При попытке установить соединение X11-forwarding с myserverя получаю следующую ошибку:
% ssh -X myserver xlogo
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
Error: Can't open display: localhost:10.0
%
(Я получаю ту же ошибку, если использую -Yвместо -X. В любом случае я никогда не вижу xlogoокно.)
Если я использую ту же команду для подключения к другому серверу, то все работает нормально (т.е. окно xlogoпоявляется, как и ожидалось), поэтому я подозреваю, что проблема в myserver(а не в моей локальной конфигурации).
Также, если вместо этого я использую
% ssh -X myserver
подключение проходит успешно, и я вхожу в myserver. Если затем я запускаю xlogo, я получаю ту же ошибку, что и показано выше.
Кстати, локальный ssh-клиент/X11-сервер — это ноутбук с Ubuntu, а удаленный ssh-сервер/X11-клиент — это рабочая станция под управлением OS X Lion.
Я также запустил ssh -vvvX myserver xlogo, но обширный вывод не имеет для меня особого смысла, и я не могу диагностировать проблему по нему. (Кстати, я скопировал этот вывод ниже.)
Как мне решить эту проблему дальше?
% ssh -vvvX myserver xlogo
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /home/yrstruly/.ssh/config
debug1: /home/yrstruly/.ssh/config line 19: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to myserver [10.0.140.33] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/yrstruly/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/yrstruly/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/yrstruly/.ssh/id_rsa-cert type -1
debug1: identity file /home/yrstruly/.ssh/id_dsa type -1
debug1: identity file /home/yrstruly/.ssh/id_dsa-cert type -1
debug1: identity file /home/yrstruly/.ssh/id_ecdsa type -1
debug1: identity file /home/yrstruly/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6
debug1: match: OpenSSH_5.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "myserver" from file "/home/yrstruly/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/yrstruly/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 129/256
debug2: bits set: 521/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 3b:5b:22:9e:e4:d1:12:7a:b9:6e:1a:e6:25:6d:b8:0e
debug3: load_hostkeys: loading entries for host "myserver" from file "/home/yrstruly/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/yrstruly/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "10.0.140.33" from file "/home/yrstruly/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/yrstruly/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'myserver' is known and matches the RSA host key.
debug1: Found key in /home/yrstruly/.ssh/known_hosts:3
debug2: bits set: 511/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/yrstruly/.ssh/id_rsa (0xb7a97898)
debug2: key: yrstruly@mylaptop (0xb7a991c8)
debug2: key: yrstruly@mylaptop (0xb7a99398)
debug2: key: /home/yrstruly/.ssh/id_dsa ((nil))
debug2: key: /home/yrstruly/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/yrstruly/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 0e:d0:ba:5c:c1:39:a9:c7:7b:c4:b7:11:87:33:b7:d7
debug3: sign_and_send_pubkey: RSA 0e:d0:ba:5c:c1:39:a9:c7:7b:c4:b7:11:87:33:b7:d7
debug1: Authentication succeeded (publickey).
Authenticated to myserver ([10.0.140.33]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug2: callback start
debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-gMzJTOiJ3041/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-gMzJTOiJ3041/xauthfile list :0.0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 1
debug2: client_session2_setup: id 0
debug2: fd 3 setting TCP_NODELAY
debug1: Sending environment.
debug3: Ignored env PWD
debug3: Ignored env DISPLAY
debug3: Ignored env TERM
debug3: Ignored env TERMCAP
debug3: Ignored env COLUMNS
debug3: Ignored env EMACS
debug3: Ignored env INSIDE_EMACS
debug3: Ignored env _
debug3: Ignored env VENV_DIR
debug3: Ignored env VIRTUALENVWRAPPER_LOG_DIR
debug3: Ignored env VIRTUALENVWRAPPER_HOOK_DIR
debug3: Ignored env WORKON_HOME
debug3: Ignored env VIRTUALENVWRAPPER_PROJECT_FILENAME
debug3: Ignored env RSYNC_GLOBAL_INCLUDES
debug3: Ignored env RSYNC_GLOBAL_EXCLUDES
debug3: Ignored env RSYNC_PARTIAL_DIR
debug3: Ignored env RSYNC_DIR
debug3: Ignored env CVSEDITOR
debug3: Ignored env EDITOR
debug3: Ignored env GIT_PAGER
debug3: Ignored env LESS
debug3: Ignored env PAGER
debug3: Ignored env PERL_RL
debug3: Ignored env HISTCONTROL
debug3: Ignored env HISTFILESIZE
debug3: Ignored env HISTFILE
debug3: Ignored env SAVEHIST
debug3: Ignored env HISTSIZE
debug3: Ignored env LSCOLORS
debug3: Ignored env perld
debug1: Sending env LC_ALL = en_US.utf8
debug2: channel 0: request env confirm 0
debug3: Ignored env LANGUAGE
debug3: Ignored env ZSHVARDIR
debug3: Ignored env ZDOTDIROS
debug3: Ignored env ZDOTDIRLOCAL
debug3: Ignored env ZDOTDIR
debug3: Ignored env OLDPWD
debug3: Ignored env SHLVL
debug3: Ignored env GPG_AGENT_INFO
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env USER
debug3: Ignored env HOME
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env PATH
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env WINDOWID
debug3: Ignored env XDG_SESSION_COOKIE
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env UBUNTU_MENUPROXY
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env GDMSESSION
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env COLORTERM
debug3: Ignored env XAUTHORITY
debug3: Ignored env GNOME_KEYRING_PID
debug3: Ignored env MANDATORY_PATH
debug3: Ignored env LOGNAME
debug1: Sending env LANG = en_US.utf8
debug2: channel 0: request env confirm 0
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env SHELL
debug3: Ignored env WINDOW
debug3: Ignored env STY
debug3: Ignored env LD_LIBRARY_PATH
debug1: Sending command: xlogo
debug2: channel 0: request exec confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: X11 forwarding request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 51763
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: write failed
debug2: channel 1: close_write
debug2: channel 1: output open -> closed
debug2: X11 closed 1 i3/o3
debug2: channel 1: send close
debug2: channel 1: rcvd close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
#1 x11 (t7 r3 i3/0 o3/0 fd 7/7 cc -1)
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 51764
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: write failed
debug2: channel 1: close_write
debug2: channel 1: output open -> closed
debug2: X11 closed 1 i3/o3
debug2: channel 1: send close
debug2: channel 1: rcvd close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
#1 x11 (t7 r3 i3/0 o3/0 fd 7/7 cc -1)
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 51765
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: write failed
debug2: channel 1: close_write
debug2: channel 1: output open -> closed
debug2: X11 closed 1 i3/o3
debug2: channel 1: send close
debug2: channel 1: rcvd close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
#1 x11 (t7 r3 i3/0 o3/0 fd 7/7 cc -1)
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 51766
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: write failed
debug2: channel 1: close_write
debug2: channel 1: output open -> closed
debug2: X11 closed 1 i3/o3
debug2: channel 1: send close
debug2: channel 1: rcvd close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
#1 x11 (t7 r3 i3/0 o3/0 fd 7/7 cc -1)
debug2: channel 0: rcvd ext data 42
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: obuf_empty delayed efd 6/(42)
Error: Can't open display: localhost:10.0
debug2: channel 0: written 42 to efd 6
debug3: channel 0: will not send data after close
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)
Transferred: sent 3152, received 2728 bytes, in 0.4 seconds
Bytes per second: sent 8679.2, received 7511.7
debug1: Exit status 1
решение1
Мне раньше помогало стирать .Xauthority-файлы. Вероятно, стоит сделать их резервную копию.
mkdir ~/Xauth-old
mv ~/.X* ~/Xauth-old/
Кроме того, ~/.ssh/configвы можете избежать некоторых других проблем с аутентификацией, используя
ForwardX11Trusted yes
решение2
Попробуйте выполнить следующие шаги:http://www.cyberciti.biz/faq/x11-connection-rejected-because-of-wrong-authentication/
Это может быть ~/.Xauthorityсобственность или /etc/ssh/sshd_configпроблема. Вы также можете проверить$ tail /var/log/messages
решение3
Добавив эту строку, /etc/ssh/sshd_configя исправил ситуацию:
X11UseLocalhost yes
решение4
Пожалуйста, эксперты по Unix поправьте меня, если я не прав:
Это особенно сложно, поскольку большинство ответов не дают четкого объяснения, какую сторону соединения следует изменить.
Для этого примера:
Хост A работает под управлением X (иногда это сбивает с толку, поскольку это сервер отображения)
На хосте B запущен sshd (сервер защищенной оболочки)
Путаница начинается, если в инструкциях говорится: «На сервере выполните x», поэтому в этом примере мы называем иххост-аихост-б
Вы пытаетесь в командной строке на хосте A и пытаетесь
user1@host-a:~$ ssh -v -X user2@host-b
Вам необходимо настроить демон ssh на хосте b
Отредактируйте ваш /etc/ssh/sshd_config на host-b Добавьте
AddressFamily inet
X11Forwarding yes
Перезапустить sshd на хосте b
sudo restart ssh
Теперь это должно работать.
Для проверки попробуйте:
user1@host-a:~$ ssh -v -X user2@host-b
Опять же, на этот раз echo $DISPLAY должен показать значение DISPLAY, а xterm должен создать xterm на host-a.