[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

ssh & X11 Authentication Issue - Advice Please

I am getting an error while trying to use ssh to bounce from one
server to another. I do login after I enter my password but the error
exists and I would like to resolve this. Help / Ideas are appreciated
!  Thanks !

Situation...
My Linux Box (I am a new MSCE convert to linux -- hold the applause
heh)..

My linux box 'balrog'. I am ssh to various company servers, on each of
these servers(the ones I am interested in) my $home is mounted..
therefore all files on each one are the same.. config, keys... you
name it.

I am using some linux hacks from 'Linux Server Hacks'.

I have created an 'ssh-to' shell script to ease my movement from one
server to the next. I create symbolic links to it...

ssh-to
#!/bin/sh
ssh -X -g `basename $0` $*

This allows me to do the following:

htx@balrog:~$ sprite
Linux sprite 2.4.21-10-lm #2 SMP Tue Aug 12 05:30:05 EDT 2003 i686
GNU/Linux

Welcome to Storm Linux!  For Storm Linux or Stormix Technologies Inc.
specific information, please refer to our web site:

http://www.stormix.com/

Most of the programs included with the Storm Linux system are
freely redistributable; the exact distribution terms for each program
are described in the individual files in /usr/doc/*/copyright
Last login: Tue Dec 16 12:13:44 2003 from balrog.***.com
htx@sprite:~$
----------------------------------------------------------------------------

You will notice no password entry or anything, I have setup keys and
such.. this is a very kewl thing indeed !

Now... notice the following..

----------------------------------------------------------------------------
htx@sprite:~$ aspen
htx@aspen's password:
Warning: No xauth data; using fake authentication data for X11
forwarding.
Linux aspen 2.4.20-3 #3 SMP Thu Mar 13 21:34:31 EST 2003 i686 unknown

Most of the programs included with the Debian GNU/Linux system are
freely redistributable; the exact distribution terms for each program
are described in the individual files in /usr/share/doc/*/copyright

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Dec 16 11:04:28 2003 from dish:3.0
htx@aspen:~$
-----------------------------------------------------------------------------

I am password prompted at this point. I want to accomplish the
following

-- No password requesting -- I have keys already setup
-- No X11 forwarding, fake authentication errors.

More info..
Sprite, Aspen...  more servers are all mounted $home directory.

Yes i can do an 'aspen' from 'balrog' and hop on it..  its moving
forward from my 1st step that gives me problems.

---- Information for you ----
htx@aspen:~/.ssh$ cat config
ForwardAgent yes
ForwardX11 yes

htx@aspen:~/.ssh$ xauth list
MIT-MAGIC-COOKIE-1  671f14f9277dfff63db36cd9cc7f5785
MIT-MAGIC-COOKIE-1  5f0c930866097e5ff3e6008738e99dd0
MIT-MAGIC-COOKIE-1  9aa40bec3e104fc3b09a2d444cf8038a
MIT-MAGIC-COOKIE-1  9aa40bec3e104fc3b09a2d444cf8038a
MIT-MAGIC-COOKIE-1  588eb2af01fc5b310179283fb32b7e55
I removed more entries and the .com info... I think the idea is here..
I have magic cookies ! heh

A verbose login... ssh -v aspen
htx@sprite:~$ ssh -v aspen
OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10, SSH protocols 1.5/2.0, OpenSSL
0x0090703f
debug1: Reading configuration data
/usr/acct/metaltraq/usr/htx/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: Connecting to aspen [172.24.1.5] port 22.
debug1: Connection established.
debug1: identity file /usr/acct/metaltraq/usr/htx/.ssh/identity type
-1
debug1: identity file /usr/acct/metaltraq/usr/htx/.ssh/id_rsa type 1
debug1: identity file /usr/acct/metaltraq/usr/htx/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_3.4p1 Debian 1:3.4p1-1
debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian
1:3.6.1p2-10
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'aspen' is known and matches the RSA host key.
debug1: Found key in /usr/acct/metaltraq/usr/htx/.ssh/known_hosts:19
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering agent key: /usr/acct/metaltraq/usr/htx/.ssh/id_rsa
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Trying private key: /usr/acct/metaltraq/usr/htx/.ssh/identity
debug1: Offering public key: /usr/acct/metaltraq/usr/htx/.ssh/id_rsa
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Trying private key: /usr/acct/metaltraq/usr/htx/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: password
htx@aspen's password:

-- I enter password I login.. too much work for me =) --
Reply to: