SSH X11 server

Hello
We just received a audit finding on the solaris machine that states- the remote x11 server accepts connections from anywhere because various ports 6001, - 6009 were open. The suggested solution is to restrict access to this port by using the xhost command.
We on the other hand have ssh configured by using X forwarding. Since the traffic is secure can we depend on ssh to secure traffic without restricting access to the local host ports?

The xhost command will not close ports 6000-6009. It will however update the IP based access control to the X server that is already listening there. The Xserver would still be vulnerable to remote brute force attacks even if the source IP is not on the access control list. Even if you are exclusively connecting via ssh tunelling, those ports are still flapping in the breeze.
Worse yet, if anyone uses the ports directly ("export DISPLAY=remotehost:0") the traffic is not encrypted meaning eavsdropping is relatively easily with snoop/tcpdump if a system along the routing path were compromised (or your switch, set to echo point to point packets to a capture port). Within seconds, that conversation would tell would-be attackers which IP addresses are on the access control list, allowing them to spoof the X11 client (man-in-the-middle), and even hijack control of the conversation entirely.
A quick example:
$ export DISPLAY=remoteserver:0 (use netstat -tn to find out what display the "victim" is using. subtract 6000 for the display number.)
$ export XAUTHORITY=/home/victim_account_name/.Xauthority
$ xwd -display remoteserver:0 -out /var/tmp/victim_screenshot -root -silent
$ xwud -in /var/tmp/victim_screenshot -scale &
$ xmessage -nearmouse 'Here is a screenshot of your system' &
Two suggestions here (recommend both):
1. Use the following SMF property settings to disable tcp_listen altogether:
root# svccfg -s svc:/application/x11/x11-server listprop options/\*
options/tcp_listen boolean true
root# svccfg -s svc:/application/x11/x11-server setprop options/tcp_listen false
root# svccfg -s svc:/application/x11/x11-server listprop options/\*
options/tcp_listen boolean false
which will then pass the "-nolisten tcp" argument to the Xorg daemon which is managed by the above SMF entry. Restart the service to implement and confirm the change with:
root# ps -ef|grep -i xorg
root# svcadm restart svc:/application/x11/x11-server
root# ps -ef|grep -i xorg
This will prevent anything except local unix socket access to X11.
2. Also use ipfilter to explicitly block ports 6000-6063, out of paranoia, just in case the above property gets enabled again inadvertently:
block in log quick on eri0 proto tcp from any to eri0/32 any port 5999 >< 6064 keep state
Then use "ssh -X" to forward your X display over ssh. Note that if your client end of the communications is compromised, the above display hijacking routine would still work (substitute :10 instead of :0, and you would have to know the XAUTHORITY in use by the client shell), but ssh makes figuring out display offset nearly mpossible without having local access to the client machine. Using unencrypted X11 access, you simply observe which 6000+ port has activity (say :6001), subtract 6000, and that's your display number. With tunnelling, all the traffic between client and server goes over port 22 encrypted. Once the traffic gets to the server end, the ssh daemon forwards the X11 traffic to the :0 local domain socket relatively securely.
Hope this helps!
Bryan Wood

Similar Messages

Netbackup 6.0 admin console ssh tunnel to osx X11 server

Hey guys, I have been attempting to use the built in xfree X server included with OSX, I have no problems using the ssh -X command to tunnel to the netbackup media server. I run the jnbpa java administration console, and the window opens on the mac, it is titled correctly, but none of the text or functions come over. (I know its all working, I have a linux session under parallels that exports the admin console with no problems). At first I thought it might be fonts or something, since the box pops up, shows the menubar on it, its just a grey scquare where the username/password/server should be. I then found out that the whole instance is actually frozen up. I cant close the grey box ethier. I have to xkill from another xterm or actually close the entire X11 server to close the attempt? Any help would be greatly apperciated.
Thanks in advance, its a real pain having to Virtual a Linux session just to export a X window. Talk about a waste of resources.
Thanks again.
John

Common, there has to been some "real" sys admins out there using mac's, its bsd for pete's sake. Maybe this bump will bring this back to the top where someone can maybe offer some insight. I've been reading about darwin ports, maybe xfree86 running as the XServe will help. But apple's X11 server should work as well. HELP...
Thanks

Ssh X11 forwarding takes too long to start any app. remotely

Hi,
I have a bizzare problem with %subject% for some time already.
Affected are all my Arch linux installations (all with: systemd, openbox (without Display Manager), and latest updates):
1. home desktop (core 2 duo, 2.4GHz, 3GB RAM).
2. one testing desktop in virtualbox on the desktop from prev. point.
3. work laptop (Intel Core i5, 4GB RAM).
All of these are connected via cable to the same home network 100MB router (using openwrt on asus wl-500g).
Normal ssh transmissions, like entering commands, or transfer of data via scp (even large amount of data for testing purposes because of this) works quick like expected.
The problem is, that if I try to start app. remotely via ssh X forwarding from and to any of these (affected also bidirectional), it takes always aprox. 2 minutes to start the app.
Afterwards, it works fast and fine.
Doesn't change anything, whether the X server is running on the server's side or not.
Have been testing it with some lightweight apps too, but makes no difference if it's e.g. mousepad, gedit, thunderbird, always the same 2 min. delay at their start.
Also, some time ago, I had an older (more than 10 years) laptop, also with Arch installed, using LXDE, and connected via wifi to this same router, which worked perfectly without any delay. Also the same time ago, I was yet running Ubuntu on the home desktop, when I installed Arch to the virtualbox mentioned in point 2, and the problem was already present on the virtual pc, but not on the Ubuntu or the older laptop with Arch I had before.
Later, when I switched home desktop to Arch (or I got new laptop in the work), the issue appeared instantly on the new Arch installations.
The sshd configuration is the basic from the package, with X forwarding enabled of course, thus no strange changes of mine.
I monitored the ssh communications with tcpdump, not to read the encrypted data itself , but to see whether the data is flowing, and there are flow outages (absolute quiet except of below mentioned exceptions) in the mentioned 2 minutes duration till app. startup:
- after ssh authentication, there is about 1 minute silence, when after this 1st minute some few data is flowing
- next, there is another 1 minute silence, after which the app. finally starts
I've also gathered ssh debugging informations, from both, server (where I'm connecting and trying to start app. remotely) and client, with description when waiting has been detected.
server:
/usr/sbin/sshd -ddd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 501
debug2: parse_server_config: config /etc/ssh/sshd_config len 501
debug3: /etc/ssh/sshd_config:15 setting ListenAddress 0.0.0.0
debug3: /etc/ssh/sshd_config:16 setting ListenAddress ::
debug3: /etc/ssh/sshd_config:35 setting LogLevel INFO
debug3: /etc/ssh/sshd_config:42 setting PermitRootLogin no
debug3: /etc/ssh/sshd_config:52 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:68 setting PermitEmptyPasswords no
debug3: /etc/ssh/sshd_config:71 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:92 setting UsePAM yes
debug3: /etc/ssh/sshd_config:94 setting AllowAgentForwarding yes
debug3: /etc/ssh/sshd_config:95 setting AllowTcpForwarding yes
debug3: /etc/ssh/sshd_config:97 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:98 setting X11DisplayOffset 10
debug3: /etc/ssh/sshd_config:99 setting X11UseLocalhost yes
debug3: /etc/ssh/sshd_config:104 setting UsePrivilegeSeparation sandbox
debug3: /etc/ssh/sshd_config:106 setting Compression delayed
debug3: /etc/ssh/sshd_config:109 setting UseDNS no
debug3: /etc/ssh/sshd_config:120 setting Subsystem sftp /usr/lib/ssh/sftp-server
debug1: sshd version OpenSSH_6.1p1
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 501
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from CLIENT_IP port 43333
debug1: Client protocol version 2.0; client software version OpenSSH_6.1
debug1: match: OpenSSH_6.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 6379
debug3: preauth child monitor started
debug3: privsep user:group 99:99 [preauth]
debug1: permanently_set_uid: 99/99 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] [preauth]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: none,[email protected] [preauth]
debug2: kex_parse_kexinit: none,[email protected] [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0 [preauth]
debug2: kex_parse_kexinit: reserved 0 [preauth]
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] [preauth]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: none,[email protected],zlib [preauth]
debug2: kex_parse_kexinit: none,[email protected],zlib [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0 [preauth]
debug2: kex_parse_kexinit: reserved 0 [preauth]
debug2: mac_setup: found hmac-md5 [preauth]
debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
debug2: mac_setup: found hmac-md5 [preauth]
debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: mm_key_sign entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 5 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0x13e3f80(100)
debug3: mm_request_send entering: type 5
