Date: Wed, 14 Jul 1999 09:58:43 +1000 From: "Wyatt, Anthony" <Anthony.Wyatt@its.csiro.au> To: "'cjclark@home.com'" <cjclark@home.com> Cc: "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: RE: SSH X Forwarding Message-ID: <F232EAD3304FD211BD3C00A0C99AFA9F014DB801@hermes.la.csiro.au>
next in thread | raw e-mail | index | archive | help
Hi Crist, Before I begin, a small disclaimer: I'm only a new user to freeBSD, and I have not yet tried to run up ssh on a freeBSD box. So any or all of this information may or may not be bollox :-) > -----Original Message----- > From: Crist J. Clark [mailto:cjc@cc942873-a.ewndsr1.nj.home.com] > > First, background on the problem: I have a freeBSD machine that > refuses X connections through ssh. This is reproducible from a variety > of machines; it is clear to me the problem is on the sshd host and not > on any of the ssh clients that try to connect. Here is a typical > manifestation of the problem, > > % xterm > _X11TransSocketINETConnect: Can't connect: errno = 60 > xterm Xt error: Can't open display: pc222:10.0 The TCPDUMP and the fact you can connect to your sshd host and execute commands would suggest that ssh is working fine. I would have at a guess the problem lies in one of the following areas: IP packet filtering -------------------- If your client runs IP packet filtering then it may be throwing away your X traffic as it pops out of your ssh tunnel. This would explain the long delay that you are experiencing. This may also be happening on your sshd server; the filtering rules may throw away the traffic before it gets stuffed into your ssh tunnel. Check your IP filtering rules here too! /etc/sshd_config (server config file) ------------------------------------- You can turn off X11 forwarding in this file (see the man page for sshd for all the options). If you do, and your client tries to use X11 forwarding you get the error message: "Warning: Remote host denied X11 forwarding, ...". As you didn't get this message, I'll assume that the server side is OK (I'd still check it though). This is my sshd_config, please note I only use RSA authentication on my hosts, no passwords, you may have to modify this file to suit your own needs: Port 22 ListenAddress 0.0.0.0 HostKey /etc/ssh_host_key RandomSeed /etc/ssh_random_seed ServerKeyBits 1024 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin no IgnoreRhosts yes StrictModes yes QuietMode no X11Forwarding yes X11DisplayOffset 10 FascistLogging no PrintMotd yes KeepAlive yes SyslogFacility DAEMON RhostsAuthentication no RhostsRSAAuthentication yes RSAAuthentication yes PasswordAuthentication no PermitEmptyPasswords yes UseLogin no The pc222:10.0 in the error "... display: pc222:10.0" is the X11DisplayOffset option given above. This option is supposed to stop ssh from interfering with X. If it is interfering with X, you'll have to speak to someone else, I know next to nothing about X :-) and/or ~/.ssh/config or /etc/ssh_config (client side config file) ----------------------------------------------------------- You can do lots here too. The files are read in the order given above. When an option is found it will be set, and ignored if configured again. Check BOTH of these files, my configs have all the options commented out. If you don't then try commenting out all the options and try again. If your problem still persists: On each of your clients and the server, ssh to itself, then try and run an X app. Check the errors and see if they give you any ideas. If you still have problems: Build a brand new box, install ssh again, config sshd_config appropriately, then try and ssh to this box from itself, and run an X app. If the same error occurs here, try going back to 1.2.26 and try again. It still really doesn't work: Panic, the problem is probably not ssh, and where you would start looking then is beyond me... ;-) All the best, Anthony To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F232EAD3304FD211BD3C00A0C99AFA9F014DB801>