Hi all,
I set up a Debian 7.7 Server and enabled X11 forwarding and installed xauth and every time when I ssh to my debian server and try to run xterm for example from my Xubuntu Workstation I receive "can't open display". I use ssh -X user@ip-address and execute xterm &
I also tried to execute echo $DISPLAY and it is not returning anything at all.
Here are the options I set on my Debian server:
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
What am I missing?
X11 forwarding issue
Re: X11 forwarding issue
Hi!
This is a certainly a strange issue. I have a very similar setup and it works fine for me. When echo $DISPLAY returns nothing, this means that the X11 forwarding is not actually working. In order to troubleshoot this a bit further can you paste the output of the following command (replace user with your username and server with the domain name or IP address of your server):
-vvv is just very verbose logging so hopefully this will give us a hint of what the problem is.
Best,
Lev
This is a certainly a strange issue. I have a very similar setup and it works fine for me. When echo $DISPLAY returns nothing, this means that the X11 forwarding is not actually working. In order to troubleshoot this a bit further can you paste the output of the following command (replace user with your username and server with the domain name or IP address of your server):
Code: Select all
ssh -X -vvv user@serverBest,
Lev
-
mstjohn1974
- Posts: 13
- Joined: 2009-07-25 18:45
- Location: Albuquerque
Re: X11 forwarding issue
Thanks for your response
I will try this tomorrow when back at work and I will post the results here
I will try this tomorrow when back at work and I will post the results here
MSJ
Re: X11 forwarding issue
ssh (used to) have a bug
ssh puts data inside your packets , and sometimes writes over what was in the packets - cause breaches with X protocols
also. making ssh keys that work is complicaed. i used tcpdump(1) to check ssh and it was not encrypted at all, clear text. the default key it makes when installing is NOT for encrypting - unsure what it is. i checked how to set it up and it's totally a long process if you make one mistake it's not secure. plus it's inside packets: it'll effect unsuspecting softwares.
you don't need SSH to get remote X or Xnes desktop local, nor to put the same on a remote from the local.
Xerox Windows, X, has been doing remote visual computing just fine 30+ years now. use a secure ip, (make a secure friends connection, and X is already secure when talking to any friends)
see: xhost(1), xon(1)
ssh puts data inside your packets , and sometimes writes over what was in the packets - cause breaches with X protocols
also. making ssh keys that work is complicaed. i used tcpdump(1) to check ssh and it was not encrypted at all, clear text. the default key it makes when installing is NOT for encrypting - unsure what it is. i checked how to set it up and it's totally a long process if you make one mistake it's not secure. plus it's inside packets: it'll effect unsuspecting softwares.
you don't need SSH to get remote X or Xnes desktop local, nor to put the same on a remote from the local.
Xerox Windows, X, has been doing remote visual computing just fine 30+ years now. use a secure ip, (make a secure friends connection, and X is already secure when talking to any friends)
see: xhost(1), xon(1)
Re: X11 forwarding issue
$ export DISPLAY=":0"
$ xhost +localhost
$ xhost +rhost
# (now rhost can open on local when logged in)
there are many docs you can google up to read about how easy and well X works in a network transparent fashion
your already using it, it's alerady enabled locally, you just haven't read about simple but powerful commands that do what you want
are you using gnome 2 or gnome 3 ? i thought they had point and click for all that already
me i avoid GUI excepting for browser and octave
$ xhost +localhost
$ xhost +rhost
# (now rhost can open on local when logged in)
there are many docs you can google up to read about how easy and well X works in a network transparent fashion
your already using it, it's alerady enabled locally, you just haven't read about simple but powerful commands that do what you want
are you using gnome 2 or gnome 3 ? i thought they had point and click for all that already
me i avoid GUI excepting for browser and octave
-
mstjohn1974
- Posts: 13
- Joined: 2009-07-25 18:45
- Location: Albuquerque
Re: X11 forwarding issue
Sorry for the delay ...here is the very verbose log:
ssh -vvv -x testuser@testserver
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to testserver [192.168.0.83] port 22.
debug1: Connection established.
debug1: identity file /home/testuser/.ssh/id_rsa type -1
debug1: identity file /home/testuser/.ssh/id_rsa-cert type -1
debug1: identity file /home/testuser/.ssh/id_dsa type -1
debug1: identity file /home/testuser/.ssh/id_dsa-cert type -1
debug1: identity file /home/testuser/.ssh/id_ecdsa type -1
debug1: identity file /home/testuser/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/testuser/.ssh/id_ed25519 type -1
debug1: identity file /home/testuser/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "testserver" from file "/home/testuser/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 0f:9c:0d:e2:ff:b1:43:10:3f:fe:22:48:af:d7:5d:79
debug3: load_hostkeys: loading entries for host "testserver" from file "/home/testuser/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: load_hostkeys: loading entries for host "192.168.0.83" from file "/home/testuser/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
The authenticity of host 'testserver (192.168.0.83)' can't be established.
ECDSA key fingerprint is 0f:9c:0d:e2:ff:b1:43:10:3f:fe:22:48:af:d7:5d:79.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'testserver,192.168.0.83' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/testuser/.ssh/id_rsa ((nil)),
debug2: key: /home/testuser/.ssh/id_dsa ((nil)),
debug2: key: /home/testuser/.ssh/id_ecdsa ((nil)),
debug2: key: /home/testuser/.ssh/id_ed25519 ((nil)),
debug3: input_userauth_banner
Debian GNU/Linux 7 eda2 ssh-pty
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/testuser/.ssh/id_rsa
debug3: no such identity: /home/testuser/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/testuser/.ssh/id_dsa
debug3: no such identity: /home/testuser/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/testuser/.ssh/id_ecdsa
debug3: no such identity: /home/testuser/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/testuser/.ssh/id_ed25519
debug3: no such identity: /home/testuser/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 19 padlen 13 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 6 padlen 10 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to testserver ([192.168.0.83]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env XDG_VTNR
debug3: Ignored env MANPATH
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env XDG_GREETER_DATA_DIR
debug3: Ignored env SELINUX_INIT
debug3: Ignored env CLUTTER_IM_MODULE
debug3: Ignored env SESSION
debug3: Ignored env GLADE_PIXMAP_PATH
debug3: Ignored env TERM
debug3: Ignored env VTE_VERSION
debug3: Ignored env XDG_MENU_PREFIX
debug3: Ignored env SHELL
debug3: Ignored env SSH_AGENT_LAUNCHER
debug3: Ignored env DERBY_HOME
debug3: Ignored env WINDOWID
debug3: Ignored env UPSTART_SESSION
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env GTK_MODULES
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env GLADE_MODULE_PATH
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env PATH
debug3: Ignored env QT_IM_MODULE
debug3: Ignored env QT_QPA_PLATFORMTHEME
debug3: Ignored env PWD
debug3: Ignored env JOB
debug3: Ignored env XMODIFIERS
debug3: Ignored env JAVA_HOME
debug3: Ignored env GNOME_KEYRING_PID
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env GDM_LANG
debug3: Ignored env MANDATORY_PATH
debug3: Ignored env UBUNTU_MENUPROXY
debug3: Ignored env IM_CONFIG_PHASE
debug3: Ignored env GDMSESSION
debug3: Ignored env SESSIONTYPE
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env XDG_SEAT
debug3: Ignored env LANGUAGE
debug3: Ignored env UPSTART_INSTANCE
debug3: Ignored env UPSTART_EVENTS
debug3: Ignored env LOGNAME
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env J2SDKDIR
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env QT4_IM_MODULE
debug3: Ignored env LESSOPEN
debug3: Ignored env TEXTDOMAIN
debug3: Ignored env INSTANCE
debug3: Ignored env UPSTART_JOB
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env DISPLAY
debug3: Ignored env GLADE_CATALOG_PATH
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env GTK_IM_MODULE
debug3: Ignored env J2REDIR
debug3: Ignored env LESSCLOSE
debug3: Ignored env TEXTDOMAINDIR
debug3: Ignored env XAUTHORITY
debug3: Ignored env COLORTERM
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Wed Nov 26 14:52:16 2014 from cyberhelp.innovasic.com
testuser@testserver:~$ xclock &
[1] 12921
testuser@testserver:~$ Error: Can't open display:
ssh -vvv -x testuser@testserver
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to testserver [192.168.0.83] port 22.
debug1: Connection established.