debug2: monitor_read: 4 used once, disabling now
debug2: kex_derive_keys [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user USERNAME service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_pwnamallow
debug2: parse_server_config: config reprocess config len 501
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug2: input_userauth_request: setting up authctxt for USERNAME [preauth]
debug3: mm_start_pam entering [preauth]
debug3: mm_request_send entering: type 45 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 45
debug1: PAM: initializing for "USERNAME"
debug1: PAM: setting PAM_RHOST to "CLIENT_IP"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 45 used once, disabling now
debug3: mm_inform_authserv entering [preauth]
debug3: mm_request_send entering: type 3 [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 3 used once, disabling now
debug1: userauth-request for user USERNAME service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 20 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 21 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x13e1e20
debug1: temporarily_use_uid: 1000/100 (e=0/0)
debug1: trying public key file /home/USERNAME/.ssh/authorized_keys
debug1: Could not open authorized keys '/home/USERNAME/.ssh/authorized_keys': No such file or directory
debug1: restore_uid: 0/0
Failed publickey for USERNAME from CLIENT_IP port 43333 ssh2
debug3: mm_answer_keyallowed: key 0x13e1e20 is not allowed
debug3: mm_request_send entering: type 21
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss [preauth]
debug1: userauth-request for user USERNAME service ssh-connection method password [preauth]
debug1: attempt 2 failures 1 [preauth]
debug2: input_userauth_request: try method password [preauth]
debug3: mm_auth_password entering [preauth]
debug3: mm_request_send entering: type 10 [preauth]
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
debug3: mm_request_receive_expect entering: type 11 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 10
debug3: PAM: sshpam_passwd_conv called with 1 messages
debug1: PAM: password authentication accepted for USERNAME
debug3: mm_answer_authpassword: sending result 1
debug3: mm_request_send entering: type 11
debug3: mm_request_receive_expect entering: type 46
debug3: mm_request_receive entering
debug1: do_pam_account: called
debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)
debug3: mm_request_send entering: type 47
Accepted password for USERNAME from CLIENT_IP port 43333 ssh2
debug3: mm_auth_password: user authenticated [preauth]
debug3: mm_do_pam_account entering [preauth]
debug3: mm_request_send entering: type 46 [preauth]
debug3: mm_request_receive_expect entering: type 47 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_do_pam_account returning 1 [preauth]
debug3: mm_send_keystate: Sending new keys: 0x13e1c40 0x13e34c0 [preauth]
debug3: mm_newkeys_to_blob: converting 0x13e1c40 [preauth]
debug3: mm_newkeys_to_blob: converting 0x13e34c0 [preauth]
debug3: mm_send_keystate: New keys have been sent [preauth]
debug3: mm_send_keystate: Sending compression state [preauth]
debug3: mm_request_send entering: type 24 [preauth]
debug3: mm_send_keystate: Finished sending state [preauth]
debug1: monitor_read_log: child log fd closed
debug1: monitor_child_preauth: USERNAME has been authenticated by privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 24
debug3: mm_request_receive entering
debug3: mm_newkeys_from_blob: 0x13f3b20(122)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Waiting for second key
debug3: mm_newkeys_from_blob: 0x13f3b20(122)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug3: ssh_sandbox_parent_finish: finished
debug1: PAM: establishing credentials
debug3: PAM: opening session
User child is on pid 6387
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 1000/100
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug2: fd 7 setting O_NONBLOCK
debug2: fd 9 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype [email protected] want_reply 0
debug1: server_input_channel_req: channel 0 request x11-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req x11-req
debug3: sock_set_v6only: set socket 10 IPV6_V6ONLY
debug2: fd 10 setting O_NONBLOCK
debug3: fd 10 is O_NONBLOCK
debug1: channel 1: new [X11 inet listener]
debug2: fd 11 setting O_NONBLOCK
debug3: fd 11 is O_NONBLOCK
debug1: channel 2: new [X11 inet listener]
debug1: server_input_channel_req: channel 0 request exec reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req exec
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: fd 14 setting O_NONBLOCK
debug2: fd 13 setting O_NONBLOCK
debug2: fd 16 setting O_NONBLOCK
debug2: channel 0: read 210 from efd 16
debug2: channel 0: rwin 2097152 elen 210 euse 1
debug2: channel 0: sent ext data 210
debug2: channel 0: read 380 from efd 16
debug2: channel 0: rwin 2096942 elen 380 euse 1
debug2: channel 0: sent ext data 380
debug2: channel 0: read 121 from efd 16
debug2: channel 0: rwin 2096562 elen 121 euse 1
debug2: channel 0: sent ext data 121
### Here started the waiting on the server's side, and continued later till the start of app.:
debug1: X11 connection requested.
