Difference between revisions of "Ssh"

From Linuxintro
imported>ThorstenStaerk
(cvs is dead)
imported>ThorstenStaerk
Line 62: Line 62:
 
  X11Forwarding yes
 
  X11Forwarding yes
 
Also, there must be a binary xauth, otherwise .Xauthority cannot be created.
 
Also, there must be a binary xauth, otherwise .Xauthority cannot be created.
 +
 +
If you get an error message like
 +
Invalid MIT-MAGIC-COOKIE-1 keyError: Can't open display: localhost:10.0
 +
make sure to call
 +
xhost +
 +
on the client machine before calling ssh.
  
 
= Related =
 
= Related =
 
ssh-related topics:
 
ssh-related topics:
 
* [[passwordless login]]
 
* [[passwordless login]]

Revision as of 05:40, 12 July 2011

ssh is a command to log in over the network to another computer.

Send graphical output to ssh user

If you want to start a graphical program, e.g. kwrite, on your remote computer and get the display to your local computer, no problem. Just use:

ssh -l user server -X
xclock &

what happens

After logging in with ssh -X, xauth is called to create/modify .Xauthority. Using netstat -putan you can find out that every ssh -X session gets a socket:

remote:~ # netstat -putan
[...]
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:6011          0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:6012          0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:6013          0.0.0.0:*               LISTEN      -
[...]

And $DISPLAY is set automatically.

remote:~ # echo $DISPLAY
localhost:14.0

And ssh listens on the respective port to forward X11 traffic:

remote:~ # lsof | grep 6014
sshd       5257     root    6u  IPv4 3755641440                   TCP localhost:6014 (LISTEN)

port forwarding

ssh username@server -L localport:remoteserver:remoteport

ssh verbose

ssh -v user@server
or -vv, -vvv


TroubleShooting

Remote host identification has changed

Symptom

When trying to log in via ssh you may get a message like this:

tweedleburg:~ # ssh root@192.168.0.107
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
32:78:25:83:d8:a6:de:ad:6a:0b:99:5e:05:e5:7c:e7.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:11
RSA host key for 192.168.0.107 has changed and you have requested strict checking.
Host key verification failed.
Reason

This means the key of the computer that you try to reach has changed.

Solution
$ ssh-keygen -R hostname

ssh -X does not work

If ssh -X works, but you still do not get the graphical display from your remote machine, check /etc/ssh/sshd_config. There must be a line

X11Forwarding yes

Also, there must be a binary xauth, otherwise .Xauthority cannot be created.

If you get an error message like

Invalid MIT-MAGIC-COOKIE-1 keyError: Can't open display: localhost:10.0

make sure to call

xhost +

on the client machine before calling ssh.

Related

ssh-related topics: