Peng Yu
2015-Jul-18 03:24 UTC
How to ssh to a server via an intermediate server with X11 forwarding?
On Sun, Jul 5, 2015 at 3:26 AM, Damien Miller <djm at mindrot.org> wrote:> On Sat, 4 Jul 2015, Peng Yu wrote: > >> I tried the following command. >> >> ssh -Y -t intermediate -- ssh -Y dest >> >> But it shows the following error message. Does anybody know how to fix >> the problem? Thanks. > > ssh -oProxyCommand="ssh -W %h:%p intermediate" -Y dest > > should workSomehow, the above command works in some cases but not others (I still see "X11 forwarding request failed on channel 0"). Do you know how to debug for the cases that do not work? Thanks. -- Regards, Peng
Damien Miller
2015-Jul-18 08:18 UTC
How to ssh to a server via an intermediate server with X11 forwarding?
On Fri, 17 Jul 2015, Peng Yu wrote:> On Sun, Jul 5, 2015 at 3:26 AM, Damien Miller <djm at mindrot.org> wrote: > > On Sat, 4 Jul 2015, Peng Yu wrote: > > > >> I tried the following command. > >> > >> ssh -Y -t intermediate -- ssh -Y dest > >> > >> But it shows the following error message. Does anybody know how to fix > >> the problem? Thanks. > > > > ssh -oProxyCommand="ssh -W %h:%p intermediate" -Y dest > > > > should work > > Somehow, the above command works in some cases but not others (I still > see "X11 forwarding request failed on channel 0"). Do you know how to > debug for the cases that do not work? Thanks.Add some -d options to one/both ssh commands. -d
Peng Yu
2015-Jul-18 17:32 UTC
How to ssh to a server via an intermediate server with X11 forwarding?
> Add some -d options to one/both ssh commands.Here is the output (I don't find a -d option). Do you see what is wrong? Thanks. ~$ ssh -v -oProxyCommand="ssh -v -W %h:%p intermediate" -Y dest OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /Users/myname/.ssh/config debug1: /Users/myname/.ssh/config line 50: Applying options for dest debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line 53: Applying options for * debug1: Executing proxy command: exec ssh -v -W dest.xxx.com:22 intermediate debug1: identity file /Users/myname/.ssh/id_rsa type 1 debug1: permanently_drop_suid: 509 debug1: identity file /Users/myname/.ssh/id_rsa-cert type -1 debug1: identity file /Users/myname/.ssh/id_dsa type 2 debug1: identity file /Users/myname/.ssh/id_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /Users/myname/.ssh/config debug1: /Users/myname/.ssh/config line 142: Applying options for intermediate debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line 53: Applying options for * debug1: Connecting to intermediate.xxx.com [165.91.87.71] port 22. debug1: Connection established. debug1: identity file /Users/myname/.ssh/id_rsa type 1 debug1: identity file /Users/myname/.ssh/id_rsa-cert type -1 debug1: identity file /Users/myname/.ssh/id_dsa type 2 debug1: identity file /Users/myname/.ssh/id_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH* debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5-etm at openssh.com zlib at openssh.com debug1: kex: client->server aes128-ctr hmac-md5-etm at openssh.com zlib at openssh.com debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA c8:93:83:84:3e:d9:a5:cf:e2:90:3c:8e:02:6d:1a:40 debug1: Host 'intermediate.xxx.com' is known and matches the RSA host key. debug1: Found key in /Users/myname/.ssh/known_hosts:101 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received Ubuntu 14.04.2 LTS debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/myname/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: read PEM private key done: type RSA debug1: Enabling compression at level 6. debug1: Authentication succeeded (publickey). Authenticated to intermediate.xxx.com ([165.91.87.71]:22). debug1: channel_connect_stdio_fwd dest.xxx.com:22 debug1: channel 0: new [stdio-forward] debug1: getpeername failed: Bad file descriptor debug1: Requesting no-more-sessions at openssh.com debug1: Entering interactive session. debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2 debug1: match: OpenSSH_6.2 pat OpenSSH* debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5-etm at openssh.com none debug1: kex: client->server aes128-ctr hmac-md5-etm at openssh.com none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA c2:6f:77:70:0e:51:ab:70:3a:b5:32:e8:c3:01:f3:57 debug1: Host 'dest.xxx.com' is known and matches the RSA host key. debug1: Found key in /Users/myname/.ssh/known_hosts:126 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/myname/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Offering DSA public key: /Users/myname/.ssh/id_dsa debug1: Server accepts key: pkalg ssh-dss blen 433 debug1: read PEM private key done: type DSA debug1: Authentication succeeded (publickey). Authenticated to dest.xxx.com (via proxy). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions at openssh.com debug1: Entering interactive session. debug1: Requesting X11 forwarding with authentication spoofing. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 X11 forwarding request failed on channel 0 Last login: Sat Jul 18 12:28:13 2015 from intermediate.xxx.com -- Regards, Peng