I'm attempting to set up x11 forwarding to monitor video on an embedded robotics platform yet I cannot seem to get the board to generate graphical output. I'm running Arch Linux on a Beagleboard xM wired directly over ethernet (though, I plan to use WiFi in the future). When I try to set the DISPLAY variable it will accept it but when I attempt to run an x11 application is says:
(Object:287): Gtk-WARNING **: cannot open display: [displaynamehere]
obviously [displaynamehere] was whatever I tried to set as the display, yet no display location seemed to work. What's weird is that whenever I connect through ssh -X it does not give me any errors and it does not save my DISPLAY variable.
(EDIT) I also checked the debug log and got this output:
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 315
debug2: parse_server_config: config /etc/ssh/sshd_config len 315
debug3: /etc/ssh/sshd_config:53 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:75 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:96 setting UsePAM yes
debug3: /etc/ssh/sshd_config:101 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:104 setting PrintMotd no
debug3: /etc/ssh/sshd_config:108 setting UsePrivilegeSeparation sandbox
debug3: /etc/ssh/sshd_config:124 setting Subsystem sftp /usr/lib/ssh/sftp-server
debug1: sshd version OpenSSH_6.3, OpenSSL 1.0.1e 11 Feb 2013
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type DSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_dsa_key" as a RSA1 public key
debug1: private host key: #1 type 2 DSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/bin/sshd'
debug1: rexec_argv[1]='-ddd'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use.
debug2: fd 3 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
Any suggestions would be greatly appreciated, I've been trying at this with google for almost a week now to no avail.
Thanks a lot!
On the server
Edit /etc/ssh/sshd_config:
AllowAgentForwarding yes
AllowTcpForwarding yes
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no
Restart the sshd daemon:
sudo service sshd restart
# or
sudo /etc/init.d/ssh restart
# or whatever way of restarting your box services works on your distro...
Install the packages (Ubuntu/Debian):
apt-get -y update
apt-get -y install xauth
Install the packages (RHEL/CentOS):
yum -y update
yum -y install xauth
Now exit the server:
exit
On the client
Set the DISPLAY environment variable locally:
export DISPLAY=:0.0
and start a trusted SSH connection to the server:
ssh -Y $ssh_user#$ssh_server
Verify success with a graphical app. Install an app supporting X11 forwarding, if needed. As an example:
yum -y install xclock
and action:
for i in {1..3} ; do bash -c "xclock &" ; done ;
Whenever I had this problem it was almost always about following two options, I think you should set them as below before making any further changes on your configuration like setting DISPLAY, etc.
X11Forwarding yes
X11UseLocalhost no
ssh should set the DISPLAY automatically.
usual suspects: missing "X11Forwarding yes" in /etc/ssh/sshd_config
To debug you can run verbose mode on the client and server and you may notice something :
try on the "server" side (debug mode, no daemon)
$ /usr/sbin/sshd -d -p 222
on the "client":
$ ssh -v -Y phil#192.168.0.14 -p 222
Once in a while I meet an odd thing, like 'missing xauth' ...
Related
I am using Phabricator to host a Subversion repository. It is currently empty prior to importing from an older repository.
Here is what I have done so far:
Generate a keypair using puttygen and saved it.
Exported same keypair to OpenSSH format and saved it to $HOME/.ssh/svn.key in my MSys2 environment.
Set up $HOME/.ssh/config to have an entry for my host in my MSys2 environment.
Put my public key into Phabricator.
Used MSys2 environment to perform svn list command on the repository. This worked.
Used PuTTY to set up a session with pre-configured hostname, port, username and private key (the one generated earlier).
Used PuTTY to open the session above. This worked. I disabled automatically closing the window and the text displayed was the same as when I SSH in on the command line in my MSys2 environment.
Set TortoisePLink.exe explicitly in the TortoiseSVN->Settings->Network dialog.
Used TortoiseSVn to browse the repository using a URL of the form svn+ssh://<PuTTY session name>/<repo path> where the repo path is exactly the same as when using MSys2.
The last step doesn't work. The TortoiseSVn repo browser pauses for a modest delay and then reports "Network connection closed unexpectedly".
I know the PuTTY session is being used because if I remove the username from the session config, TortoiseSVN asks me for the username to use.
I have just found that if I retry the same URL a second time, it succeeds.
I have upgraded to TortoiseSVN1.10 and it makes no difference.
I ran the SSH daemon in debug mode and near the end of the log I see:
debug3: mm_request_send entering: type 113
debug3: mm_request_receive entering
debug3: monitor_read: checking request 113
debug3: mm_answer_audit_command entering
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x08
debug2: fd 9 setting O_NONBLOCK
debug2: fd 8 setting O_NONBLOCK
debug2: fd 11 setting O_NONBLOCK
debug3: send packet: type 99
debug2: channel 0: read 13 from efd 11
debug2: channel 0: rwin 2147483647 elen 13 euse 1
debug2: channel 0: sent ext data 13
debug2: channel 0: read 11 from efd 11
debug2: channel 0: rwin 2147483634 elen 11 euse 1
debug2: channel 0: sent ext data 11
Connection closed by 192.168.0.101 port 52769
Everything looks fine up to this point. 192.168.0.101 is my TortoiseSVN machine. I wish I could somehow see what TortoiseSVN is saying and what the SVN server is replying.
Its getting stuck as you can see.
Below is what verbose connection shows.
[ftpuser#eu9sacovn48 ~]$ ssh -v gmrsops#uscasaciccx82
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to uscasaciccx82 [113.130.154.54] port 22.
debug1: Connection established.
debug1: identity file /cpmapps/ftpuser/.ssh/identity type -1
debug1: identity file /cpmapps/ftpuser/.ssh/id_rsa type 1
debug1: identity file /cpmapps/ftpuser/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'uscasaciccx82' is known and matches the RSA host key.
debug1: Found key in /cpmapps/ftpuser/.ssh/known_hosts:7
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /cpmapps/ftpuser/.ssh/identity
debug1: Offering public key: /cpmapps/ftpuser/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
I tried connecting to the server without a key but its still not working.
[ftpuser#eu9sacovn48 ~]$ ssh -o PreferredAuthentications=keyboard-interactive,password -o PubkeyAuthentication=no gmrsops#USCASACICCX82
gmrsops#uscasaciccx82's password:
I can login to cygwin just fine while on local server.
Here's what fixed the issue for me.
Run sshd in debug mode using below command
/usr/sbin/sshd.exe -D -dd
This gave me the below warnings
$ /usr/sbin/sshd.exe -D -dd debug2: load_server_config: filename
/etc/sshd_config debug2: load_server_config: done config len = 285
debug2: parse_server_config: config /etc/sshd_config len 285 debug1:
sshd version OpenSSH_7.5, OpenSSL 1.0.2k 26 Jan 2017
########################################################### #
WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0770 for '/etc/ssh_host_rsa_key' are too open. It is
required that your private key files are NOT accessible by others.
This private key will be ignored. key_load_private: bad permissions
Could not load host key: /etc/ssh_host_rsa_key
########################################################### #
WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0770 for '/etc/ssh_host_dsa_key' are too open. It is
required that your private key files are NOT accessible by others.
This private key will be ignored. key_load_private: bad permissions
Could not load host key: /etc/ssh_host_dsa_key
########################################################### #
WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0770 for '/etc/ssh_host_ecdsa_key' are too open. It is
required that your private key files are NOT accessible by others.
This private key will be ignored. key_load_private: bad permissions
Could not load host key: /etc/ssh_host_ecdsa_key
########################################################### #
WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0770 for '/etc/ssh_host_ed25519_key' are too open. It is
required that your private key files are NOT accessible by others.
This private key will be ignored. key_load_private: bad permissions
Could not load host key: /etc/ssh_host_ed25519_key sshd: no hostkeys
available -- exiting.
So I changed the permissions of the above files to 600
$ chmod 0600 /etc/ssh_host*
Then the debug command again.
SHA256:4yqAb/GiMfMJPmIXfKz+Zw4fWOCVN7E6vUDHEtokdHk /var/empty must be owned by root and not group or world-writable.
Then change the permission of this folder to 600.
$ chmod 600 /var/empty
This fixed the issue.
Since you're trying to connect to a Windows machine, you may not have an SSH server installed/enabled. Check to make sure SSH is installed and properly configured in your cygwin environment. It is part of the OpenSSH package. More info here.
Edit: See this post where someone had the exact same error.
My machine is on CentOS 5 and I can't upgrade it.
# ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
# which ssh
/usr/bin/ssh
OpenSSH/OpenSSL are too old to connect to ssh://git#altssh.bitbucket.org:443 (yes there is a proxy)
So I compiled a recent version of ssh and ssl in /tmp/ssh
# /tmp/ssh/bin/ssh -V
OpenSSH_6.9p1, OpenSSL 1.0.2j 26 Sep 2016
It works like charme
# /tmp/ssh/bin/ssh -v git#altssh.bitbucket.org -p 443
...
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).
Authenticated to altssh.bitbucket.org (via proxy).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
PTY allocation request failed on channel 0
logged in as *********.
You can use git or hg to connect to Bitbucket. Shell access is disabled.
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to altssh.bitbucket.org closed.
Transferred: sent 3552, received 1744 bytes, in 0.4 seconds
Bytes per second: sent 9724.6, received 4774.7
debug1: Exit status 0
Now, how can I tell git to use /tmp/ssh/bin/ssh instead of /usr/bin/ssh ?
You can either prepend to PATH the base directory of the alternative ssh binary, or set the GIT_SSH environment variable to the path of the alternative ssh. For example:
export GIT_SSH=/to/ssh/bin/ssh
I want to clone a git repository to my ubuntu through ssh, but I'm getting the following error:
Permission denied (publickey). fatal: Could not read from remote
repository.
