I try to make a ssh connection from MacOS to linux. I've tried to follow several tips found on the internet, however I still get the following error when I tried to run xclock:
X11 connection rejected because of wrong authentication.
Error: Can't open display: localhost:10.0
A little bit more information:
It does not make any difference if I use ssh -X something#somewhere or ssh -Y something#somewhere
I did install XQuartz and it is running on my Mac. xclock etc do work on Mac.
When I add -vv when logging in I get the following:
"debug1: No xauth program.
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing."
which xauth # Mac gives the result /opt/X11/bin/xauth while which xauth logged in at the server gives /usr/bin/xauth --> Do note that at ssh_config and sshd_config (#Mac) the line XAuthLocation /opt/X11/bin/xauth is present
I uncommented ForwardX11 yes and ForwardAgent yes in ssh_config #Mac
If you will need any more information, please let me know! I really hope somebody could guide me to the right solution!
Related
SSH has been working fine for the last few weeks since I got my new PC. I've had no problems but today I started getting:
ssh: connect to host github.com port 22: resource temporarily unavailable
I did some googling and found that there is a common issue with WSL which sometimes causes this, but I'm unable to SSH from my bash shell, or from cmd/powershell.
This is the part that confuses me, if I do: ssh -T git#192.30.253.113 I am prompted for the password to my key, it successfully authenticates and responds with "Hi alexmk92! You've successfully authenticated".
Great, that at least proves that my firewall isn't blocking SSH on port 22. But why does git#github.com throw the resource failed error? My initial thought is that this could be a DNS problem.
So I tried to configure my network adapter to use Google's DNS server (8.8.8.8 and 8.8.4.4) I even configured the IPV6 DNS servers just in case. Following this I did an ipconfig /flushdns, attempted to connect via git#github.com again and BAM the same result, however git#192.30.253.113 still works.
I'm guessing another potential cause is that github.com is behind a load balancer and one of the IP's on the cluster could be black-listed somewhere on my machine? I'm just pulling guesses out of thin air now, any help would be greatly appreciated, this is driving me insane.
After some further Googling it turned out that my machine did not have a hosts entry for github.com and it was unable to automatically resolve it.
In Windows Subsystem for Linux I created a ssh config file
touch ~/.ssh/config
(for some reason the base distro of Ubuntu 18.04 on the windows marketplace didn't have one) I then had to make sure the file permissions were correct:
chmod 755 ~/.ssh/config
Once the file was created, I edited it with
sudo nano ~/.ssh/config
and added github.com as a Host.
Host github.com
Hostname ssh.github.com
Port 22
Upon saving, I ran
sudo /etc/init.d/ssh restart
and attempted
ssh -T git#github.com
Everything now seems to be working.
In my case my ISP did not allow ssh, so it was not working from cmd and wsl both. Got around it using vpn
To have successful SSH connection to Github, SSH key has to be import into Github
Open Git bash or Terminal
Run the command ssh-keygen
Choose all default option
A private and a public key gets generated in the folder * < user_home>/.ssh/*
Login to Github.com
Navigate to account settings
Choose item "SSH and GPG Keys" from the side navigation bar
click added new SSh key
Copy and save public key content from * < user_home>/.ssh/id_rsa.pub *
I'm trying to log with ssh on my EC2 instance with a new dual-booted ubuntu 16.04. It's the first time i'm logging in with this client, so there is nothing in .ssh/known_hosts to be deleted, as it is suggested in many other posts like this one.
When I run :
ssh -i "my_key.pem" ubuntu#servername.amazonaws.com
I get:
The authenticity of host 'servername.amazonaws.com (serverip)' can't be established.
ECDSA key fingerprint is SHA256:***************************.
Are you sure you want to continue connecting (yes/no)?
Host key verification failed.
Since i can log with the exac same key from putty on my windows computer,and also from a mac with the same key, this doesnt seem to be key-related.
Anyone out there to help? Thanks in advance!
EDIT: i installed putty on linux, since it was working on windows. Doesnt work either.
nmap localhost gives me port 22 open.
nmap my.ip doesnt.
I tried to ssh to another address, and same results on ssh and putty :(
EDIT2: not a duplicate of BitBucket: Host key authentication failed
Problem solved: it was just me who only pressed Enter on "Are you sure you want to continue connecting (yes/no)?" and not typing yes. Thanks #Kenster
If you do not get any option to continue to connect and it fails permanently, then you could use the command with StrictHostKeyChecking=no option like following :
ssh -i "my_key.pem" ubuntu#servername.amazonaws.com -o StrictHostKeyChecking=no
I have installed Cygwin in my windows machine. And I want to login into cygwin using ssh mode from putty.
I have installed sshd [openSSH]service package in cygwin and it is up and running.
Now I try login Via Putty using port 22 ssh mode it throws the below error.
PuTTY Fatal Error
Couldn't agree a client-to-server cipher (available: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com)
Please help us to resolve this issue.
Upgrading PuTTY from 5.8 to 6.0 helps sometimes.
One could add a supported cipher to "Ciphers" line on the server in /etc/ssh/sshd_config and then restart sshd, but I believe sshd has a reasonable defaults, so I wouldn't do that.
Hey I'm having an issue getting ssh X forwarding to work. The setup is I'm sshing into my ubuntu VM off OSX Yosemite host machine.
I already installed xQuartz on OSX, xauth on ubuntu, and I believe I've have all the correct options set in ssh_config files.
