I do not often use X11 - but when I do I prefer to enable X11forwarding, and when finished - turn it off. This is preferable, imho, to having "clear" X11 processing when local - and otherwise impossible when working remote. Working with openssh-7.5p2 I cannot figure out what (extra) I need to do with sshd_config to get it working. I know that there is a security-fix starting with openssh-7.2 (https://www.openssh.com/security.html, March 9, 2016) - and when I load any version of openssh prior to Openssh-7.2 I get the expected X11 behavior over an ssh(d) X11forwarding tunnel. So, what should I be looking at on my server or client-side. Is there a different setting I should be using? I am still using the "putty" setting of: MIT-Magic-Cookie-1. (I'll test, in a moment using XDM-Authorization-1). However, the hint I am hoping for is the flag to set for sshd (e.g., -ddddd) and what debug string - to see if X11forwarding is attempted, and if so, why it is rejected by the sshd. Again - no changes to client-side - openssh-7.1 and earlier work, openssh-7.2 and later do not. Thanks for you time! Michael
On 04/10/2017 11:07, Michael Felt wrote:> I know that there is a security-fix starting with openssh-7.2 > (https://www.openssh.com/security.html, March 9, 2016) - and when I > load any version of openssh prior to Openssh-7.2 I get the expected > X11 behavior over an ssh(d) X11forwarding tunnel. > > So, what should I be looking at on my server or client-side. Is there > a different setting I should be using? I am still using the "putty" > setting of: MIT-Magic-Cookie-1. (I'll test, in a moment using > XDM-Authorization-1).Did not help.> However, the hint I am hoping for is the flag to set for sshd (e.g., > -ddddd) and what debug string - to see if X11forwarding is attempted, > and if so, why it is rejected by the sshd.Looking further: How can I see what is failing? Can I add a character to the whitelist (once I know what is rejected)? imho: the cure may be worse than the illness if this means my X11 sessions are either "clear" or impossible - as they are not in the SSH (encrypted) tunnel. From http://www.openssh.com/txt/x11fwd.adv 4. Details As part of establishing an X11 forwarding session, sshd(8) accepts an X11 authentication credential from the client. This credential is supplied to the xauth(1) utility to establish it for X11 applications that the user subsequently runs. The contents of the credential's components (authentication scheme and credential data) were not sanitised to exclude meta-characters such as newlines. An attacker could therefore supply a credential that injected commands to xauth(1). The attacker could then use a number of xauth commands to read or overwrite arbitrary files subject to file permissions, connect to local ports or perform attacks on xauth(1) itself. OpenSSH 7.2p2 implements a whitelist of characters that are permitted to appear in X11 authentication credentials.
On 04/10/2017 11:28, Michael Felt wrote:> On 04/10/2017 11:07, Michael Felt wrote: >> I know that there is a security-fix starting with openssh-7.2 >> (https://www.openssh.com/security.html, March 9, 2016) - and when I >> load any version of openssh prior to Openssh-7.2 I get the expected >> X11 behavior over an ssh(d) X11forwarding tunnel. >> >> So, what should I be looking at on my server or client-side. Is there >> a different setting I should be using? I am still using the "putty" >> setting of: MIT-Magic-Cookie-1. (I'll test, in a moment using >> XDM-Authorization-1). > Did not help. >> However, the hint I am hoping for is the flag to set for sshd (e.g., >> -ddddd) and what debug string - to see if X11forwarding is attempted, >> and if so, why it is rejected by the sshd. > > Looking further: How can I see what is failing? Can I add a character > to the whitelist (once I know what is rejected)? > > imho: the cure may be worse than the illness if this means my X11 > sessions are either "clear" or impossible - as they are not in the SSH > (encrypted) tunnel. > > From http://www.openssh.com/txt/x11fwd.adv > > 4. Details > > ??????? As part of establishing an X11 forwarding session, sshd(8) > ????accepts an X11 authentication credential from the client. > ????This credential is supplied to the xauth(1) utility to > ????establish it for X11 applications that the user subsequently > ????runs. > > ????The contents of the credential's components (authentication > ????scheme and credential data) were not sanitised to exclude > ????meta-characters such as newlines.So - is it the new-line in this output (I assume this is the response being sent (one line deleted)) # xauth list x072.home.local/unix:10? MIT-MAGIC-COOKIE-1 e757afdfac29af76342ec2360787ae91 # xauth list | od -c 0000000??? x?? 0?? 7?? 2?? .?? h?? o?? m?? e?? .?? l?? o?? c?? a l?? / 0000020??? u?? n?? i?? x?? :?? 1?? 0?????????? M?? I?? T?? -?? M A?? G 0000040??? I?? C?? -?? C?? O?? O?? K?? I?? E?? -?? 1?????????? e 7?? 5 ... 0000100??? e?? c?? 2?? 3?? 6?? 0?? 7?? 8?? 7?? a?? e?? 9?? 1? \n> An attacker could > ????therefore supply a credential that injected commands to > ????xauth(1). The attacker could then use a number of xauth > ????commands to read or overwrite arbitrary files subject to > ????file permissions, connect to local ports or perform attacks > ????on xauth(1) itself. > > ????OpenSSH 7.2p2 implements a whitelist of characters that > ????are permitted to appear in X11 authentication credentials. > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
On 04/10/2017 11:28, Michael Felt wrote:> > Looking further: How can I see what is failing? Can I add a character > to the whitelist (once I know what is rejected)? > > imho: the cure may be worse than the illness if this means my X11 > sessions are either "clear" or impossible - as they are not in the SSH > (encrypted) tunnel.My apologies - it seems I may have been 'days' too late, and the discussions about this are not (yet) spotted by the search engines - as, I see yesterday there was a new release - and the change notes may already provide some "debug" info... From: https://www.openssh.com/releasenotes.html, Changes since OpenSSH-7.5 ... ?* sshd(8): add ExposeAuthInfo option that enables writing details of the authentication methods used (including public keys where applicable) to a file that is exposed via a $SSH_USER_AUTH environment variable in the subsequent session. Still have to think a bit about how this is to be setup... Many thanks for your patience.
On 04/10/2017 11:07, Michael Felt wrote:> I do not often use X11 - but when I do I prefer to enable > X11forwarding, and when finished - turn it off. This is preferable, > imho, to having "clear" X11 processing when local - and otherwise > impossible when working remote. > > Working with openssh-7.5p2 I cannot figure out what (extra) I need to > do with sshd_config to get it working. > > I know that there is a security-fix starting with openssh-7.2 > (https://www.openssh.com/security.html, March 9, 2016) - and when I > load any version of openssh prior to Openssh-7.2 I get the expected > X11 behavior over an ssh(d) X11forwarding tunnel. > > So, what should I be looking at on my server or client-side. Is there > a different setting I should be using? I am still using the "putty" > setting of: MIT-Magic-Cookie-1. (I'll test, in a moment using > XDM-Authorization-1). However, the hint I am hoping for is the flag to > set for sshd (e.g., -ddddd) and what debug string - to see if > X11forwarding is attempted, and if so, why it is rejected by the sshd. > > Again - no changes to client-side - openssh-7.1 and earlier work, > openssh-7.2 and later do not. >If you need more verbose debug data - please say what you need specifically. Client Side: PUTTY-0.67 With OpenSSH-7.6p1 Event Log: Writing new session log (SSH packets mode) to file: C:\Users\michael\Desktop\putty.log Event Log: Looking up host "192.168.129.72" Event Log: Connecting to 192.168.129.72 port 22 Event Log: We claim version: SSH-2.0-PuTTY_Release_0.67 Event Log: Server version: SSH-2.0-OpenSSH_7.6 Event Log: Using SSH protocol version 2 Outgoing packet #0x0, type 20 / 0x14 (SSH2_MSG_KEXINIT) ... Incoming packet #0x9, type 91 / 0x5b (SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) ? 00000000? 00 00 01 00 00 00 00 00 00 00 00 00 00 00 80 00 ................ Event Log: Opened main channel Event Log: Requesting X11 forwarding Outgoing packet #0x9, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST) ? 00000000? 00 00 00 00 00 00 00 07 78 31 31 2d 72 65 71 01 ........x11-req. ? 00000010? 00 00 00 00 12 4d 49 54 2d 4d 41 47 49 43 2d 43 .....MIT-MAGIC-C ? 00000020? 4f 4f 4b 49 45 2d 31 XX XX XX XX XX XX XX XX XX OOKIE-1XXXXXXXXX ? 00000030? XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XXXXXXXXXXXXXXXX ? 00000040? XX XX XX XX XX XX XX XX XX XX XX 00 00 00 00 XXXXXXXXXXX.... Outgoing packet #0xa, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST) ? 00000000? 00 00 00 00 00 00 00 07 70 74 79 2d 72 65 71 01 ........pty-req. ? 00000010? 00 00 00 05 78 74 65 72 6d 00 00 00 50 00 00 00 ....xterm...P... ? 00000020? 18 00 00 00 00 00 00 00 00 00 00 00 10 03 00 00 ................ ? 00000030? 00 7f 80 00 00 96 00 81 00 00 96 00 00 ............. Outgoing packet #0xb, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST) ? 00000000? 00 00 00 00 00 00 00 05 73 68 65 6c 6c 01 ........shell. Incoming packet #0xa, type 100 / 0x64 (SSH2_MSG_CHANNEL_FAILURE) ? 00000000? 00 00 01 00????????????????????????????????????? .... Event Log: X11 forwarding refused Incoming packet #0xb, type 99 / 0x63 (SSH2_MSG_CHANNEL_SUCCESS) ? 00000000? 00 00 01 00????????????????????????????????????? .... ... And OpenSSH-7.1 =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2017.10.08 23:14:18 =~=~=~=~=~=~=~=~=~=~=~Event Log: Writing new session log (SSH packets mode) to file: C:\Users\michael\Desktop\putty.log Event Log: Looking up host "192.168.129.72" Event Log: Connecting to 192.168.129.72 port 22 Event Log: We claim version: SSH-2.0-PuTTY_Release_0.67 Event Log: Server version: SSH-2.0-OpenSSH_7.1 Event Log: Using SSH protocol version 2 Outgoing packet #0x0, type 20 / 0x14 (SSH2_MSG_KEXINIT) ... Incoming packet #0x9, type 91 / 0x5b (SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) ? 00000000? 00 00 01 00 00 00 00 00 00 00 00 00 00 00 80 00 ................ Event Log: Opened main channel Event Log: Requesting X11 forwarding Outgoing packet #0x9, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST) ? 00000000? 00 00 00 00 00 00 00 07 78 31 31 2d 72 65 71 01 ........x11-req. ? 00000010? 00 00 00 00 12 4d 49 54 2d 4d 41 47 49 43 2d 43 .....MIT-MAGIC-C ? 00000020? 4f 4f 4b 49 45 2d 31 XX XX XX XX XX XX XX XX XX OOKIE-1XXXXXXXXX ? 00000030? XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XXXXXXXXXXXXXXXX ? 00000040? XX XX XX XX XX XX XX XX XX XX XX 00 00 00 00 XXXXXXXXXXX.... Outgoing packet #0xa, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST) ? 00000000? 00 00 00 00 00 00 00 07 70 74 79 2d 72 65 71 01 ........pty-req. ? 00000010? 00 00 00 05 78 74 65 72 6d 00 00 00 50 00 00 00 ....xterm...P... ? 00000020? 18 00 00 00 00 00 00 00 00 00 00 00 10 03 00 00 ................ ? 00000030? 00 7f 80 00 00 96 00 81 00 00 96 00 00 ............. Outgoing packet #0xb, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST) ? 00000000? 00 00 00 00 00 00 00 05 73 68 65 6c 6c 01 ........shell. Incoming packet #0xa, type 99 / 0x63 (SSH2_MSG_CHANNEL_SUCCESS) ? 00000000? 00 00 01 00????????????????????????????????????? .... Event Log: X11 forwarding enabled Incoming packet #0xb, type 99 / 0x63 (SSH2_MSG_CHANNEL_SUCCESS) ? 00000000? 