X11 forwarding not working.
dE .
de.techno at gmail.com
Sun May 24 16:05:04 AEST 2015
Ok, got it further.
If X11 forwarding is in use, it will receive the "proto
cookie" pair in its standard input
Now, solved.
On Sun, May 24, 2015 at 11:14 AM, dE . <de.techno at gmail.com> wrote:
> On Sun, May 24, 2015 at 3:36 AM, Darren Tucker <dtucker at zip.com.au> wrote:
>
>> On Sun, May 24, 2015 at 2:56 AM, dE <de.techno at gmail.com> wrote:
>>>
>>> I'm having a difficult time getting X11 forwarding to work.
>>>
>>> Since I've read the docs completely about this, this must be an SSH bug
>>> which is likely because I'm using Gentoo as the SSH server.
>>>
>> [...]
>>
>> I suspect the problem is that you did not have xauth in your path when
>> you built OpenSSH and thus sshd does not know where to find it. Try adding
>> "XAuthLocation /path/to/your/xauth" to your sshd_config and restart sshd.
>>
>> If that doesn't help then please post the debug output from both client
>> and server (ie /path/to/sshd -ddd and ssh -vvv) and we might be able to
>> figure out what's going on.
>>
>> --
>> Darren Tucker (dtucker at zip.com.au)
>> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
>> Good judgement comes with experience. Unfortunately, the experience
>> usually comes from bad judgement.
>>
>
> OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 51: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to xxxx.xxxx.xxxx [123.123.123.123] port 111.
> debug1: Connection established.
> debug3: Incorrect RSA1 identifier
> debug3: Could not load
> "/run/media/kiosk/71ad235a-3765-4a80-9971-6b602e8e9c28/my.key" as a RSA1
> public key
> debug1: identity file
> /run/media/kiosk/71ad235a-3765-4a80-9971-6b602e8e9c28/my.key type -1
> debug1: identity file
> /run/media/kiosk/71ad235a-3765-4a80-9971-6b602e8e9c28/my.key-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_6.4
> debug1: Remote protocol version 2.0, remote software version
> OpenSSH_6.7p1-hpn14v5
> debug1: match: OpenSSH_6.7p1-hpn14v5 pat OpenSSH*
> debug2: fd 3 setting O_NONBLOCK
> debug3: put_host_port: [xxxx.xxxx.xxxx]:111
> debug3: load_hostkeys: loading entries for host "[xxxx.xxxx.xxxx]:111"
> from file "/home/kiosk/.ssh/known_hosts"
> debug3: load_hostkeys: found key type ECDSA in file
> /home/kiosk/.ssh/known_hosts:1
> debug3: load_hostkeys: loaded 1 keys
> debug3: order_hostkeyalgs: prefer hostkeyalgs:
> ecdsa-sha2-nistp256-cert-v01 at openssh.com,
> ecdsa-sha2-nistp384-cert-v01 at openssh.com,
> ecdsa-sha2-nistp521-cert-v01 at openssh.com
> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 at openssh.com,
> ecdsa-sha2-nistp384-cert-v01 at openssh.com,
> ecdsa-sha2-nistp521-cert-v01 at openssh.com
> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
> ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,
> ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
> aes128-gcm at openssh.com,aes256-gcm at openssh.com
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
> rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
> aes128-gcm at openssh.com,aes256-gcm at openssh.com
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
> rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,
> hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com
> ,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
> hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
> hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,
> umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
> hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,
> hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com
> ,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
> hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
> hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,
> umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
> hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org
> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
> debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com
> ,cast128-cbc,blowfish-cbc,arcfour128,aes128-cbc,aes128-ctr,
> aes128-gcm at openssh.com
> debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com
> ,cast128-cbc,blowfish-cbc,arcfour128,aes128-cbc,aes128-ctr,
> aes128-gcm at openssh.com
> debug2: kex_parse_kexinit: hmac-sha1-etm at openssh.com,
> hmac-sha1-96-etm at openssh.com,umac-64-etm at openssh.com
> ,hmac-md5-96,hmac-ripemd160,hmac-sha1-96
> debug2: kex_parse_kexinit: hmac-sha1-etm at openssh.com,
> hmac-sha1-96-etm at openssh.com,umac-64-etm at openssh.com
> ,hmac-md5-96,hmac-ripemd160,hmac-sha1-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com
> debug2: kex_parse_kexinit: none,zlib at openssh.com
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_setup: found hmac-sha1-etm at openssh.com
> debug1: kex: server->client aes128-ctr hmac-sha1-etm at openssh.com none
> debug2: mac_setup: found hmac-sha1-etm at openssh.com
> debug1: kex: client->server aes128-ctr hmac-sha1-etm at openssh.com none
> debug1: sending SSH2_MSG_KEX_ECDH_INIT
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ECDSA
> c4:67:d3:7d:93:af:d8:23:e4:1f:9b:66:9b:c5:b8:13
> debug3: put_host_port: [xxxx.xxxx.xxxx]:111
> debug3: put_host_port: [xxxx.xxxx.xxxx]:111
> debug3: load_hostkeys: loading entries for host "[xxxx.xxxx.xxxx]:111"
> from file "/home/kiosk/.ssh/known_hosts"
> debug3: load_hostkeys: found key type ECDSA in file
> /home/kiosk/.ssh/known_hosts:1
> debug3: load_hostkeys: loaded 1 keys
> debug3: load_hostkeys: loading entries for host "[xxxx.xxxx.xxxx]:111"
> from file "/home/kiosk/.ssh/known_hosts"
> debug3: load_hostkeys: found key type ECDSA in file
> /home/kiosk/.ssh/known_hosts:1
> debug3: load_hostkeys: loaded 1 keys
> debug1: Host '[xxxx.xxxx.xxxx]:111' is known and matches the ECDSA host
> key.
> debug1: Found key in /home/kiosk/.ssh/known_hosts:1
> debug1: ssh_ecdsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: Roaming not allowed by server
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /run/media/kiosk/71ad235a-3765-4a80-9971-6b602e8e9c28/my.key
> ((nil)), explicit
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug3: start over, passed a different list publickey,keyboard-interactive
> debug3: preferred
> gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key:
> /run/media/kiosk/71ad235a-3765-4a80-9971-6b602e8e9c28/my.key
> debug1: read PEM private key done: type RSA
> debug3: sign_and_send_pubkey: RSA
> 97:5a:4d:07:ee:9a:e3:e9:8f:4d:f3:8b:7b:4f:c4:57
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentication succeeded (publickey).
> Authenticated to xxxx.xxxx.xxxx ([xxxx.xxxx.xxxx]:111).
> debug1: channel 0: new [client-session]
> debug3: ssh_session2_open: channel_new: 0
> debug2: channel 0: send open
> debug1: Requesting no-more-sessions at openssh.com
> debug1: Entering interactive session.
> debug1: SSH2_MSG_KEXINIT received
> debug1: SSH2_MSG_KEXINIT sent
> debug2: kex_parse_kexinit:
> ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 at openssh.com,
> ecdsa-sha2-nistp384-cert-v01 at openssh.com,
> ecdsa-sha2-nistp521-cert-v01 at openssh.com
> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
> ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,
> ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
> aes128-gcm at openssh.com,aes256-gcm at openssh.com
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
> rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
> aes128-gcm at openssh.com,aes256-gcm at openssh.com
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
> rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,
> hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com
> ,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
> hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
> hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,
> umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
> hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,
> hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com
> ,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
> hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
> hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,
> umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
> hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org
> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
> debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com
> ,cast128-cbc,blowfish-cbc,arcfour128,aes128-cbc,aes128-ctr,
> aes128-gcm at openssh.com
> debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com
> ,cast128-cbc,blowfish-cbc,arcfour128,aes128-cbc,aes128-ctr,
> aes128-gcm at openssh.com
> debug2: kex_parse_kexinit: hmac-sha1-etm at openssh.com,
> hmac-sha1-96-etm at openssh.com,umac-64-etm at openssh.com
> ,hmac-md5-96,hmac-ripemd160,hmac-sha1-96
> debug2: kex_parse_kexinit: hmac-sha1-etm at openssh.com,
> hmac-sha1-96-etm at openssh.com,umac-64-etm at openssh.com
> ,hmac-md5-96,hmac-ripemd160,hmac-sha1-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com
> debug2: kex_parse_kexinit: none,zlib at openssh.com
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_setup: found hmac-sha1-etm at openssh.com
> debug1: kex: server->client aes128-ctr hmac-sha1-etm at openssh.com none
> debug2: mac_setup: found hmac-sha1-etm at openssh.com
> debug1: kex: client->server aes128-ctr hmac-sha1-etm at openssh.com none
> debug1: sending SSH2_MSG_KEX_ECDH_INIT
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ECDSA
> c4:67:d3:7d:93:af:d8:23:e4:1f:9b:66:9b:c5:b8:13
> debug3: put_host_port: [xxxx.xxxx.xxxx]:111
> debug3: put_host_port: [xxxx.xxxx.xxxx]:111
> debug3: load_hostkeys: loading entries for host "[xxxx.xxxx.xxxx]:111"
> from file "/home/kiosk/.ssh/known_hosts"
> debug3: load_hostkeys: found key type ECDSA in file
> /home/kiosk/.ssh/known_hosts:1
> debug3: load_hostkeys: loaded 1 keys
> debug3: load_hostkeys: loading entries for host "[xxxx.xxxx.xxxx]:111"
> from file "/home/kiosk/.ssh/known_hosts"
> debug3: load_hostkeys: found key type ECDSA in file
> /home/kiosk/.ssh/known_hosts:1
> debug3: load_hostkeys: loaded 1 keys
> debug1: Host '[xxxx.xxxx.xxxx]:111' is known and matches the ECDSA host
> key.