I get the
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
X11 forwarding request failed on channel 0
message when opening a connection with ssh -X, and when I tried to run an X application:
xterm: Xt error: Can't open display:
xterm: DISPLAY is not set
I have the identical setup on my other machine except running Mavericks and it works fine, is there something specific to Yosemite specific I have to worry about?
Note that some incomplete answers might lead to security flaws.
Using ssh -Y means here having fake xauth information which is bad!
ssh -X should work since XQuartz, once enabled, uses xauth. The only problem is that ssh is looking for xauth in /usr/X11R6/bin and on macOS with XQuartz it is in /opt/X11/bin
Secure solution:
Enable the first option in the Security tab of preferences (Cmd-,) which enables authenticated connections.
Edit ~/.ssh/config, add XAuthLocation /opt/X11/bin/xauth to the host config.
ssh -X your_server works in a secure manner.
Ensure xauth is installed on the destination host.
On macOS Sierra, I now have to do ssh -Y instead of ssh -X to get a display from a linux machine to work on my Mac.
I received the same warning as you after upgrading to Yosemite.
After I added ForwardX11Trusted yes in my ~/.ssh/config file, the warning disappeared.
Do you have the following lines in your ~/.ssh/config file for enabling Trusted X11 forwarding?
Host APPROPRIATE_HOSTNAME
ForwardX11Trusted yes
ForwardX11 yes
OTHER_OPTIONS
Gilles Gouaillardet has the answer that solved this for me. Edit ~/.ssh/config to contain
Host *
XAuthLocation /opt/X11/bin/xauth
and ssh -X hostname now works (XQuartz 2.7.11, macOS 10.4 Mojave)
I already had the latest XQuartz 2.7.11 installed, but I think I've also updated the OS a few times since then. I reinstalled XQuartz 2.7.11, and now it is working fine.
ForwardX11Trusted is required even for connections you think are untrusted when your X server doesn't have the SECURITY extension (Apple servers have a ton of visuals that take up over 100 lines, so I suggest "xdpyinfo | grep SECURITY" to check; if that returns no output, you don't have it). There may be other reasons and exceptions, but this worked for me.
I've just downloaded the latest X11 version and it worked again
I just hit this issue using Mac OS X 10.6.8 to Linux Debian 9.
None of the solutions provided worked.
Root cause was: loopback interface was "DOWN" on the target Linux host.
I had to type the following on the target host to fix the issue
ip link set lo up
Same as answered by user Xvalidated above. but there was no ssh_config file in my .ssh directory.
1. copy ./etc/ssh_config to ~/.ssh/ #file if not there
2. edit
Host hostname
ForwardX11Trusted yes
ForwardX11 yes
As answered before, I would like to add one more thing which will work to reinstall X-supporting software.
When you login the cluster, do not use -X or -Y options.
Example:
ssh -Y remotelogin: gives me X11 related warning.
ssh remotelogin: No warning, works fine.
Is anyone can give to me the FULL process to set up X11 forwarding from a CentOS fresh and clean install on a dedicated server ?
So, i have access to the server only by ssh
The problem is simple : i already tried i think all solution i find in google to make X11 forwarding working :
set in /etc/ssh/sshd_config
X11Forwarding yes
and
X11UseLocalhost no or X11UseLocalhost yes
and
XAuthLocation /usr/bin/xauth (and xauth is in this path)
and
AddressFamily inet or AddressFamily any
restarting sshd after each write with /etc/init.d/sshd restart (and it tell to me it stop and start)
i tried to install many and many things (restarting sshd after each install) like :
yum groupinstall 'X Window System' (it works well)
xorg-x11-utils (it works)
xorg-x11-fonts-* (it works)
xorg-x11-xauth (already installed)
yum install xorg-x11-xauth.x86_64 (it works)
when i try "strings /usr/sbin/sshd |grep xauth" i got :
/usr/bin/xauth
xauthlocation
maxauthtries
No xauth program; cannot forward with spoofing.
but /usr/bin/xauth give me :
Using authority file /root/.Xauthority
xauth>
so xauth is in the right place...
i tried all ssh option -X, -x, -Y -XY.... nothing worked.
i tried to set display myself, but nothing worked :
DISPLAY is not set, Can't open display and other errors like that.
And just after ssh login $DISPLAY is empty, always.
And i'm not sure that i have not forget some solution i have already tried...
Anyone to help me to get X11 forwarding working ?
I have
CentOS release 6.5 (Final)
and my hoster is OVH
PS : sorry for my bad english
I encountered this same issue, due to an ~/.Xauthority file not being generated for new users upon connecting via ssh. I'd made all appropriate changes to /etc/ssh/sshd_config and /etc/ssh/ssh_config and reset the service via
/etc/init.d/sshd restart
But I never had any luck until I changed my SELinux settings after finding this - ssh X11 forwarding won't work
Of course, you only want to implement changes to SELinux if it's acceptable for your use case. But for me, setting SELinux to permissive with
setenforce 0
and setting the following in /etc/selinux/config - so that this change persisted after reboot
SELINUX=permissive
I would like to emphasize that my situation is a non-critical operation within a (hopefully!) securely-managed intranet. I would NOT suggest turning off SELinux at work, or at home if you're hoping to open ports or configure VPN for your home network. Please consider: http://securityblog.org/2006/05/21/software-not-working-disable-selinux/