debug2: fd 12 setting TCP_NODELAY
debug2: fd 12 setting O_NONBLOCK
debug3: fd 12 is O_NONBLOCK
debug1: channel 3: new [X11 connection from 127.0.0.1 port 46968]
debug2: channel 3: open confirm rwindow 2097152 rmax 16384
debug2: channel 0: read 62 from efd 16
debug2: channel 0: rwin 2096441 elen 62 euse 1
debug2: channel 0: sent ext data 62
debug1: X11 connection requested.
debug2: fd 15 setting TCP_NODELAY
debug2: fd 15 setting O_NONBLOCK
debug3: fd 15 is O_NONBLOCK
debug1: channel 4: new [X11 connection from 127.0.0.1 port 46972]
debug2: channel 4: open confirm rwindow 2097152 rmax 16384
debug2: channel 3: rcvd adjust 51268
debug2: channel 3: rcvd adjust 65536
debug2: channel 3: rcvd adjust 65536
debug2: channel 3: rcvd adjust 65536
debug2: channel 3: rcvd adjust 65536
debug2: channel 3: rcvd adjust 32768
debug2: channel 3: rcvd adjust 147456
debug2: channel 3: rcvd adjust 55788
debug2: channel 3: window 32740 sent adjust 32796
client:
ssh -Xvvv USERNAME@SERVER_IP mousepad
OpenSSH_6.1p1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to SERVER_IP [SERVER_IP] port 22.
debug1: Connection established.
debug1: identity file /home/USERNAME/.ssh/id_rsa type -1
debug1: identity file /home/USERNAME/.ssh/id_rsa-cert type -1
debug1: identity file /home/USERNAME/.ssh/id_dsa type 2
debug1: identity file /home/USERNAME/.ssh/id_dsa-cert type -1
debug1: identity file /home/USERNAME/.ssh/id_ecdsa type -1
debug1: identity file /home/USERNAME/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1
debug1: match: OpenSSH_6.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "SERVER_IP" from file "/home/USERNAME/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/USERNAME/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA ABC123...
debug3: load_hostkeys: loading entries for host "SERVER_IP" from file "/home/USERNAME/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/USERNAME/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'SERVER_IP' is known and matches the ECDSA host key.
debug1: Found key in /home/USERNAME/.ssh/known_hosts:4
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/USERNAME/.ssh/id_rsa ((nil))
debug2: key: /home/USERNAME/.ssh/id_dsa (0x)
debug2: key: /home/USERNAME/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/USERNAME/.ssh/id_rsa
debug3: no such identity: /home/USERNAME/.ssh/id_rsa
debug1: Offering DSA public key: /home/USERNAME/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/USERNAME/.ssh/id_ecdsa
debug3: no such identity: /home/USERNAME/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
USERNAME@SERVER_IP's password:
debug3: packet_send2: adding 48 (len 68 padlen 12 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to SERVER_IP ([SERVER_IP]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug2: callback start
debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-mHE6faU7YJF2/xauthfile generate :0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-mHE6faU7YJF2/xauthfile list :0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 1
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug1: Sending command: mousepad
debug2: channel 0: request exec confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: X11 forwarding request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
### After successful authentication, here above started the first waiting, where after first 1 min. continued with:
debug2: channel 0: rcvd ext data 210
debug2: channel 0: rcvd ext data 380
debug2: channel 0: rcvd ext data 121
debug3: Copy environment: XDG_SESSION_COOKIE=0d937ee20c7e42bdbf828421a30eaa2f-1357144247.348263-1841400888
debug3: Copy environment: XDG_SESSION_ID=5
debug3: Copy environment: XDG_RUNTIME_DIR=/run/user/1000
debug2: channel 0: written 711 to efd 6
### After another 1 min. continued with + started the app.
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 46968
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: channel 0: rcvd ext data 62
Xlib: extension "RANDR" missing on display "localhost:10.0".
debug2: channel 0: written 62 to efd 6
debug1: client_input_channel_open: ctype x11 rchan 4 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 46972
debug2: fd 8 setting O_NONBLOCK
debug3: fd 8 is O_NONBLOCK
debug1: channel 2: new [x11]
debug1: confirm x11
debug2: channel 1: window 2045884 sent adjust 51268
debug2: channel 1: window 2031616 sent adjust 65536
debug2: channel 1: window 2031616 sent adjust 65536
debug2: channel 1: window 2031616 sent adjust 65536
debug2: channel 1: window 2031616 sent adjust 65536
debug2: channel 1: window 2031616 sent adjust 32768
debug2: channel 1: window 1949696 sent adjust 147456
debug2: channel 1: window 2041364 sent adjust 55788
debug2: channel 1: rcvd adjust 32796
debug1: client_input_channel_open: ctype x11 rchan 5 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 46974
debug2: fd 9 setting O_NONBLOCK
debug3: fd 9 is O_NONBLOCK
debug1: channel 3: new [x11]
debug1: confirm x11
debug2: channel 1: rcvd adjust 32800
It's quite strange, as I have no more ideas what to check next.
Any ideas pls?
thx in advance.

