当我尝试与 建立 X11 转发连接时myserver
,出现以下错误:
% ssh -X myserver xlogo
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
Error: Can't open display: localhost:10.0
%
-Y
(如果我使用而不是,我会得到同样的错误-X
。无论哪种方式,我都不会看到该xlogo
窗口。)
如果我使用相同的命令连接到不同的服务器,它工作正常(即xlogo
按预期弹出窗口),所以我怀疑问题出在myserver
(而不是我的本地配置)。
另外,如果我使用
% ssh -X myserver
连接成功,我登录到了myserver
。如果然后我运行xlogo
,我会得到与上面所示相同的错误。
顺便说一句,本地 ssh 客户端/X11 服务器是 Ubuntu 笔记本电脑,远程 ssh 服务器/X11 客户端是运行 OS X Lion 的工作站。
我也运行过ssh -vvvX myserver xlogo
,但是大量的输出对我来说意义不大,而且我无法从中诊断问题。 (FWIW,我复制了下面的输出。)
我该如何进一步解决这个问题?
% ssh -vvvX myserver xlogo
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /home/yrstruly/.ssh/config
debug1: /home/yrstruly/.ssh/config line 19: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to myserver [10.0.140.33] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/yrstruly/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/yrstruly/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/yrstruly/.ssh/id_rsa-cert type -1
debug1: identity file /home/yrstruly/.ssh/id_dsa type -1
debug1: identity file /home/yrstruly/.ssh/id_dsa-cert type -1
debug1: identity file /home/yrstruly/.ssh/id_ecdsa type -1
debug1: identity file /home/yrstruly/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6
debug1: match: OpenSSH_5.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "myserver" from file "/home/yrstruly/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/yrstruly/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 129/256
debug2: bits set: 521/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 3b:5b:22:9e:e4:d1:12:7a:b9:6e:1a:e6:25:6d:b8:0e
debug3: load_hostkeys: loading entries for host "myserver" from file "/home/yrstruly/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/yrstruly/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "10.0.140.33" from file "/home/yrstruly/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/yrstruly/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'myserver' is known and matches the RSA host key.
debug1: Found key in /home/yrstruly/.ssh/known_hosts:3
debug2: bits set: 511/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/yrstruly/.ssh/id_rsa (0xb7a97898)
debug2: key: yrstruly@mylaptop (0xb7a991c8)
debug2: key: yrstruly@mylaptop (0xb7a99398)
debug2: key: /home/yrstruly/.ssh/id_dsa ((nil))
debug2: key: /home/yrstruly/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/yrstruly/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 0e:d0:ba:5c:c1:39:a9:c7:7b:c4:b7:11:87:33:b7:d7
debug3: sign_and_send_pubkey: RSA 0e:d0:ba:5c:c1:39:a9:c7:7b:c4:b7:11:87:33:b7:d7
debug1: Authentication succeeded (publickey).
Authenticated to myserver ([10.0.140.33]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug2: callback start
debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-gMzJTOiJ3041/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-gMzJTOiJ3041/xauthfile list :0.0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 1
debug2: client_session2_setup: id 0
debug2: fd 3 setting TCP_NODELAY
debug1: Sending environment.
debug3: Ignored env PWD
debug3: Ignored env DISPLAY
debug3: Ignored env TERM
debug3: Ignored env TERMCAP
debug3: Ignored env COLUMNS
debug3: Ignored env EMACS
debug3: Ignored env INSIDE_EMACS
debug3: Ignored env _
debug3: Ignored env VENV_DIR
debug3: Ignored env VIRTUALENVWRAPPER_LOG_DIR
debug3: Ignored env VIRTUALENVWRAPPER_HOOK_DIR
debug3: Ignored env WORKON_HOME
debug3: Ignored env VIRTUALENVWRAPPER_PROJECT_FILENAME
debug3: Ignored env RSYNC_GLOBAL_INCLUDES
debug3: Ignored env RSYNC_GLOBAL_EXCLUDES
debug3: Ignored env RSYNC_PARTIAL_DIR
debug3: Ignored env RSYNC_DIR
debug3: Ignored env CVSEDITOR
debug3: Ignored env EDITOR
debug3: Ignored env GIT_PAGER
debug3: Ignored env LESS
debug3: Ignored env PAGER
debug3: Ignored env PERL_RL
debug3: Ignored env HISTCONTROL
debug3: Ignored env HISTFILESIZE
debug3: Ignored env HISTFILE
debug3: Ignored env SAVEHIST
debug3: Ignored env HISTSIZE
debug3: Ignored env LSCOLORS
debug3: Ignored env perld
debug1: Sending env LC_ALL = en_US.utf8
