # konqueror Xlib: connection to localhost:11.0 refused by server Xlib: Invalid MIT-MAGIC-COOKIE-1 key konqueror: cannot connect to X server localhost:11.0 # kedit Xlib: connection to localhost:11.0 refused by server Xlib: Invalid MIT-MAGIC-COOKIE-1 key kedit: cannot connect to X server localhost:11.0 But as USER PC2-Gentoo box can connect X-server of PC1-RH9 box. My new questions are; 1) How to configure Iptables so that it can coexist with Shorewall without affecting SSH 2) How to solve the remaining problem in PC2-Gentoo box as mentioned above Thanks in advance. B.R. Stephen -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
On Nov 7, 2003, at 12:00 pm, Stephen Liu wrote: # ssh -l root 192.168.0.2 ssh: connect to host 192.168.0.2 port 22: Connection refused How to get it connected? Thanks try to start the ssh daemon on the box you want to connect to: /etc/init.d/sshd start SSH already started on both boxes. $ ssh -X [EMAIL PROTECTED] # ssh -X [EMAIL PROTECTED] all work on both boxes including starting X server on the same box. $ sudo grep -i Root /etc/ssh/sshd_config PermitRootLogin no #PermitRootLogin yes HTH, HAND, Stroller. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
Hi Stroller, Thanks for your advice. - snip - SSH already started on both boxes. $ ssh -X [EMAIL PROTECTED] # ssh -X [EMAIL PROTECTED] all work on both boxes including starting X server on the same box. $ sudo grep -i Root /etc/ssh/sshd_config PermitRootLogin no #PermitRootLogin yes $ sudo grep -i Root /etc/ssh/sshd_config Password(enter satimis password) sendmail: Cannot open mail:25 satimis is not in the sudoers file. This incident will be reported. If enter ROOT password Advising wrong B.R. Stephen -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
On Nov 8, 2003, at 4:47 pm, Stephen Liu wrote: Hi Stroller, Thanks for your advice. - snip - # ssh -l root 192.168.0.2 ssh: connect to host 192.168.0.2 port 22: Connection refused How to get it connected? Thanks $ sudo grep -i Root /etc/ssh/sshd_config Password(enter satimis password) sendmail: Cannot open mail:25 satimis is not in the sudoers file. This incident will be reported. The sudo is for a regular user to have root permissions. The user needs to be in the sudoers file needs to enter _their own_ password. But ignore that. Login as root # grep -i Root /etc/ssh/sshd_config Then log out again. You should be doing this on the machine which you are unable to ssh into; IE 192.168.0.2 Can you ssh into that machine as regular user..? Stroller. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
- snip - $ sudo grep -i Root /etc/ssh/sshd_config Password(enter satimis password) sendmail: Cannot open mail:25 satimis is not in the sudoers file. This incident will be reported. The sudo is for a regular user to have root permissions. The user needs to be in the sudoers file needs to enter _their own_ password. But ignore that. Login as root # grep -i Root /etc/ssh/sshd_config Then log out again. # sudo grep -i Root /etc/ssh/sshd_config #PermitRootLogin yes You should be doing this on the machine which you are unable to ssh into; IE 192.168.0.2 # ssh -l root 192.168.0.2 ssh: connect to host 192.168.0.2 port 22: Connection refused Can you ssh into that machine as regular user..? Yes. I use it quite often $ ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Permission denied, please try again. [EMAIL PROTECTED]'s password: Last login: Sun Nov 9 00:08:54 2003 from localhost.localdomain Thanks B.R. Stephen -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
On Sun, 09 Nov 2003 08:28:59 +0800 Stephen Liu [EMAIL PROTECTED] wrote: # sudo grep -i Root /etc/ssh/sshd_config #PermitRootLogin yes Shouldn't that be uncommented (without leading '#') ? -- /~\ The ASCIIAndrej Ticho Kacian andrej at kacian dot sk \ / Ribbon Campaign GnuPG public key ID: 7CD93FE2 (pgp.mit.edu) X Against HTML Key fingerprint: / \ Email! E87D 9DEF 2A23 6FFB 7AD9 542F 4253 3A46 7CD9 3FE2 pgp0.pgp Description: PGP signature
Re: [gentoo-user] SSH permission question
Am Freitag, 7. November 2003 09:26 schrieb Stephen Liu: Hi folks, I have 2 boxes connected with a crossover cable for broadband sharing. Both of them can ping to each other. Broadband sharing has no problem. PC1 - RH9 eth0 - connected to broadband eth1 - connected to PC-2, IP 192.168.0.1 PC2 - Gentoo box eth0 - connected ot PC-1, IP 192.168.0.2 Test as follows; PC1 - RH9 # ssh -l root 192.168.0.2 ssh: connect to host 192.168.0.2 port 22: Connection refused How to get it connected? Thanks try to start the ssh daemon on the box you want to connect to: /etc/init.d/sshd start by, erwin -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
