Difference between revisions of "Ssh"
imported>ThorstenStaerk |
imported>ThorstenStaerk |
||
Line 30: | Line 30: | ||
or -vv, -vvv | or -vv, -vvv | ||
− | = | + | = TroubleShooting = |
== Remote host identification has changed == | == Remote host identification has changed == | ||
Line 59: | Line 59: | ||
If ssh -X works, but you still do not get the graphical display from your remote machine, check /etc/ssh/sshd_config. There must be a line | If ssh -X works, but you still do not get the graphical display from your remote machine, check /etc/ssh/sshd_config. There must be a line | ||
X11Forwarding yes | X11Forwarding yes | ||
+ | Also, there must be a binary xauth, otherwise .Xauthority cannot be created. | ||
= Related = | = Related = | ||
ssh-related topics: | ssh-related topics: | ||
* [[passwordless login]] | * [[passwordless login]] |
Revision as of 07:03, 2 August 2010
ssh is a command to log in over the network to another computer.
Contents
Send graphical output to ssh user
If you want to start a graphical program, e.g. kwrite, on your remote computer and get the display to your local computer, no problem. Just use:
ssh -l user server -X xclock &
what happens
After logging in with ssh -X, xauth is called to create/modify .Xauthority. Using netstat -putan you can find out that every ssh -X session gets a socket:
remote:~ # netstat -putan [...] tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:6012 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:6013 0.0.0.0:* LISTEN - [...]
And $DISPLAY is set automatically.
remote:~ # echo $DISPLAY localhost:14.0
And ssh listens on the respective port to forward X11 traffic:
remote:~ # lsof | grep 6014 sshd 5257 root 6u IPv4 3755641440 TCP localhost:6014 (LISTEN)
port forwarding
ssh username@server -L localport:remoteserver:remoteport
ssh verbose
ssh -v user@server or -vv, -vvv
TroubleShooting
Remote host identification has changed
- Symptom
When trying to log in via ssh you may get a message like this:
tweedleburg:~ # ssh root@192.168.0.107 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 32:78:25:83:d8:a6:de:ad:6a:0b:99:5e:05:e5:7c:e7. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:11 RSA host key for 192.168.0.107 has changed and you have requested strict checking. Host key verification failed.
- Reason
This means the key of the computer that you try to reach has changed.
- Solution
$ ssh-keygen -R hostname
ssh -X does not work
If ssh -X works, but you still do not get the graphical display from your remote machine, check /etc/ssh/sshd_config. There must be a line
X11Forwarding yes
Also, there must be a binary xauth, otherwise .Xauthority cannot be created.
Related
ssh-related topics: