On Sun, Sep 17, 2006 at 09:39:51PM +0100, Konstantinos Pachopoulos wrote: > Hi, > i cannot ssh forward, through my "ipcop" guest > (10.0.0.6/24). In the host system i have made it > "visible" via "ip addr add 10.0.0.6/24 broadcast + dev > eth0". > > Here's what i get when i try to run firestarter or > nedit or xterm for example: > > -------------------- > ipcop:~# firestarter > X11 connection rejected because of wrong > authentication. > The application 'firestarter' lost its connection to > the display localhost:10.0; > most likely the X server was shut down or you > killed/destroyed > the application. > ipcop:~# nedit > X11 connection rejected because of wrong > authentication. > X connection to localhost:10.0 broken (explicit kill > or server shutdown). > -------------------- > > Here's the /etc/ssh/sshd_config of the "ipcop" server: > -------------------- > # Package generated configuration file > # See the sshd(8) manpage for details > > # What ports, IPs and protocols we listen for > Port 22 > # Use these options to restrict which > interfaces/protocols sshd will bind to > #ListenAddress :: > #ListenAddress 0.0.0.0 > Protocol 2 > # HostKeys for protocol version 2 > HostKey /etc/ssh/ssh_host_rsa_key > HostKey /etc/ssh/ssh_host_dsa_key > #Privilege Separation is turned on for security > UsePrivilegeSeparation yes > > # Lifetime and size of ephemeral version 1 server key > KeyRegenerationInterval 3600 > ServerKeyBits 768 > > # Logging > SyslogFacility AUTH > LogLevel INFO > > # Authentication: > LoginGraceTime 600 > PermitRootLogin yes > StrictModes yes > > RSAAuthentication yes > PubkeyAuthentication yes > #AuthorizedKeysFile %h/.ssh/authorized_keys > > # Don't read the user's ~/.rhosts and ~/.shosts files > IgnoreRhosts yes > # For this to work you will also need host keys in > /etc/ssh_known_hosts > RhostsRSAAuthentication no > # similar for protocol version 2 > HostbasedAuthentication no > # Uncomment if you don't trust ~/.ssh/known_hosts for > RhostsRSAAuthentication > #IgnoreUserKnownHosts yes > > # To enable empty passwords, change to yes (NOT > RECOMMENDED) > PermitEmptyPasswords no > > # Change to no to disable s/key passwords > #ChallengeResponseAuthentication yes > > # Change to yes to enable tunnelled clear text > passwords > PasswordAuthentication no > > # To change Kerberos options > #KerberosAuthentication no > #KerberosOrLocalPasswd yes > #AFSTokenPassing no > #KerberosTicketCleanup no > > # Kerberos TGT Passing does only work with the AFS > kaserver > #KerberosTgtPassing yes > > X11Forwarding yes > X11DisplayOffset 10 > PrintMotd no > PrintLastLog yes > KeepAlive yes > #UseLogin no > > #MaxStartups 10:30:60 > #Banner /etc/issue.net > > Subsystem sftp /usr/lib/sftp-server > > UsePAM yes > X11UseLocalhost no #tried with as suggested and > without > -------------------- > > Any ideas? I have been searching for a couple days, > but found nothing. Is this a routing, firewall issue > maybe? I do not know a lot about networking. I hope i > will learn through VServer :)
check if $DISPLAY is set and what it contains, also double check that your guest has mk/xauth installed and the ssh client is not called with -x (maybe explicitely specify -X for a test) check the ssh logon with the -v option to ssh, HTH, Herbert > Thanks > > > ___________________________________________________________ > The all-new Yahoo! Mail goes wherever you go - free your email address from > your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html > _______________________________________________ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
