It can apparently look like a bug to be marked invalid, but since I made the latest updates on all my machines, ssh -Y not working. I tried to recompile the older version of openssh, but it seems that the problem is not it, but some other package and I'd like to understand what does not work. Anyone can confirm this issue?
my simply sshd_config that it was not changed after last updates. ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no X11Forwarding yes PrintMotd no PrintLastLog no ClientAliveInterval 60 Subsystem sftp /usr/lib64/misc/sftp-server
please dont assign bugs directly. let the wranglers manage things for you. -Y works just fine for me with with default sshd_config + enabling X11Forwarding and openssh 5.8p1 (client and server): <localip>$ ssh -Y <someip> <someip>$ echo $DISPLAY localhost:11.0 <someip>$ xeyes now xeyes is shown on my <localip> on <someip>: # grep -v -e '^#' -e '^ *$' /etc/ssh/sshd_config X11Forwarding yes UseDNS no Subsystem sftp /usr/lib64/misc/sftp-server
until a few days ago it worked also for me. if I have not changed any configuration files, but I just upgraded, must be some component?
1) Your `emerge --info net-misc/openssh' is missing. How else could we know what "last updates" are on your system? 2) How does it not work? Please give us your steps to reproduce.
(In reply to comment #4) > How else could we know what "last updates" are on your system? I mean that I have all update systems with emerge -DuN world > 2) How does it not work? Please give us your steps to reproduce. ago@devil ~ $ ssh ago@at -Y Enter passphrase for key '/home/ago/.ssh/id_rsa': Last login: Fri Feb 18 22:38:30 CET 2011 from devil on pts/1 ago@amd64box ~ $ xchat (xchat:4388): Gtk-WARNING **: cannot open display: localhost:10.0 ago@amd64box ~ $ echo $DISPLAY localhost:10.0 Are enough informations?
Created attachment 262961 [details] emerge --info (In reply to comment #4) > 1) Your `emerge --info net-misc/openssh' is missing. Build info of ssh are always: net-misc/openssh-5.8_p1-r1 was built with the following: USE="X hpn pam tcpd -X509 -kerberos -ldap -libedit (-selinux) -skey -static"
(In reply to comment #2) > -Y works just fine for me with with default sshd_config + enabling > X11Forwarding and openssh 5.8p1 (client and server): I try also to use default sshd_config + X11Forwarding yes also with precedent stable version of openssh but the reponse is the same
That looks like some good information to start with. Assigning to maintainers.
and you have xauth installed right ? from `ssh -ddddd -Y <someip>`: ... debug1: Entering interactive session. debug2: callback start debug2: x11_get_proto: /usr/bin/xauth list :0 2>/dev/null debug1: Requesting X11 forwarding with authentication spoofing. debug2: channel 0: request x11-req confirm 0 debug2: client_session2_setup: id 0 ...
(In reply to comment #9) > and you have xauth installed right ? Yes on all machines What do you mean with: > from `ssh -ddddd -Y <someip>`: > ... > debug1: Entering interactive session. > debug2: callback start > debug2: x11_get_proto: /usr/bin/xauth list :0 2>/dev/null > debug1: Requesting X11 forwarding with authentication spoofing. > debug2: channel 0: request x11-req confirm 0 > debug2: client_session2_setup: id 0 > ... > And how i can see this output?
ok, i see debug info, anyway is different: ago@devil ~ $ ssh ago@at -Y -v OpenSSH_5.8p1-hpn13v10, OpenSSL 1.0.0c 2 Dec 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to at [192.168.2.3] port 22. debug1: Connection established. debug1: identity file /home/ago/.ssh/id_rsa type 1 debug1: identity file /home/ago/.ssh/id_rsa-cert type -1 debug1: identity file /home/ago/.ssh/id_dsa type -1 debug1: identity file /home/ago/.ssh/id_dsa-cert type -1 debug1: identity file /home/ago/.ssh/id_ecdsa type -1 debug1: identity file /home/ago/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1-hpn13v10lpk debug1: match: OpenSSH_5.8p1-hpn13v10lpk pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8p1-hpn13v10 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: AUTH STATE IS 0 debug1: REQUESTED ENC.NAME is 'aes128-ctr' debug1: kex: server->client aes128-ctr hmac-md5 none debug1: REQUESTED ENC.NAME is 'aes128-ctr' debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA f6:a2:a3:bd:a8:9f:4c:ad:aa:ae:6e:9b:93:36:1e:0d debug1: Host 'at' is known and matches the ECDSA host key. debug1: Found key in /home/ago/.ssh/known_hosts:1 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/ago/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 535 debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/home/ago/.ssh/id_rsa': ###PUTTING IN MY PASSWD debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). Authenticated to at ([192.168.2.3]:22). debug1: Final hpn_buffer_size = 131072 debug1: HPN Disabled: 0, HPN Buffer Size: 131072 debug1: channel 0: new [client-session] debug1: Enabled Dynamic Window Scaling debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Requesting X11 forwarding with authentication spoofing.
use pam NO is the problem...setting it to yes works.
pam should not be a requirement for X forwarding
I checked better. There was my bad in my sshd_config