Have finally found a solution for this problem: http://serverfault.com/questions/490352 … w-to-start
Now the applications do start immediately via SSH X11 forwarding as expected.
The following three lines helped:
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A OUTPUT -o lo -j ACCEPT
ip6tables -A FORWARD -i lo -o lo -j ACCEPT
While until now, all ip6 traffic has been forbidden (to drop all ip6 traffic) at the start of the system of course.
Nevertheless, I don't understand it, why the ip6 localhost has to be granted this way even if the /etc/ssh/sshd_config is configured for ip4 only "AddressFamily inet"?
I thought, that this way the sshd will be using ip4 protocol only (including for the X11 forwarding), then why does it still need the ip6?

Is it Possible to Use a Laptop as input/output device with X11 Server?

I have a dedicated server for which I have no monitor/mouse/keyboard, but I can connect my laptop to it with an Ethernet cable. Would it be possible to somehow use the laptop as if it was the screen/input of the server by connecting them over LAN?
Last edited by error17 (2010-04-02 23:15:49)

Yeah, I should definitely look into X forwarding.
tomk wrote:You didn't say if the server is running X or not (servers don't need X, btw). If it's not, plain and simple ssh is the way to go.
heh, alright. Since SSH is what I used to control servers very far away, I figured there would be a more elegant way to do this when the machine is just 4 meters away with LAN connectivity. I also find it convenient to have a GUI when doing anything major on the server.
As I do not want X11 running all the time, I'm guessing that I would first need to have plain-SSH that I could use for minor stuff.
If I then want to do anything major, I'd use the SSH to start the X11 server and then connect a second time but with X11-SSH.
Last edited by error17 (2010-04-03 00:15:30)

FTP Adapter where FTP server is SSH Tectia Server for IBM z/OS

We are purchasing "SSH Tectia Server for IBM z/OS" as the secure FTP server.
1. Has anyone used this with Oracle FTP Adapter to securely FTP files to the mainframe?
2. What is the best way to maintain the username and password in the oc4j-ra.xml of the FTP adapter?
3. Can this user and password be encrypted?
Thanks

