X11 forwarding *works* for root, but not me -- what changed? - Security

This is a discussion on X11 forwarding *works* for root, but not me -- what changed? - Security ; After a machine reboot X11 forwarding no longer works for me. But, it does work for root. This is backwards of the typical problem. The error message I get is: X connection to myhost.mydom.com:11.1 broken (explicit kill or server shutdown). ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: X11 forwarding *works* for root, but not me -- what changed?

  1. X11 forwarding *works* for root, but not me -- what changed?

    After a machine reboot X11 forwarding no longer works for me.
    But, it does work for root. This is backwards of the typical problem.
    The error message I get is:

    X connection to myhost.mydom.com:11.1 broken (explicit kill or server shutdown).

    - The DISPLAY is the same for me as for root.

    - root relies exclusively on /etc/ssh_config, i.e. there is no
    ~root/.ssh/config

    - When I comment out everything in my ~/.ssh/config it still doesn't
    work.

    Like I say, this used to work fine. I don't think I changed anything,
    but now it doesn't work. ssh *without* X works fine for me.

    I've been all over google stuff, and checked the OpenSSH FAQ.
    I'm using OpenSSH 4.3p1 on the client & OpenSSH 3.6.1p2 on the server.

    I'd like some pointers on how to troubleshoot this please.

    TIA....

    --
    PLEASE post a SUMMARY of the answer(s) to your question(s)!
    Show Windows & Gates to the exit door.
    Unless otherwise noted, the statements herein reflect my personal
    opinions and not those of any organization with which I may be affiliated.

  2. Re: X11 forwarding *works* for root, but not me -- what changed?

    nobody@tek.com (Kevin the Drummer) (06-04-04 20:21:05):

    > I'd like some pointers on how to troubleshoot this please.


    It might be an authentication problem, or an xhost problem, or something
    similar. However, comp.security.ssh may be more appropriate for your
    question. Not because you're wrong here, but because there are more
    people knowledgable about SSH/forwarding issues.


    Regards.

  3. Re: X11 forwarding *works* for root, but not me -- what changed?

    Ertugrul Soeylemez wrote:
    > It might be an authentication problem, or an xhost problem, or something
    > similar. However, comp.security.ssh may be more appropriate for your
    > question. Not because you're wrong here, but because there are more
    > people knowledgable about SSH/forwarding issues.


    Thanks for the tip. I didn't know about c.s.s because my NNTP feed
    doesn't carry that group.

    Sigh....

    --
    PLEASE post a SUMMARY of the answer(s) to your question(s)!
    Show Windows & Gates to the exit door.
    Unless otherwise noted, the statements herein reflect my personal
    opinions and not those of any organization with which I may be affiliated.

  4. Re: X11 forwarding *works* for root, but not me -- what changed?

    Kevin the Drummer wrote:
    > After a machine reboot X11 forwarding no longer works for me.
    > But, it does work for root. This is backwards of the typical problem.
    > The error message I get is:
    >
    > X connection to myhost.mydom.com:11.1 broken (explicit kill or server shutdown).
    >
    > - The DISPLAY is the same for me as for root.
    >
    > - root relies exclusively on /etc/ssh_config, i.e. there is no
    > ~root/.ssh/config


    'xauth -list' for root and for myself showed different magic cookies.
    Merging root's magic cookie into my own .Xauthority fixed the immediate
    problem. Shutting down X on the afflicted machines, zeroing out the
    ..Xauthority files, then restarting X seems to have solved most of the
    problems. There is still one problem remaining though.

    The remaining problems regards starting of 'exmh' like so:

    /usr/bin/ssh myhost.mydom.com -f 'ssh anotherhost.mydom.com exmh'

    I know that this looks a little odd, but this works:

    /usr/bin/ssh myhost.mydom.com -f 'ssh anotherhost.mydom.com xterm'
    /usr/bin/ssh myhost.mydom.com -f 'ssh anotherhost.mydom.com xlbiff'

    I start the apps above like I do because 'myhost' is a quasi-DMZ.

    The first time I tried to start 'exmh' as above I got

    connect mhost.mydom.com port 6013: Connection refused
    X connection to myhost.mydom.com:13.1 broken \
    (explicit kill or server shutdown).

    I already had ports 6000:6010 open on my firewall, and now I had to go a
    bit farther to get 6013. After that, the error message is:

    X11 connection rejected because of wrong authentication.
    X connection to myhost.mydom.com:11.1 broken \
    (explicit kill or server shutdown).

    I have this set in my ssh config files:

    /etc/ssh/ssh_config: ForwardAgent no
    /etc/ssh/ssh_config: ForwardX11 yes
    /etc/ssh/ssh_config: ForwardX11Trusted yes

    /etc/ssh/sshd_config: X11Forwarding yes
    /etc/ssh/sshd_config: X11UseLocalhost no

    ~/.ssh/config: ForwardX11 yes
    ~/.ssh/config: ForwardAgent yes

    Part of what's happening seems to be that I get an incremented X display
    for each new application that I launch. I think that everything used to
    run on :10. But, now I'm getting :11, :12, :13, etc. It's possible
    that if I could restrict this to :10, that just maybe life would be
    easier.

    Any guesses folks?

    Thanks....


    --
    PLEASE post a SUMMARY of the answer(s) to your question(s)!
    Show Windows & Gates to the exit door.
    Unless otherwise noted, the statements herein reflect my personal
    opinions and not those of any organization with which I may be affiliated.

+ Reply to Thread