debug1: identity file /home/testuser/.ssh/id_rsa type -1
debug1: identity file /home/testuser/.ssh/id_rsa-cert type -1
debug1: identity file /home/testuser/.ssh/id_dsa type -1
debug1: identity file /home/testuser/.ssh/id_dsa-cert type -1
debug1: identity file /home/testuser/.ssh/id_ecdsa type -1
debug1: identity file /home/testuser/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/testuser/.ssh/id_ed25519 type -1
debug1: identity file /home/testuser/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "testserver" from file "/home/testuser/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 0f:9c:0d:e2:ff:b1:43:10:3f:fe:22:48:af:d7:5d:79
debug3: load_hostkeys: loading entries for host "testserver" from file "/home/testuser/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: load_hostkeys: loading entries for host "192.168.0.83" from file "/home/testuser/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
The authenticity of host 'testserver (192.168.0.83)' can't be established.
ECDSA key fingerprint is 0f:9c:0d:e2:ff:b1:43:10:3f:fe:22:48:af:d7:5d:79.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'testserver,192.168.0.83' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/testuser/.ssh/id_rsa ((nil)),
debug2: key: /home/testuser/.ssh/id_dsa ((nil)),
debug2: key: /home/testuser/.ssh/id_ecdsa ((nil)),
debug2: key: /home/testuser/.ssh/id_ed25519 ((nil)),
debug3: input_userauth_banner
Debian GNU/Linux 7 eda2 ssh-pty
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/testuser/.ssh/id_rsa
debug3: no such identity: /home/testuser/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/testuser/.ssh/id_dsa
debug3: no such identity: /home/testuser/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/testuser/.ssh/id_ecdsa
debug3: no such identity: /home/testuser/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/testuser/.ssh/id_ed25519
debug3: no such identity: /home/testuser/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 19 padlen 13 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 6 padlen 10 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to testserver ([192.168.0.83]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env XDG_VTNR
debug3: Ignored env MANPATH
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env XDG_GREETER_DATA_DIR
debug3: Ignored env SELINUX_INIT
debug3: Ignored env CLUTTER_IM_MODULE
debug3: Ignored env SESSION
debug3: Ignored env GLADE_PIXMAP_PATH
debug3: Ignored env TERM
debug3: Ignored env VTE_VERSION
debug3: Ignored env XDG_MENU_PREFIX
debug3: Ignored env SHELL
debug3: Ignored env SSH_AGENT_LAUNCHER
debug3: Ignored env DERBY_HOME
debug3: Ignored env WINDOWID
debug3: Ignored env UPSTART_SESSION
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env GTK_MODULES
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env GLADE_MODULE_PATH
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env PATH
debug3: Ignored env QT_IM_MODULE
debug3: Ignored env QT_QPA_PLATFORMTHEME
debug3: Ignored env PWD
debug3: Ignored env JOB
debug3: Ignored env XMODIFIERS
debug3: Ignored env JAVA_HOME
debug3: Ignored env GNOME_KEYRING_PID
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env GDM_LANG
debug3: Ignored env MANDATORY_PATH
debug3: Ignored env UBUNTU_MENUPROXY
debug3: Ignored env IM_CONFIG_PHASE
debug3: Ignored env GDMSESSION
debug3: Ignored env SESSIONTYPE
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env XDG_SEAT
debug3: Ignored env LANGUAGE
debug3: Ignored env UPSTART_INSTANCE
debug3: Ignored env UPSTART_EVENTS
debug3: Ignored env LOGNAME
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env J2SDKDIR
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env QT4_IM_MODULE
debug3: Ignored env LESSOPEN
debug3: Ignored env TEXTDOMAIN
debug3: Ignored env INSTANCE
debug3: Ignored env UPSTART_JOB
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env DISPLAY
debug3: Ignored env GLADE_CATALOG_PATH
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env GTK_IM_MODULE
debug3: Ignored env J2REDIR
debug3: Ignored env LESSCLOSE
debug3: Ignored env TEXTDOMAINDIR
debug3: Ignored env XAUTHORITY
debug3: Ignored env COLORTERM
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Wed Nov 26 14:52:16 2014 from cyberhelp.innovasic.com
testuser@testserver:~$ xclock &
[1] 12921
testuser@testserver:~$ Error: Can't open display:
levlaz wrote:Hi!