debug2: channel 0: request env confirm 0
debug3: Ignored env LANGUAGE
debug3: Ignored env ZSHVARDIR
debug3: Ignored env ZDOTDIROS
debug3: Ignored env ZDOTDIRLOCAL
debug3: Ignored env ZDOTDIR
debug3: Ignored env OLDPWD
debug3: Ignored env SHLVL
debug3: Ignored env GPG_AGENT_INFO
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env USER
debug3: Ignored env HOME
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env PATH
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env WINDOWID
debug3: Ignored env XDG_SESSION_COOKIE
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env UBUNTU_MENUPROXY
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env GDMSESSION
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env COLORTERM
debug3: Ignored env XAUTHORITY
debug3: Ignored env GNOME_KEYRING_PID
debug3: Ignored env MANDATORY_PATH
debug3: Ignored env LOGNAME
debug1: Sending env LANG = en_US.utf8
debug2: channel 0: request env confirm 0
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env SHELL
debug3: Ignored env WINDOW
debug3: Ignored env STY
debug3: Ignored env LD_LIBRARY_PATH
debug1: Sending command: xlogo
debug2: channel 0: request exec confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: X11 forwarding request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 51763
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: write failed
debug2: channel 1: close_write
debug2: channel 1: output open -> closed
debug2: X11 closed 1 i3/o3
debug2: channel 1: send close
debug2: channel 1: rcvd close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
#1 x11 (t7 r3 i3/0 o3/0 fd 7/7 cc -1)
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 51764
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: write failed
debug2: channel 1: close_write
debug2: channel 1: output open -> closed
debug2: X11 closed 1 i3/o3
debug2: channel 1: send close
debug2: channel 1: rcvd close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
#1 x11 (t7 r3 i3/0 o3/0 fd 7/7 cc -1)
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 51765
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: write failed
debug2: channel 1: close_write
debug2: channel 1: output open -> closed
debug2: X11 closed 1 i3/o3
debug2: channel 1: send close
debug2: channel 1: rcvd close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
#1 x11 (t7 r3 i3/0 o3/0 fd 7/7 cc -1)
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 51766
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: write failed
debug2: channel 1: close_write
debug2: channel 1: output open -> closed
debug2: X11 closed 1 i3/o3
debug2: channel 1: send close
debug2: channel 1: rcvd close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
#1 x11 (t7 r3 i3/0 o3/0 fd 7/7 cc -1)
debug2: channel 0: rcvd ext data 42
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: obuf_empty delayed efd 6/(42)
Error: Can't open display: localhost:10.0
debug2: channel 0: written 42 to efd 6
debug3: channel 0: will not send data after close
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)
Transferred: sent 3152, received 2728 bytes, in 0.4 seconds
Bytes per second: sent 8679.2, received 7511.7
debug1: Exit status 1
答案1
对我来说,它以前有助于删除.Xauthority
文件。您可能应该支持它们。
mkdir ~/Xauth-old
mv ~/.X* ~/Xauth-old/
此外,~/.ssh/config
您可以使用以下方式避免身份验证带来的其他问题
ForwardX11Trusted yes
答案2
请尝试此处的步骤:http://www.cyberciti.biz/faq/x11-connection-rejected-because-of-wrong-authentication/
这可能是~/.Xauthority
所有权或/etc/ssh/sshd_config
问题。您还可以检查$ tail /var/log/messages
答案3
添加这一行来/etc/ssh/sshd_config
为我修复它:
X11UseLocalhost yes
答案4
如果我不正确,请一些 Unix 专家纠正我:
这尤其困难,因为大多数答案都没有清楚地解释您应该更改连接的哪一侧。
对于这个例子:
主机 A 正在运行 X(这有时会令人困惑,因为它是显示服务器)
主机 B 正在运行 sshd(安全 shell 服务器)
如果指令说“在服务器上,执行 x”,那么混乱就会开始,所以在这个例子中我们称它们为主机-a和主机-b
您正在主机 A 中尝试使用命令行,并且您正在尝试
user1@host-a:~$ ssh -v -X user2@host-b
您必须在 host-b 上配置 ssh 守护进程
在 host-b 上编辑 /etc/ssh/sshd_config 添加
AddressFamily inet
X11Forwarding yes
在主机 b 上重新启动 sshd
sudo restart ssh
现在应该可以了
要测试,请尝试:
user1@host-a:~$ ssh -v -X user2@host-b
再次强调,这次 echo $DISPLAY 应该显示 DISPLAY 值,并且 xterm 应该在 host-a 上创建一个 xterm