This is the mail archive of the
cygwin-xfree
mailing list for the Cygwin XFree86 project.
xterm over ssh and X11UseLocalhost - solution
- From: Poor Yorick <com dot cygwin dot cygwin at pooryorick dot com>
- To: cygwin-xfree at cygwin dot com
- Date: Mon, 19 Sep 2005 21:24:10 -0400
- Subject: xterm over ssh and X11UseLocalhost - solution
- Reply-to: cygwin-xfree at cygwin dot com
An FYI post for the archives.
From a local xterm on a Cygwin X server, I was able to open xterm windows to various remote hosts over ssh. However, on one fresh minimal installation of Debian Sarge
ssh -Yf <user>@<host> xterm
(and other related commands)
produced various errors:
X11 connection rejected because of wrong authentication
xterm Xt error: Can't open display:
unable to open display
I was able to open xterm's over ssh from other hosts. I installed xauth on the remote host:
apt-get install xbase-clients
I verified my configuration against the Cygwin/X FAQ:
http://x.cygwin.com/docs/faq/cygwin-x-faq.html#q-ssh-no-x11forwarding
In the local xterm DISPLAY was set to localhost:0 and was exported.
On a different remote host where xterm worked properly,
/etc/ssh/sshd_config had the following line:
X11UseLocalhost no
But on the remote host with non-working xterm, the command "xauth list"
showed no fully-qualified host names apart from localdomain:
debian/unix:10 MIT-MAGIC-COOKIE-1 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
localhost.localdomain:10 MIT-MAGIC-COOKIE-1 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
localhost.localdomain:11 MIT-MAGIC-COOKIE-1 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debian/unix:11 MIT-MAGIC-COOKIE-1 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
So this needed to be in sshd_config:
X11UseLocalhost yes
(which is the default)
after restarting the ssh daemon on the remote host:
/etc/init.d/ssh restart
My xterm window appeared.
The rest of this post is the sshd_config for that host, verbatim.
--
Poor Yorick
---*** begin /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 600
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Change to yes to enable tunnelled clear text passwords
PasswordAuthentication no
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
#X11Forwarding no #(default)
X11Forwarding yes
#X11UseLocalhost yes (default - shown here for clarity)
X11UseLocalhost yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
Subsystem sftp /usr/lib/sftp-server
UsePAM yes
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://x.cygwin.com/docs/
FAQ: http://x.cygwin.com/docs/faq/