Hi Erwin, Am Freitag, 7. November 2003 09:26 schrieb Stephen Liu: Hi folks, I have 2 boxes connected with a crossover cable for broadband sharing. Both of them can ping to each other. Broadband sharing has no problem. PC1 - RH9 eth0 - connected to broadband eth1 - connected to PC-2, IP 192.168.0.1 PC2 - Gentoo box eth0 - connected ot PC-1, IP 192.168.0.2 Test as follows; PC1 - RH9 # ssh -l root 192.168.0.2 ssh: connect to host 192.168.0.2 port 22: Connection refused How to get it connected? Thanks try to start the ssh daemon on the box you want to connect to: /etc/init.d/sshd start SSH already started on both boxes. $ ssh -X [EMAIL PROTECTED] # ssh -X [EMAIL PROTECTED] all work on both boxes including starting X server on the same box. B.R. Stephen -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
On Fri, Nov 07, 2003 at 08:00:34PM +0800, Stephen Liu wrote: Hi Erwin, Am Freitag, 7. November 2003 09:26 schrieb Stephen Liu: Hi folks, I have 2 boxes connected with a crossover cable for broadband sharing. Both of them can ping to each other. Broadband sharing has no problem. PC1 - RH9 eth0 - connected to broadband eth1 - connected to PC-2, IP 192.168.0.1 PC2 - Gentoo box eth0 - connected ot PC-1, IP 192.168.0.2 Test as follows; PC1 - RH9 # ssh -l root 192.168.0.2 ssh: connect to host 192.168.0.2 port 22: Connection refused How to get it connected? Thanks try to start the ssh daemon on the box you want to connect to: /etc/init.d/sshd start SSH already started on both boxes. $ ssh -X [EMAIL PROTECTED] # ssh -X [EMAIL PROTECTED] all work on both boxes including starting X server on the same box. Do you have a packetfilter installed on your gentoo box blocking the inbound traffic to port 22? Thomas pgp0.pgp Description: PGP signature
Re: [gentoo-user] SSH permission question
Hi Thomas, SSH already started on both boxes. $ ssh -X [EMAIL PROTECTED] # ssh -X [EMAIL PROTECTED] all work on both boxes including starting X server on the same box. Do you have a packetfilter installed on your gentoo box blocking the inbound traffic to port 22? After uncomment the line iface_eth1=207.170.82.202 broadcast 207.0.255.255 netmask 255.255.0.0 on /etc/conf.d/net of PC2-Gentoo box, both box can ping each other Now on PC2-Gentoo box /etc/conf.d/net iface_eth0=192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0 iface_eth1=207.170.82.202 broadcast 207.0.255.255 netmask 255.255.0.0 dhcpcd_eth0=... gateway=eth0/192.168.0.1 On PC1-RH9 I could start applications of PC2-Gentoo box displaying it on screen. But I could not make it the other way round, i.e. On PC2-Gentoo # ssh -l root 192.168.0.1 [EMAIL PROTECTED]'s password: Last login: Fri Nov 7 16:06:41 2003 from 192.168.0.2 [EMAIL PROTECTED] root]# konqueror konqueror: cannot connect to X server B.R. Stephen -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
On Fri, Nov 07, 2003 at 08:37:00PM +0800, Stephen Liu wrote: Hi Thomas, SSH already started on both boxes. $ ssh -X [EMAIL PROTECTED] # ssh -X [EMAIL PROTECTED] all work on both boxes including starting X server on the same box. Do you have a packetfilter installed on your gentoo box blocking the inbound traffic to port 22? After uncomment the line iface_eth1=207.170.82.202 broadcast 207.0.255.255 netmask 255.255.0.0 on /etc/conf.d/net of PC2-Gentoo box, both box can ping each other Now on PC2-Gentoo box /etc/conf.d/net iface_eth0=192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0 iface_eth1=207.170.82.202 broadcast 207.0.255.255 netmask 255.255.0.0 dhcpcd_eth0=... gateway=eth0/192.168.0.1 On PC1-RH9 I could start applications of PC2-Gentoo box displaying it on screen. But I could not make it the other way round, i.e. On PC2-Gentoo # ssh -l root 192.168.0.1 [EMAIL PROTECTED]'s password: Last login: Fri Nov 7 16:06:41 2003 from 192.168.0.2 [EMAIL PROTECTED] root]# konqueror konqueror: cannot connect to X server Looks like your sshd does not allow X-connections. Check in your /etc/ssh/sshd_config for this option. X11Forwarding yes Thomas pgp0.pgp Description: PGP signature
Re: [gentoo-user] SSH permission question
Hi Thomas, Thomas Buntrock wrote: After uncomment the line iface_eth1=207.170.82.202 broadcast 207.0.255.255 netmask 255.255.0.0 on /etc/conf.d/net of PC2-Gentoo box, both box can ping each other Now on PC2-Gentoo box /etc/conf.d/net iface_eth0=192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0 iface_eth1=207.170.82.202 broadcast 207.0.255.255 netmask 255.255.0.0 dhcpcd_eth0=... gateway=eth0/192.168.0.1 On PC1-RH9 I could start applications of PC2-Gentoo box displaying it on screen. But I could not make it the other way round, i.e. On PC2-Gentoo # ssh -l root 192.168.0.1 [EMAIL PROTECTED]'s password: Last login: Fri Nov 7 16:06:41 2003 from 192.168.0.2 [EMAIL PROTECTED] root]# konqueror konqueror: cannot connect to X server Looks like your sshd does not allow X-connections. Check in your /etc/ssh/sshd_config for this option. X11Forwarding yes Now it looks to me a little bid funny. The tide has changed, the other way round PC2-Gentoo box can ssh-connect PC1-RH9 box and start the application of the latter. But PC1-RH9 box can't ssh-connect PC2-Gentoo box /etc/ssh/ssh_config Host * ForwardX11 yes Already there on both boxes. What is the use of * after Host ? On PC1-RH9 box # ssh -l root 192.168.0.2 ssh: connect to host 192.168.0.2 port 22: Connection refused # ping -c 3 192.168.0.2 PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data. 64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.292 ms 64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.230 ms 64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.227 ms --- 192.168.0.