My public key is added in the agent and I have used it already on Windows but when I tried it on Linux it didn't work.
Every remote git repo is associated with some login that will be performed on the remote system in order to gain access to the repo directory. This login attempt is failing, because (a) your SSH key is not being recognized (or, is not being correctly served by an SSH-agent on your computer), and (b) password-login is not an alternative.
To help diagnose the problem, remove git from the picture. Use git remote -v to find the user/host that is being attempted, and try a direct ssh login to that account. (It will fail.) Diagnose the problem as you would for any similar ssh-only issue. Once you are able to log-in, you will be able to clone.
Git does it's thing over ssh (in your case) or https. It's generally better to debug connection problems using the underlying command and not through Git, you'll get better diagnostics and can use normal ssh debugging techniques.
Try connecting to the same remote just using ssh -v (ssh in verbose mode). If it's git clone git#github.com:schwern/dotfiles.git then try ssh -v git#github.com. Just the user and host. And yes, the user should be git, Github identifies you by your ssh key.
You should get something like this...
$ ssh -v git#github.com
OpenSSH_7.2p1, OpenSSL 1.0.2h 3 May 2016
debug1: Reading configuration data /Users/schwern/.ssh/config
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug1: Connecting to github.com [192.30.253.113] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/schwern/.ssh/id_rsa type -1
...a whole lot of ssh looking for your ssh keys...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/schwern/.ssh/github
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/schwern/.ssh/id_rsa
debug1: Trying private key: /Users/schwern/.ssh/id_dsa
...a whole lot of trying ssh keys...
debug1: No more authentication methods to try.
Permission denied (publickey).
The important parts are where it looks for and offers keys. If you don't see your Github key in there, then you need to figure out why. If you do see your Github key in there, then you should check that it is what Github thinks is your key.
What you want to see is this.
$ ssh -v git#github.com
OpenSSH_7.2p1, OpenSSL 1.0.2h 3 May 2016
debug1: Reading configuration data /Users/schwern/.ssh/config
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug1: Connecting to github.com [192.30.253.113] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/schwern/.ssh/id_rsa type -1
...ssh finding your keys...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/schwern/.ssh/github
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([192.30.253.113]:22).
...Yay! You're in!...
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Requesting authentication agent forwarding.
PTY allocation request failed on channel 0
Hi schwern! You've successfully authenticated, but GitHub does not provide shell access.
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to github.com closed.
Transferred: sent 2936, received 1796 bytes, in 0.2 seconds
Bytes per second: sent 13380.7, received 8185.2
debug1: Exit status 1
I've been trying for far too long to get an SSH command working from Drone, which runs in a Docker container called bb. I've added RUN echo " IdentityFile /root/.ssh/id_rsa" >> /etc/ssh/ssh_config in my Dockerfile per some recommendations in other threads.
I've used docker run -it bb /bin/bash to check that SSH keys are there, and I can successfully SSH into a remote host using that interactive terminal.
However, when I try to do the same command using the .drone.yml build script like this:
image: bb
script:
- whoami
- ssh -vvv -t -t 192.0.2.1 "whoami"
...I get "Permission denied" errors after being bumped down to password-based identification. (The whoami runs inside the container, outputs root, and continues to the ssh command.)
I've boiled down the verbose output to this relevant piece:
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp f2:...
debug3: sign_and_send_pubkey: RSA f2:...
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
...where it clearly says "we did not send a packet, disable method". I've checked the key's fingerprint with ssh-keygen -lf /root/.ssh/id_rsa and it matches the one in the output.
I then watched the auth logs (/var/log/auth.log) on the remote host and I can see my successful tests, but when Drone runs its container the logs report that `RSA_public_decrypt failed'. Here are the logs.
Successful (interactive container) login:
Accepted publickey for root from 192.0.2.1 port 59472 ssh2: RSA f2:...
pam_unix(sshd:session): session opened for user root by (uid=0)
Received disconnect from 192.0.2.1: 11: disconnected by user
pam_unix(sshd:session): session closed for user root
Failed (Drone container) login:
error: RSA_public_decrypt failed: error:04067084:lib(4):func(103):reason(132)
Failed password for root from 192.0.2.1 port 54172 ssh2
Failed password for root from 192.0.2.1 port 54172 ssh2
Connection closed by 192.0.2.1 [preauth]
So it looks like my key is not sent by the Drone container. I've run whoami in the build script, and it reports that it's running as root, which is what I expect.
How can I get this to work?
GOT IT. While digging around in the settings for that repository, I noticed a "Public Key" field:
I tried adding that to the authorized_keys file, and running my .drone.yml, and what do you know - it worked. Went back and checked the docs - it's nowhere to be found. Undocumented super secret field FTW.