HI,
Unfortunately there are some concerns with FTPS connectivity with XI.
As you know SFTP is not yet possible with XI, but somehow you could use FTPS.
Please confirm below things this may help you
1. Please make sure to Activate Secure Storage in the File System after Deploying the SAP Java Cryptographic Toolkit. Check below thread for the detail procedure
http://help.sap.com/saphelp_nw04/helpdata/en/cd/14c93ec2f7df6ae10000000a114084/content.htm
2. You can go for Third Part adapters such as Seeburger adapter AS2, OFTPS etc. for better connectivity with FTPS
refer
EDI Adapter by SeeBurger
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/206e2b65-2ca8-2a10-edad-f2d1391644cb
B2B(EDI) Integration using SAP Netweaver XI and Seeburger AS2 Adapter
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/00f9cdf5-d812-2a10-03b4-aff3bbf792bf
Integrating XI with SeeBurger
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/6dc02f5d-0601-0010-cd9d-f4ff9a7e8c33
3. Search the options of your client's software to find where its public and private keys are stored, these are 2 files present on the FTP server, then put the Public key of the XI server on the Client FTP Server and likewise for the Public Key of the FTP Server on the XI Server.
This enables the SSL handshake, i.e. Exchange of certificates.
Thanks
Swarup

Solaris 10 for x88 install issue: cannot start X11 server

AFter fixing my "can't set locale" problem I am moving onto the "Server for display :0 can't be started" issue.
Checking /etc/dtc/Xerrors yields:
1) error (PID 380) : Server unexpectedly died
2) error (PID 380) : Server for display :0 can't be started
I've tried running kdmconfig and setting XSun not XOrg. I am using a 2 channel KVM with a 3 button mouse (the only PS2 mouse I have lying around...) but it seems to pick it up without any problems. But, editing the config and saving (F4...) doesn't work. The changes don't commit and running kdmconfig again I see the choices have not changed.
Also, I notice this message when I try to boot up:
svccfg (/tmp/kdm_svccfg_cmds, ;ine 1): Pattern 'application/x11/x11-server' doesn't match any instances or services.
Feel free to reply direct to me g.h.lawrence<at>gmail.com if you wish. Thanks in advance for any and all replies.
Greg

Hello Greg,
unfortunately you're posting in the wrong forum.
These forums are for Sun Hardware, you have a configuration problem with a piece of software - the x-server. Please post in one of these forums
Solaris on x86
http://forum.sun.com/jive/forum.jspa?forumID=291
Installation
http://forum.sun.com/jive/forum.jspa?forumID=292
General Solaris 10 Discussion
http://forum.sun.com/jive/forum.jspa?forumID=298
Michael

X11 server problem

Product:           Java Web Application
Operating system:     RedHat Linux 7.1
Web Server:     Tomcat
Application server:     Tomcat 3.2.4
Database server:     MySQL 3.23.49
Java Architecture:     JSP (presentation) + Java Bean (Business logic)
We are doing image annotation in some of our Java beans using Java AWT package with the following code. When we are running this code on a RedHat Linux 7.1 web server, we get "X11 server error" which says that the display variable can't have a value of :0. When we try to set the value for using xhost command it says that it is unable to set the value. I have logged is as the root. The same command runs successfully in local RedHat Linux 7.1 machine and the application is running without any problem. What could be wrong? Can any other parameter affect this? If, so how to set them? Or do we need to istall any other packages or patches?
f_obj_frame = new Frame();
f_obj_frame.addNotify();
          MediaTracker mt=new MediaTracker(f_obj_frame);
          image=Toolkit.getDefaultToolkit().getImage(f_str_source_path);
          mt.addImage(image,0);
          mt.waitForAll();
          f_int_width = image.getWidth(f_obj_frame);
          f_int_height = image.getHeight(f_obj_frame);
          offscreen = f_obj_frame.createImage(f_int_width,f_int_height);
          f_obj_graphics = offscreen.getGraphics();
          f_obj_graphics.drawImage(image,0,0,f_obj_frame);
f_obj_graphics.setColor(f_obj_font_color);
f_obj_graphics.setFont(f_obj_font_style);
          setXYPosition();
f_obj_graphics.drawString(f_str_annotate_text,f_int_Xpos,f_int_Ypos);
encodeGif();
          mt.removeImage(image);
     f_obj_frame.removeNotify();
          mt=null;

You seem to have a problem with your DISPLAY environment variable.
Do echo $DISPLAY to see what the DISPLAY is set to.