This is a certainly a strange issue. I have a very similar setup and it works fine for me. When echo $DISPLAY returns nothing, this means that the X11 forwarding is not actually working. In order to troubleshoot this a bit further can you paste the output of the following command (replace user with your username and server with the domain name or IP address of your server):
-vvv is just very verbose logging so hopefully this will give us a hint of what the problem is.Code: Select all
ssh -X -vvv user@server
Best,
Lev
MSJ
Re: X11 forwarding issue
Hey!
Can you make sure you are using a capital "X" .. from the command you pasted it looks like you are using a lowercase one. Per the man page, lowercase -x actually disables X11 forwarding.
Can you make sure you are using a capital "X" .. from the command you pasted it looks like you are using a lowercase one. Per the man page, lowercase -x actually disables X11 forwarding.
-X Enables X11 forwarding. This can also be specified on a per-host
basis in a configuration file.
X11 forwarding should be enabled with caution. Users with the
ability to bypass file permissions on the remote host (for the
user's X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able
to perform activities such as keystroke monitoring.
For this reason, X11 forwarding is subjected to X11 SECURITY
extension restrictions by default. Please refer to the ssh -Y
option and the ForwardX11Trusted directive in ssh_config(5) for
more information.
-x Disables X11 forwarding.
should bessh -vvv -x testuser@testserve
Code: Select all
ssh -vvv -X testuser@testserve-
mstjohn1974
- Posts: 13
- Joined: 2009-07-25 18:45
- Location: Albuquerque
Re: X11 forwarding issue
I just noticed myself...
here is another output
2014-11-30 14:34:35: debug1: channel 0: new [client-session]
2014-11-30 14:34:35: debug3: ssh_session2_open: channel_new: 0
2014-11-30 14:34:35: debug2: channel 0: send open
2014-11-30 14:34:35: debug1: Requesting no-more-sessions@openssh.com
2014-11-30 14:34:35: debug1: Entering interactive session.
2014-11-30 14:34:35: debug2: callback start
2014-11-30 14:34:35: debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-RPVgbD503dRL/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
2014-11-30 14:34:35: debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-RPVgbD503dRL/xauthfile list :0.0 2>/dev/null
2014-11-30 14:34:35: debug1: Requesting X11 forwarding with authentication spoofing.
2014-11-30 14:34:35: debug2: channel 0: request x11-req confirm 1
2014-11-30 14:34:35: debug2: fd 3 setting TCP_NODELAY
2014-11-30 14:34:35: debug3: packet_set_tos: set IP_TOS 0x10
2014-11-30 14:34:35: debug2: client_session2_setup: id 0
2014-11-30 14:34:35: debug2: channel 0: request pty-req confirm 1
2014-11-30 14:34:35: debug2: channel 0: request shell confirm 1
2014-11-30 14:34:35: debug2: callback done
2014-11-30 14:34:35: debug2: channel 0: open confirm rwindow 0 rmax 32768
2014-11-30 14:34:35: debug2: channel_input_status_confirm: type 100 id 0
X11 forwarding request failed on channel 0
2014-11-30 14:34:35: debug2: channel_input_status_confirm: type 99 id 0
2014-11-30 14:34:35: debug2: PTY allocation request accepted on channel 0
2014-11-30 14:34:35: debug2: channel 0: rcvd adjust 2097152
2014-11-30 14:34:35: debug2: channel_input_status_confirm: type 99 id 0
2014-11-30 14:34:35: debug2: shell request accepted on channel 0
I noticed the bold line that it cannot forward X11...
here is another output
2014-11-30 14:34:35: debug1: channel 0: new [client-session]
2014-11-30 14:34:35: debug3: ssh_session2_open: channel_new: 0
2014-11-30 14:34:35: debug2: channel 0: send open
2014-11-30 14:34:35: debug1: Requesting no-more-sessions@openssh.com
2014-11-30 14:34:35: debug1: Entering interactive session.
2014-11-30 14:34:35: debug2: callback start
2014-11-30 14:34:35: debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-RPVgbD503dRL/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
2014-11-30 14:34:35: debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-RPVgbD503dRL/xauthfile list :0.0 2>/dev/null
2014-11-30 14:34:35: debug1: Requesting X11 forwarding with authentication spoofing.
2014-11-30 14:34:35: debug2: channel 0: request x11-req confirm 1
2014-11-30 14:34:35: debug2: fd 3 setting TCP_NODELAY
2014-11-30 14:34:35: debug3: packet_set_tos: set IP_TOS 0x10
2014-11-30 14:34:35: debug2: client_session2_setup: id 0
2014-11-30 14:34:35: debug2: channel 0: request pty-req confirm 1
2014-11-30 14:34:35: debug2: channel 0: request shell confirm 1
2014-11-30 14:34:35: debug2: callback done
2014-11-30 14:34:35: debug2: channel 0: open confirm rwindow 0 rmax 32768
2014-11-30 14:34:35: debug2: channel_input_status_confirm: type 100 id 0
X11 forwarding request failed on channel 0
2014-11-30 14:34:35: debug2: channel_input_status_confirm: type 99 id 0
2014-11-30 14:34:35: debug2: PTY allocation request accepted on channel 0
2014-11-30 14:34:35: debug2: channel 0: rcvd adjust 2097152
2014-11-30 14:34:35: debug2: channel_input_status_confirm: type 99 id 0
2014-11-30 14:34:35: debug2: shell request accepted on channel 0
I noticed the bold line that it cannot forward X11...
levlaz wrote:Hey!
Can you make sure you are using a capital "X" .. from the command you pasted it looks like you are using a lowercase one. Per the man page, lowercase -x actually disables X11 forwarding.
-X Enables X11 forwarding. This can also be specified on a per-host
basis in a configuration file.
X11 forwarding should be enabled with caution. Users with the
ability to bypass file permissions on the remote host (for the
user's X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able
to perform activities such as keystroke monitoring.
For this reason, X11 forwarding is subjected to X11 SECURITY
extension restrictions by default. Please refer to the ssh -Y
option and the ForwardX11Trusted directive in ssh_config(5) for
more information.
-x Disables X11 forwarding.should bessh -vvv -x testuser@testserve
Code: Select all
ssh -vvv -X testuser@testserve
MSJ
Re: X11 forwarding issue
Hmm, it looks like there may be some sort of permissions/security issue involved. Could you try it with -Y
ssh -Y user@server
ssh -Y user@server
-
mstjohn1974
- Posts: 13
- Joined: 2009-07-25 18:45
- Location: Albuquerque
Re: X11 forwarding issue
Nope, it spitts out the same error as above
levlaz wrote:Hmm, it looks like there may be some sort of permissions/security issue involved. Could you try it with -Y
ssh -Y user@server
MSJ
-
mstjohn1974
- Posts: 13
- Joined: 2009-07-25 18:45
- Location: Albuquerque
Re: X11 forwarding issue
I was already commented out....so I went ahead and uncommented it and set it to no...but the result/error message is still the same
levlaz wrote:Can you change X11UseLocalhost to "no" and restart ssh?
MSJ
Re: X11 forwarding issue
That is very strange. :/
Have you seen this thread: http://www.linuxquestions.org/questions ... page2.html it looks like some very odd issues with networking, but the person was using XFCE so thats kind of interesting. Might be worth a shot.
Have you seen this thread: http://www.linuxquestions.org/questions ... page2.html it looks like some very odd issues with networking, but the person was using XFCE so thats kind of interesting. Might be worth a shot.
-
mstjohn1974
- Posts: 13
- Joined: 2009-07-25 18:45
- Location: Albuquerque
Re: X11 forwarding issue
I read the article and I am having ifup/ifdown, I checked the /etc/hosts file etc....everything is there ...I even went ahead and verified the nslookup resolves both hosts ....everything seems to be in order....
levlaz wrote:That is very strange. :/
Have you seen this thread: http://www.linuxquestions.org/questions ... page2.html it looks like some very odd issues with networking, but the person was using XFCE so thats kind of interesting. Might be worth a shot.
MSJ
-
mstjohn1974
- Posts: 13
- Joined: 2009-07-25 18:45
- Location: Albuquerque
Re: X11 forwarding issue
Well guys, thanks for all your help.....it just dawned on me that I totally forgot the I had Centrify installed on that Debian server for AD authentication and I googled for X11 forwarding issues with centrify and came across this article: http://community.centrify.com/t5/Centri ... /td-p/1062
which solved the issue.
Thanks again and I highly appreciate all the help...this is a good forum...
till next time.
which solved the issue.
Thanks again and I highly appreciate all the help...this is a good forum...
till next time.
MSJ