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.227/0.249/0.292/0.035 ms I have not touched anything since last posting, only turn-off the boxes. B.R. Stephen -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
On Friday 07 November 2003 11:16 am, Stephen Liu wrote: Hi Thomas, Thomas Buntrock wrote: After uncomment the line iface_eth1=207.170.82.202 broadcast 207.0.255.255 netmask 255.255.0.0 on /etc/conf.d/net of PC2-Gentoo box, both box can ping each other Now on PC2-Gentoo box /etc/conf.d/net iface_eth0=192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0 iface_eth1=207.170.82.202 broadcast 207.0.255.255 netmask 255.255.0.0 dhcpcd_eth0=... gateway=eth0/192.168.0.1 On PC1-RH9 I could start applications of PC2-Gentoo box displaying it on screen. But I could not make it the other way round, i.e. On PC2-Gentoo # ssh -l root 192.168.0.1 [EMAIL PROTECTED]'s password: Last login: Fri Nov 7 16:06:41 2003 from 192.168.0.2 [EMAIL PROTECTED] root]# konqueror konqueror: cannot connect to X server Looks like your sshd does not allow X-connections. Check in your /etc/ssh/sshd_config for this option. X11Forwarding yes Now it looks to me a little bid funny. The tide has changed, the other way round PC2-Gentoo box can ssh-connect PC1-RH9 box and start the application of the latter. But PC1-RH9 box can't ssh-connect PC2-Gentoo box /etc/ssh/ssh_config Host * ForwardX11 yes Already there on both boxes. What is the use of * after Host ? On PC1-RH9 box # ssh -l root 192.168.0.2 ssh: connect to host 192.168.0.2 port 22: Connection refused # ping -c 3 192.168.0.2 PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data. 64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.292 ms 64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.230 ms 64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.227 ms --- 192.168.0.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.227/0.249/0.292/0.035 ms I have not touched anything since last posting, only turn-off the boxes. B.R. Stephen -- [EMAIL PROTECTED] mailing list Stephen, try # ssh [EMAIL PROTECTED] What does that show? -- Regards, Ernie 100% Microsoft and Intel free -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH permission question
Ernie Schroder wrote: Looks like your sshd does not allow X-connections. Check in your /etc/ssh/sshd_config for this option. X11Forwarding yes Now it looks to me a little bid funny. The tide has changed, the other way round PC2-Gentoo box can ssh-connect PC1-RH9 box and start the application of the latter. But PC1-RH9 box can't ssh-connect PC2-Gentoo box /etc/ssh/ssh_config Host * ForwardX11 yes Already there on both boxes. What is the use of * after Host ? On PC1-RH9 box # ssh -l root 192.168.0.2 ssh: connect to host 192.168.0.2 port 22: Connection refused # ping -c 3 192.168.0.2 PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data. 64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.292 ms 64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.230 ms 64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.227 ms --- 192.168.0.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.227/0.249/0.292/0.035 ms I have not touched anything since last posting, only turn-off the boxes. Stephen, try # ssh [EMAIL PROTECTED] What does that show? Hi Ernie, The same result On PC1-RH9 box # ssh -X [EMAIL PROTECTED] ssh: connect to host 192.168.0.2 port 22: Connection refused # ssh -l root 192.168.0.2 ssh: connect to host 192.168.0.2 port 22: Connection refused ping was Ok # ping -c 3 192.168.0.2 PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data. 64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.560 ms - snip - 3 packets transmitted, 3 received, 0% packet loss, time 2017ms rtt min/avg/max/mdev = 0.221/0.356/0.560/0.148 ms It seemed Port 22 always locked. === But both commands worked on PC2-Gentoo box. They could connect X-server of PC1-RH9 box I was searching around for command to temp-stop iptables on PC2-Gentoo box without result # iptables stop 3 /sbin/iptables stop could not work B.R. Stephen -- [EMAIL PROTECTED] mailing list