WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: configuring OpenSSH  (Read 7880 times)

Offline softwaregurl

  • Suspended
  • Full Member
  • ***
  • Posts: 109
configuring OpenSSH
« on: March 28, 2009, 01:46:38 PM »
OpenSSH is not configuring the way I would expect it to.  I have gone over the man pages and the config files for Debian and DSL but I still don't understand.

Compiled fine with --prefix=/usr/local --with-privsep-user=nobody --with-privsep-path=/usr/local/var/empty
then copy libssp.so.0 from compiletc to /usr/local/lib/libssp.so.0
named openssh.tcel
depends on openssl-0.9.8h.tcel

This is the /usr/local/etc/ssh_config.
Code: [Select]
# Host *
#   ForwardAgent no
   ForwardX11 yes
   ForwardX11trusted yes
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
why do I need    ForwardX11trusted yes
If I don't have it I get
Code: [Select]
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.
Linux [...]  2.6.18-6-686 #1 SMP Sat Dec 27 09:31:05 UTC 2008 i686
and
Code: [Select]
[...]:~$ xterm &
[1] 7602
[...]:~$ Xlib: connection to "localhost:10.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
xterm Xt error: Can't open display: localhost:10.0
with ForwardX11trusted yes everything works fine. I've tryed both ssh -X and ssh -XC.
All kinds of problems with sshd, but first things first.
This might be related to another symptom that in aterm the histories? (pressing up arrow) get mixed up ie: typing in one overwrites the others whether user tc or root.   Or is there something else in TCB i'm overlooking?
using tinycore_1.2 bootcode norestore (would be base except for a zzdata.tce that contains bootlocal.sh and eth0.sh for an undetected card. everything else loads optional.)  no other persistancy.

Thanks all
Old wounds that have never healed need to be re-exposed before the cure can be applied.  The cure must be available before the wound is re-exposed.

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11050
Re: configuring OpenSSH
« Reply #1 on: March 28, 2009, 01:56:46 PM »
I'm not sure what exactly is your question?

Edit: The -X option uses XSECURITY, an extension not used outside of Debian AFAIK.
If the host X server is not a Debian one, you'd need to use -Y instead of -X.
« Last Edit: March 28, 2009, 02:00:14 PM by curaga »
The only barriers that can stop you are the ones you create yourself.

Offline softwaregurl

  • Suspended
  • Full Member
  • ***
  • Posts: 109
Re: configuring OpenSSH
« Reply #2 on: March 28, 2009, 02:06:06 PM »
-YC worked.  maybe -XC works from DSL because of its Debian roots.
sshd should be easy now.
That was the piece I was missing, thanks!
Old wounds that have never healed need to be re-exposed before the cure can be applied.  The cure must be available before the wound is re-exposed.

Offline softwaregurl

  • Suspended
  • Full Member
  • ***
  • Posts: 109
Re: configuring OpenSSH
« Reply #3 on: March 28, 2009, 06:00:35 PM »
configuring sshd:
if I log in as user tc or root then try to start an aterm it opens on the wrong computer.
I created user user1 copied over skel and changed ownership.  I get this:
Code: [Select]
user1@box:~$ aterm &
user1@box:~$ Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified

aterm: can't open display :0.0
X11DisplayOffset 10
should start at display 10 or greater
could this be related to startx or xauth?   I specified where xauth is because it's not at the default location.  there is an authdisplay=... line in startx.  I also tryed this just because...
Code: [Select]
user1@box:~$ startx

Fatal server error:
Server is already active for display 0
        If this server is no longer running, remove /tmp/.X0-lock
        and start again.

error: could not open display
user1@box:~$
sshd will look for a file and execute it if found instead of xauth.
about all I know about X is what I've learned from ssh.
Old wounds that have never healed need to be re-exposed before the cure can be applied.  The cure must be available before the wound is re-exposed.