Unable to SSH to Server with terminal, Putty Works (SOLVED)

Hi all,
I am unable to ssh to a remote server from the terminal, when I try with Putty it works, heres the output of ssh -v
OpenSSH_6.3, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 49: Applying options for testing
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to ********* [*********] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/************.pem type -1
debug1: identity file /root/.ssh/************ type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1
debug1: match: OpenSSH_6.1 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 50:97:e6:ff:44:01:02:ca:e2:b4:38:41:86:42:2c:c2
debug1: Host '************' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/************.pem
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to ************ ([************]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
I suspect it has something to do with my terminal? I am using xfce terminal
Update:
so following advice from other forum members, I am marking this as solved. The situation resulted from me installing a new router and this router blocked SSH connections, I search on stackoverflow and tried this fix at
http://stackoverflow.com/questions/2247 … i-does-not
I applied the setting to /etc/ssh/ssh_config and it started working again.
Last edited by zenwong (2013-10-30 08:47:41)

In addition to marking your thread as solved, you should also give a bit of info on how you came to that concolusion and what that confguration does. If you have the expectation that posting in these threads might yeild assistance, you should also assume that there is the expectation that you will have the courtesty to make the thread useful for others in the event that you find the solution on your own. https://wiki.archlinux.org/index.php/Fo … way_Street

How to specify port when ssh to server

Hi all.
I have a server that I am configuring, and one of the steps I'm taking is to change the default ssh port from 22 to another port to elude the script kiddies.
When I ssh to the server in Terminal, I'm having issues connecting (while I don't using Putty in winblows).
I think it is because I'm not specifying the port correctly.
Does anyone here know the correct syntax in Terminal to specify a different port than 22?
I've used ":" and "[]", so I'm at a loss at the moment...

Hi--
Does anyone here know the correct syntax in Terminal
to specify a different port than 22?
<pre class="command">ssh -p 1234 [email protected]</pre>assuming you're just doing a straight login to a command-line, has always worked for me.
By the way, if you're new to the Terminal, most of the commands you'll run in the Terminal have really good man pages. Just type:
<pre class="command">man ssh</pre>to see it.
If you know what you're looking for, it's right there in the last line of the synopsis:
<pre class="command">SYNOPSIS
ssh [-1246AaCfgkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D port]
[-e escape_char] [-F configfile] [-i identity_file]
[-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]
[-p port] [-R port:host:hostport] [user@]hostname [command]
</pre>If you're not sure what you're looking for, you can often find it a bit lower down. Unfortunately, in the case of ssh, it has a long man page, so you have to go quite a bit further down to find it:
<pre class="command"> -p port
Port to connect to on the remote host. This can be specified on
a per-host basis in the configuration file.</pre>
Have fun,
charlie

Installing 11g on Linux X11 server problem

Hi,
when I launche Runinstaller on Linux Xubuntu to install DB 11 g I have :
Checking swap space: must be greater than 150 MB. Actual 6165 MB Passed
Checking monitor: must be configured to display at least 256 colors
>>> Could not execute auto check for display colors using command /usr/X11R6/bin/xdpyinfo. Check if the DISPLAY variable is set. Failed <<<<
Some requirement checks failed. You must fulfill these requirements before
continuing with the installation,at which time they will be rechecked.
Continue? (y/n) [n] Y
Rechecking installer requirements....
Preparing to launch Oracle Universal Installer from /tmp/OraInstall2007-09-26_04-15-32PM. Please wait ...oracle@us-xubuntu:/mnt/source/labtop/oradata/source_oracle_11g/database$ Exception in thread "main" java.lang.InternalError: Can't connect to X11 window server using '192.168.1.87' as the value of the DISPLAY variable.
at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
at sun.awt.X11GraphicsEnvironment.access$000(X11GraphicsEnvironment.java:53)
at sun.awt.X11GraphicsEnvironment$1.run(X11GraphicsEnvironment.java:142)
Many thanks for your help.

That's right, but if you are directly on the console, then :0.0 is enough. The xhots + command allows any client to use the display to launch its Xterm clients, such as OUI from oracle.
~ Madrid

Launchctl slow on ssh to server

Hi,
I'm running an OS X 10.5.8 server. When my users ssh into it, it can take up to about 10 seconds before they see a prompt.
I've turned on debug for ssh and see it's pausing at the "Entering interactive session", looking at the server at this point, the "launchctl" process in running for the user that just logged in.
So, can I track this down further as to why launchctl is taking about 10 seconds to start up before the ssh prompt comes back? I'm assuming it's trying to start up per-user launch daemons and agents?
Is it a known problem that launchctl is so slow? (This is especially irritating because we use the "git" scm tool over ssh!)
Thanks for any help or advice.
Cheers,
Steve

Hi,
I use ssh and git daily. I don't see a delay on ssh unless I have a DHCP connection and haven't reloaded the host key in the .ssh/known_hosts file on the client. Locating the receiver of the ssh connection can be delayed if there is a DNS issue to be resolved.
You could try assigning a manual fixed IP address to the client, update the known_hosts file on the server and then perform an ssh login.
HTH,
Harry

SSH client/server? VPN? RDP?

Does the N900 have an SSH-client? Or can it run as SSH server?
Support for VPN?
RDP client?
Greetings,
Evert
Regards,
Evert

OpenSSH client:
http://maemo.org/downloads/product/raw/Maemo5/openssh-client?get_installfile
OpenSSH server:
http://maemo.org/downloads/product/raw/Maemo5/openssh-server?get_installfile
VNC Viewer:
http://maemo.org/downloads/product/raw/Maemo5/vncviewer?get_installfile
For the LOVE of GOD, please don't download and install build-essentials via apt... the N900 has a very small / partition.. All additional software should be installed into /opt (which is a much larger partition, actually symlinked to /home/opt)
If you install build-essentials you will possibly fill your root partition and effectively hose your device..
If you want to compile packages yourself, you'll need to use the Maemot5 SDK on a desktop.. either to produce the package you want OR to product a copy of gcc etc that installs in /opt..
OR, consult downloads.maemo.org where the package you want may already be listed

Creating an SSH private server

Hello. Having nothing to do today, I decided to set up a server on my home computer (arch-powered, of course). I realised that openssh-server does not exist in the official repositories or in the AUR. I looked at the wiki article on openssh, but it does not tell me how to create one, just how to join one, which is not what I'm trying to do... Can anyone help?
Last edited by ijiboom (2012-06-12 14:53:38)

Then,
ssh -v localhost
output:
OpenSSH_6.0p1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /home/iraj/.ssh/id_rsa type -1
debug1: identity file /home/iraj/.ssh/id_rsa-cert type -1
debug1: identity file /home/iraj/.ssh/id_dsa type -1
debug1: identity file /home/iraj/.ssh/id_dsa-cert type -1
debug1: identity file /home/iraj/.ssh/id_ecdsa type -1
debug1: identity file /home/iraj/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA eb:2e:98:1a:cf:19:45:49:7b:30:40:7a:70:9e:45:50
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is eb:2e:98:1a:cf:19:45:49:7b:30:40:7a:70:9e:45:50.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/iraj/.ssh/id_rsa
debug1: Trying private key: /home/iraj/.ssh/id_dsa
debug1: Trying private key: /home/iraj/.ssh/id_ecdsa
debug1: Next authentication method: password
iraj@localhost's password:
Connection closed by UNKNOWN
Last edited by ijiboom (2012-06-16 12:30:31)

[solved] SSH X11 forwarding on separate virtual desktop

I have an HTPC running arch/openbox/xbmc and I've set up SSH tunneling at various times. What I'd really like to do is be able to forward a single virtual desktop so that someone could be watching a movie on TTY1 for example while I'm forwarding ktorrent on TTY2.
Is that a possibility?
Last edited by ctarwater (2011-05-19 20:35:18)

https://wiki.archlinux.org/index.php/Tightvnc

XOrg X11 Server Release 6.8

Are we ready for this??? Check out this article
http://www.linux-gamers.net/modules/soa … rticleID=5
New version sports LOTS of enhancemets AND true transparency (Finally)
Cool stuff comming
Joe

Take a deep breath and don't panic :-)
Did arch developers ever fail? If it's doable it will be done sooner or later ;-)
And to be quite frank, I'm no so sure if true transparency will be so cool. Maybe for the menus or something but not for text editing (unreadable text)...

SSH X11 server

Similar Messages

Maybe you are looking for