On Sun, Sep 17, 2006 at 09:39:51PM +0100, Konstantinos Pachopoulos wrote:
> Hi,
> i cannot ssh forward, through my "ipcop" guest
> (10.0.0.6/24). In the host system i have made it
> "visible" via "ip addr add 10.0.0.6/24 broadcast + dev
> eth0".
>
> Here's what i get when i try to run firestarter or
> nedit or xterm for example:
>
> --------------------
> ipcop:~# firestarter
> X11 connection rejected because of wrong
> authentication.
> The application 'firestarter' lost its connection to
> the display localhost:10.0;
> most likely the X server was shut down or you
> killed/destroyed
> the application.
> ipcop:~# nedit
> X11 connection rejected because of wrong
> authentication.
> X connection to localhost:10.0 broken (explicit kill
> or server shutdown).
> --------------------
>
> Here's the /etc/ssh/sshd_config of the "ipcop" server:
> --------------------
> # Package generated configuration file
> # See the sshd(8) manpage for details
>
> # What ports, IPs and protocols we listen for
> Port 22
> # Use these options to restrict which
> interfaces/protocols sshd will bind to
> #ListenAddress ::
> #ListenAddress 0.0.0.0
> Protocol 2
> # HostKeys for protocol version 2
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
> #Privilege Separation is turned on for security
> UsePrivilegeSeparation yes
>
> # Lifetime and size of ephemeral version 1 server key
> KeyRegenerationInterval 3600
> ServerKeyBits 768
>
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
>
> # Authentication:
> LoginGraceTime 600
> PermitRootLogin yes
> StrictModes yes
>
> RSAAuthentication yes
> PubkeyAuthentication yes
> #AuthorizedKeysFile %h/.ssh/authorized_keys
>
> # Don't read the user's ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # For this to work you will also need host keys in
> /etc/ssh_known_hosts
> RhostsRSAAuthentication no
> # similar for protocol version 2
> HostbasedAuthentication no
> # Uncomment if you don't trust ~/.ssh/known_hosts for
> RhostsRSAAuthentication
> #IgnoreUserKnownHosts yes
>
> # To enable empty passwords, change to yes (NOT
> RECOMMENDED)
> PermitEmptyPasswords no
>
> # Change to no to disable s/key passwords
> #ChallengeResponseAuthentication yes
>
> # Change to yes to enable tunnelled clear text
> passwords
> PasswordAuthentication no
>
> # To change Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #AFSTokenPassing no
> #KerberosTicketCleanup no
>
> # Kerberos TGT Passing does only work with the AFS
> kaserver
> #KerberosTgtPassing yes
>
> X11Forwarding yes
> X11DisplayOffset 10
> PrintMotd no
> PrintLastLog yes
> KeepAlive yes
> #UseLogin no
>
> #MaxStartups 10:30:60
> #Banner /etc/issue.net
>
> Subsystem sftp /usr/lib/sftp-server
>
> UsePAM yes
> X11UseLocalhost no #tried with as suggested and
> without
> --------------------
>
> Any ideas? I have been searching for a couple days,
> but found nothing. Is this a routing, firewall issue
> maybe? I do not know a lot about networking. I hope i
> will learn through VServer :)
check if $DISPLAY is set and what it contains,
also double check that your guest has mk/xauth
installed and the ssh client is not called with
-x (maybe explicitely specify -X for a test)
check the ssh logon with the -v option to ssh,
HTH,
Herbert
> Thanks
>
>
> ___________________________________________________________
> The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Mon Sep 18 05:02:41 2006