Difference between revisions of "Ssh"
imported>ThorstenStaerk |
imported>ThorstenStaerk (ypBind) |
||
Line 74: | Line 74: | ||
Nothing seems to happen for about half a minute, then the password prompt appears. | Nothing seems to happen for about half a minute, then the password prompt appears. | ||
− | '''Solution:''' Check the name server configuration. Here is an example case: | + | '''Solution 1:''' Check the name server configuration. Here is an example case: |
earth:~ # ssh root@192.168.0.108 | earth:~ # ssh root@192.168.0.108 | ||
Now I had to wait about 30 seconds, then I got the password prompt: | Now I had to wait about 30 seconds, then I got the password prompt: | ||
Line 108: | Line 108: | ||
Password: | Password: | ||
Problem solved. | Problem solved. | ||
+ | |||
+ | '''Solution 2:''' Stop and disable ypbind: | ||
+ | /etc/init.d/ypbind stop | ||
= Related = | = Related = | ||
ssh-related topics: | ssh-related topics: | ||
* [[passwordless login]] | * [[passwordless login]] |
Latest revision as of 09:49, 30 April 2013
ssh is a command to control a computer over the network.
Contents
Send graphical output to ssh user
If you want to start a graphical program, e.g. kwrite, on your remote computer and get the display to your local computer, no problem. Just use:
ssh -l user server -X xclock &
what happens
After logging in with ssh -X, xauth is called to create/modify .Xauthority. Using netstat -putan you can find out that every ssh -X session gets a socket:
remote:~ # netstat -putan [...] tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:6012 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:6013 0.0.0.0:* LISTEN - [...]
And $DISPLAY is set automatically.
remote:~ # echo $DISPLAY localhost:14.0
And ssh listens on the respective port to forward X11 traffic:
remote:~ # lsof | grep 6014 sshd 5257 root 6u IPv4 3755641440 TCP localhost:6014 (LISTEN)
port forwarding
ssh username@server -L localport:remoteserver:remoteport
ssh verbose
ssh -v user@server or -vv, -vvv
TroubleShooting
Remote host identification has changed
- Symptom
When trying to log in via ssh you may get a message like this:
tweedleburg:~ # ssh root@192.168.0.107 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 32:78:25:83:d8:a6:de:ad:6a:0b:99:5e:05:e5:7c:e7. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:11 RSA host key for 192.168.0.107 has changed and you have requested strict checking. Host key verification failed.
- Reason
This means the key of the computer that you try to reach has changed.
- Solution
$ ssh-keygen -R hostname
ssh -X does not work
If ssh -X works, but you still do not get the graphical display from your remote machine, check /etc/ssh/sshd_config. There must be a line
X11Forwarding yes
Also, there must be a binary xauth, otherwise .Xauthority cannot be created.
If you get an error message like
Invalid MIT-MAGIC-COOKIE-1 keyError: Can't open display: localhost:10.0
make sure to call
xhost +
on the client machine before calling ssh.
ssh hangs
Symptom: After calling something like
ssh root@venus
Nothing seems to happen for about half a minute, then the password prompt appears.
Solution 1: Check the name server configuration. Here is an example case:
earth:~ # ssh root@192.168.0.108
Now I had to wait about 30 seconds, then I got the password prompt:
Password:
I gave the password and inspected the name server config:
tweedleburg:~ # cat /etc/resolv.conf [...] nameserver 80.237.128.144 nameserver 192.168.0.1 nameserver 217.0.43.113 nameserver 217.0.43.97
Ok, let's see if the first name server is reachable:
tweedleburg:~ # ping 80.237.128.144 PING 80.237.128.144 (80.237.128.144) 56(84) bytes of data. 64 bytes from 80.237.128.144: icmp_req=1 ttl=57 time=48.4 ms 64 bytes from 80.237.128.144: icmp_req=2 ttl=57 time=48.8 ms
It is. I quit with CTRL_C.
Now let's see if you can reach the name service's port:
tweedleburg:~ # telnet 80.237.128.144 53 Trying 80.237.128.144... telnet: connect to address 80.237.128.144: No route to host
No. We wait and nothing happens. This is our root cause. So let's edit /etc/resolv.conf and remove the name server 80.237.128.144
tweedleburg:~ # vi /etc/resolv.conf tweedleburg:~ # exit logout Connection to 192.168.0.108 closed. earth:~ # ssh root@192.168.0.108
And immediately I got the password prompt:
Password:
Problem solved.
Solution 2: Stop and disable ypbind:
/etc/init.d/ypbind stop
Related
ssh-related topics: