:: [DNG] Devuan and ssh: X11 forwardin…
Góra strony
Delete this message
Reply to this message
Autor: ael
Data:  
Dla: dng
Nowe tematy: Re: [DNG] Devuan and ssh: X11 forwarding. *Partial solution.*
Temat: [DNG] Devuan and ssh: X11 forwarding.
I have a network of 3 machines behind a firewall, so no internal
firewalls. Call them machine1, machine 2 and machine3.

All 3 were running debian testing, but machine 3 has recently been
upgraded to devuan daedalus, and performance is far better. Thanks
everyone.

BUT :-) Before all 3 machines could ssh -X into any of the other
machines: that is with X11 forwarding.

But now when the debian machines (1 & 2) "ssh -X" into the daedalus box
(machine3) the X11 forwarding is not working.

I have searched extensively and read a good deal of documentation but so
far have not found a solution. It doesn't help that the roles of server
and client are reversed depending on whether ssh or X11 are being
discussed.

What happens:

1) Out of the box sshd on devuan: - X forwarding fails. ssh works: the
ssh connection is OK.

2) Eventually I found that /etc/sshd.config on daedalus was lying when it said:

# X11UseLocalhost no
I have to uncomment that to
X11UseLocalhost no

Now when "ssh -X"ing into machine3 (daedalus) the X11 appears to work:
the previous error message vanishes and DISPLAY is set.
Typically to machine3:10.0 rather than the usual localhost:10.0, but
then that is what "X11UseLocalhost no" means :-)

However, trying xclock, for example, nothing happens for an extended
period before an error of Can't open DISPLAY is reported. I don't know
how to debug this: could it be the ssh on the debian originating end blocking
the connection, or is it at the daedalus end?

3) Be that as it may, why do I need to use
X11UseLocalhost no
even to get this far? The debian systems do not require that, and, of
course, all 3 machines interconnected before the change to daedalus.

4) Running ssdh -T on the debian and daedalus machines and doing a diff
seems to suggest that only the x11uselocal setting is different
although perhaps I need to investigate channeltimeout. It is only the
X11 that is the problem, not the ssh channel so it is not obviously
anything to do with the problem.

3d2
< listenaddress 0.0.0.0:22
4a4
> listenaddress 0.0.0.0:22

35c35
< x11uselocalhost no
---
> x11uselocalhost yes

50a51
> debianbanner yes

83c84,85
< subsystem sftp /usr/lib/openssh/sftp-server
---
> channeltimeout none
> subsystem sftp /usr/lib/openssh/sftp-server


I will continue to investigate, but it does seem to be a devuan problem
somehow. Can anyone throw any light on this? Are there any good ways to
investigate this sort of thing? There are many posts over the years about
X11 forwarding, but none seem to be like this.

I should probably say that I have also looked at the ssh configurations
as well as sshd, but not as thoroughly so far.

ael