> debug1: Found key in /home/kiosk/.ssh/known_hosts:1
> debug1: ssh_ecdsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: set_newkeys: rekeying
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: set_newkeys: rekeying
> debug1: SSH2_MSG_NEWKEYS received
> debug2: callback start
> debug2: x11_get_proto: /usr/bin/xauth list :0 2>/dev/null
> debug1: Requesting X11 forwarding with authentication spoofing.
> debug2: channel 0: request x11-req confirm 1
> debug2: fd 3 setting TCP_NODELAY
> debug3: packet_set_tos: set IP_TOS 0x10
> debug2: client_session2_setup: id 0
> debug2: channel 0: request pty-req confirm 1
> debug1: Sending environment.
> debug3: Ignored env XDG_VTNR
> debug3: Ignored env XDG_SESSION_ID
> debug3: Ignored env DBUS_STARTER_ADDRESS
> debug3: Ignored env GPG_AGENT_INFO
> debug3: Ignored env TERM
> debug3: Ignored env SHELL
> debug3: Ignored env XDG_MENU_PREFIX
> debug3: Ignored env VTE_VERSION
> debug3: Ignored env WINDOWID
> debug3: Ignored env GNOME_KEYRING_CONTROL
> debug3: Ignored env USER
> debug3: Ignored env LS_COLORS
> debug3: Ignored env SSH_AUTH_SOCK
> debug3: Ignored env SESSION_MANAGER
> debug3: Ignored env USERNAME
> debug3: Ignored env PATH
> debug3: Ignored env DESKTOP_SESSION
> debug3: Ignored env PWD
> debug1: Sending env LANG = en_US.UTF-8
> debug2: channel 0: request env confirm 0
> debug3: Ignored env GDM_LANG
> debug3: Ignored env GDMSESSION
> debug3: Ignored env DBUS_STARTER_BUS_TYPE
> debug3: Ignored env HOME
> debug3: Ignored env XDG_SEAT
> debug3: Ignored env SHLVL
> debug3: Ignored env GNOME_DESKTOP_SESSION_ID
> debug3: Ignored env LOGNAME
> debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
> debug3: Ignored env LESSOPEN
> debug3: Ignored env WINDOWPATH
> debug3: Ignored env XDG_RUNTIME_DIR
> debug3: Ignored env DISPLAY
> debug3: Ignored env COLORTERM
> debug3: Ignored env XAUTHORITY
> debug3: Ignored env _
> debug2: channel 0: request shell confirm 1
> debug2: callback done
> debug2: channel 0: open confirm rwindow 0 rmax 32768
> debug2: channel_input_status_confirm: type 99 id 0
> debug2: X11 forwarding request accepted on channel 0
> debug2: channel_input_status_confirm: type 99 id 0
> debug2: PTY allocation request accepted on channel 0
> debug2: channel 0: rcvd adjust 87380
> debug2: channel_input_status_confirm: type 99 id 0
> debug2: shell request accepted on channel 0
> Last login: Sun May 24 10:53:28 2015 from x.x.x.x
> de at DESKTOP_MINER ~ $ kwrite
> debug1: client_input_channel_open: ctype x11 rchan 3 win 87380 max 16384
> debug1: client_request_x11: request from 127.0.0.1 46768
> debug2: fd 7 setting O_NONBLOCK
> debug3: fd 7 is O_NONBLOCK
> debug1: channel 1: new [x11]
> debug1: confirm x11
> debug2: X11 connection uses different authentication protocol.
> X11 connection rejected because of wrong authentication.
> debug2: X11 rejected 1 i0/o0
> debug2: channel 1: read failed
> debug2: channel 1: close_read
> debug2: channel 1: input open -> drain
> debug2: channel 1: ibuf empty
> debug2: channel 1: send eof
> debug2: channel 1: input drain -> closed
> debug2: channel 1: write failed
> debug2: channel 1: close_write
> debug2: channel 1: output open -> closed
> debug2: X11 closed 1 i3/o3
> debug2: channel 1: send close
> debug2: channel 1: rcvd close
> debug2: channel 1: is dead
> debug2: channel 1: garbage collecting
> debug1: channel 1: free: x11, nchannels 2
> debug3: channel 1: status: The following connections are open:
> #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
> #1 x11 (t7 r3 i3/0 o3/0 fd 7/7 cc -1)
>
> kwrite: cannot connect to X server DESKTOP_MINER:11.0
>
> Ok, got it.
>
> "X11 connection uses different authentication protocol."
>
> Please suggest. I'm also looking at it on my end.
>
More information about the openssh-unix-dev
mailing list