RH, OpenSSH and X

der.hans plug-discuss@lists.PLUG.phoenix.az.us
Mon, 17 Sep 2001 14:32:05 -0700 (MST) 

moin, moin,

I've got a RH 7.1 box ( basic out of the box install ). I'm trying to ssh to
it, su to root, then open an X app back on my desktop.

Initial setup works fine. Then I move it to another network and my account
can do X stuff, but root can't.

I'm not dashing the su.

I think networking is setup fine. That shouldn't be making a difference as
it's working for a normal user. The machine did move from dhcp to static
networking, though.

It is moving from within a firewall to outside a firewall, but that
shouldn't matter, especially since X apps are working for a normal user
account.

Here's output with a couple of v's on the commandline:

###
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: getuid 1000 geteuid 1000 anon 1
debug1: Connecting to 206.80.205.132 [206.80.205.132] port 22.
debug1: Connection established.
debug1: identity file /home/lufthans/.ssh/identity type 0
debug1: unknown identity file /home/lufthans/.ssh/id_rsa
debug1: identity file /home/lufthans/.ssh/id_rsa type -1
debug1: unknown identity file /home/lufthans/.ssh/id_dsa
debug1: identity file /home/lufthans/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.5.2p2
debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.5.2p2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host '206.80.205.132' is known and matches the RSA1 host key.
debug1: Found key in /home/lufthans/.ssh/known_hosts:80
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying RSA authentication via agent with 'lufthans@general4'
debug1: Server refused our key.
debug1: RSA authentication using agent refused.
debug1: Trying RSA authentication with key 'lufthans@general4'
debug1: Server refused our key.
debug1: Doing password authentication.
lufthans@206.80.205.132's password: 
debug1: Requesting pty.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting authentication agent forwarding.
debug1: Sending command: su -c /usr/X11R6/bin/xterm
debug1: Entering interactive session.
Password: 
debug1: Received X11 open request.
debug1: fd 4 setting O_NONBLOCK
debug1: fd 4 IS O_NONBLOCK
debug1: channel 0: new [X11 connection from 127.0.0.1 port 32784]
debug1: X11 connection uses different authentication protocol.
debug1: X11 rejected 0 i1/o16
debug1: channel 0: read failed
debug1: channel 0: input open -> drain
debug1: channel 0: close_read
debug1: channel 0: input: no drain shortcut
debug1: channel 0: ibuf empty
debug1: channel 0: input drain -> wait_oclose
debug1: channel 0: send ieof
debug1: channel 0: write failed
debug1: channel 0: output open -> wait_ieof
debug1: channel 0: send oclose
debug1: channel 0: close_write
debug1: X11 closed 0 i4/o64
debug1: channel 0: rcvd ieof
debug1: channel 0: non-open
channel 0: istate 4 != open
channel 0: ostate 64 != open
debug1: channel 0: rcvd oclose
debug1: channel 0: input wait_oclose -> closed
X connection to blake3.soulmachine.com:12.0 broken (explicit kill or server
shutdown).
Connection to 206.80.205.132 closed.
debug1: Transferred: stdin 7, stdout 101, stderr 38 bytes in 2.9 seconds
debug1: Bytes per second: stdin 2.4, stdout 35.0, stderr 13.2
debug1: Exit status 0
###

This is bork if I log in and use su as well as just using "su -c" from the
desktop box.

I am not having this prob with a multitude of debian boxen on either side of
the firewall.

Both are running the same version of OpenSSH and both have the same
sshd_config setup. Debian is using OpenSSL 0x0090601f, while RH has OpenSSL
0x0090600f.

Anybody know how to fix this? Unfortunately this box has to run RH for now,
so my standard "fix" won't work :).

ciao,

der.hans
-- 
# der.hans@LuftHans.com home.pages.de/~lufthans/ www.DevelopOnline.com
#  Like the maid, I don't do (M$)Windows. - der.hans