00 00 01 00????????????????????????????????????? .... ... Server side: # /opt/sbin/sshd -dddd debug2: load_server_config: filename /var/openssh/etc/sshd_config debug2: load_server_config: done config len = 476 debug2: parse_server_config: config /var/openssh/etc/sshd_config len 476 debug3: /var/openssh/etc/sshd_config:90 setting X11Forwarding yes debug3: /var/openssh/etc/sshd_config:112 setting Subsystem sftp /usr/sbin/sftp-server debug3: /var/openssh/etc/sshd_config:127 setting ciphers aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305 at openssh.com,aes256-cbc debug3: /var/openssh/etc/sshd_config:136 setting KexAlgorithms curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug3: kex names ok: [curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1] debug3: /var/openssh/etc/sshd_config:150 setting macs hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-sha1 debug1: sshd version OpenSSH_7.1, OpenSSL 1.0.2j? 26 Sep 2016 ... debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request x11-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req x11-req debug3: sock_set_v6only: set socket 7 IPV6_V6ONLY debug2: fd 6 setting O_NONBLOCK debug3: fd 6 is O_NONBLOCK debug1: channel 1: new [X11 inet listener] debug2: fd 7 setting O_NONBLOCK debug3: fd 7 is O_NONBLOCK debug1: channel 2: new [X11 inet listener] debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_pty_req: session 0 alloc /dev/pts/2 debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell +++++++ debug2: load_server_config: filename /var/openssh/etc/sshd_config debug2: load_server_config: done config len = 215 debug2: parse_server_config: config /var/openssh/etc/sshd_config len 215 debug3: /var/openssh/etc/sshd_config:42 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /var/openssh/etc/sshd_config:89 setting X11Forwarding yes debug3: /var/openssh/etc/sshd_config:112 setting Subsystem sftp /opt/libexec/sftp-server debug1: sshd version OpenSSH_7.6, OpenSSL 1.0.2j? 26 Sep 2016 ... debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug3: send packet: type 91 debug3: receive packet: type 98 debug1: server_input_channel_req: channel 0 request x11-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req x11-req debug3: send packet: type 4 debug3: send packet: type 100 debug3: receive packet: type 98 debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_pty_req: session 0 alloc /dev/pts/2 debug3: send packet: type 99 debug3: receive packet: type 98 debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell Again, thx for your time.> Thanks for you time! > > Michael > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
On 08/10/2017 23:32, Michael Felt wrote:> On 04/10/2017 11:07, Michael Felt wrote: >> I do not often use X11 - but when I do I prefer to enable >> X11forwarding, and when finished - turn it off. This is preferable, >> imho, to having "clear" X11 processing when local - and otherwise >> impossible when working remote. >> >> Working with openssh-7.5p2 I cannot figure out what (extra) I need to >> do with sshd_config to get it working. >> >> I know that there is a security-fix starting with openssh-7.2 >> (https://www.openssh.com/security.html, March 9, 2016) - and when I >> load any version of openssh prior to Openssh-7.2 I get the expected >> X11 behavior over an ssh(d) X11forwarding tunnel. >> >> So, what should I be looking at on my server or client-side. Is there >> a different setting I should be using? I am still using the "putty" >> setting of: MIT-Magic-Cookie-1. (I'll test, in a moment using >> XDM-Authorization-1). However, the hint I am hoping for is the flag >> to set for sshd (e.g., -ddddd) and what debug string - to see if >> X11forwarding is attempted, and if so, why it is rejected by the sshd. >> >> Again - no changes to client-side - openssh-7.1 and earlier work, >> openssh-7.2 and later do not. >> > If you need more verbose debug data - please say what you need > specifically.No comments? Is the data in the wrong format? IMHO - any comment is better than no comment. If it will take time - I will wait. But being held up because the data is wrong - and noone saying so - is counterproductive. Thx again for your time.> > Client Side: > > PUTTY-0.67 > With OpenSSH-7.6p1 > > Event Log: Writing new session log (SSH packets mode) to file: > C:\Users\michael\Desktop\putty.log > Event Log: Looking up host "192.168.129.72" > Event Log: Connecting to 192.168.129.72 port 22 > Event Log: We claim version: SSH-2.0-PuTTY_Release_0.67 > Event Log: Server version: SSH-2.0-OpenSSH_7.6 > Event Log: Using SSH protocol version 2 > Outgoing packet #0x0, type 20 / 0x14 (SSH2_MSG_KEXINIT) > ... > Incoming packet #0x9, type 91 / 0x5b (SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) > ? 00000000? 00 00 01 00 00 00 00 00 00 00 00 00 00 00 80 00 > ................ > Event Log: Opened main channel > Event Log: Requesting X11 forwarding > Outgoing packet #0x9, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST) > ? 00000000? 00 00 00 00 00 00 00 07 78 31 31 2d 72 65 71 01 > ........x11-req. > ? 00000010? 00 00 00 00 12 4d 49 54 2d 4d 41 47 49 43 2d 43 > .....MIT-MAGIC-C > ? 00000020? 4f 4f 4b 49 45 2d 31 XX XX XX XX XX XX XX XX XX > OOKIE-1XXXXXXXXX > ? 00000030? XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX > XXXXXXXXXXXXXXXX > ? 00000040? XX XX XX XX XX XX XX XX XX XX XX 00 00 00 00 XXXXXXXXXXX.... > Outgoing packet #0xa, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST) > ? 00000000? 00 00 00 00 00 00 00 07 70 74 79 2d 72 65 71 01 > ........pty-req. > ? 00000010? 00 00 00 05 78 74 65 72 6d 00 00 00 50 00 00 00 > ....xterm...P... > ? 00000020? 18 00 00 00 00 00 00 00 00 00 00 00 10 03 00 00 > ................ > ? 00000030? 00 7f 80 00 00 96 00 81 00 00 96 00 00 ............. > Outgoing packet #0xb, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST) > ? 00000000? 00 00 00 00 00 00 00 05 73 68 65 6c 6c 01 ........shell. > Incoming packet #0xa, type 100 / 0x64 (SSH2_MSG_CHANNEL_FAILURE) > ? 00000000? 00 00 01 00????????????????????????????????????? .... > Event Log: X11 forwarding refused > Incoming packet #0xb, type 99 / 0x63 (SSH2_MSG_CHANNEL_SUCCESS) > ? 00000000? 00 00 01 00????????????????????????????????????? .... > ... > > And OpenSSH-7.1 > > =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2017.10.08 23:14:18 > =~=~=~=~=~=~=~=~=~=~=~> Event Log: Writing new session log (SSH packets mode) to file: > C:\Users\michael\Desktop\putty.log > Event Log: Looking up host "192.168.129.72" > Event Log: Connecting to 192.168.129.72 port 22 > Event Log: We claim version: SSH-2.0-PuTTY_Release_0.67 > Event Log: Server version: SSH-2.0-OpenSSH_7.1 > Event Log: Using SSH protocol version 2 > Outgoing packet #0x0, type 20 / 0x14 (SSH2_MSG_KEXINIT) > ... > Incoming packet #0x9, type 91 / 0x5b (SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) > ? 00000000? 00 00 01 00 00 00 00 00 00 00 00 00 00 00 80 00 > ................ > Event Log: Opened main channel > Event Log: Requesting X11 forwarding > Outgoing packet #0x9, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST) > ? 00000000? 00 00 00 00 00 00 00 07 78 31 31 2d 72 65 71 01 > ........x11-req. > ? 00000010? 00 00 00 00 12 4d 49 54 2d 4d 41 47 49 43 2d 43 > .....MIT-MAGIC-C > ? 00000020? 4f 4f 4b 49 45 2d 31 XX XX XX XX XX XX XX XX XX > OOKIE-1XXXXXXXXX > ? 00000030? XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX > XXXXXXXXXXXXXXXX > ? 00000040? XX XX XX XX XX XX XX XX XX XX XX 00 00 00 00 XXXXXXXXXXX.... > Outgoing packet #0xa, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST) > ? 00000000? 00 00 00 00 00 00 00 07 70 74 79 2d 72 65 71 01 > ........pty-req. > ? 00000010? 00 00 00 05 78 74 65 72 6d 00 00 00 50 00 00 00 > ....xterm...P... > ? 00000020? 18 00 00 00 00 00 00 00 00 00 00 00 10 03 00 00 > ................ > ? 00000030? 00 7f 80 00 00 96 00 81 00 00 96 00 00 ............. > Outgoing packet #0xb, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST) > ? 00000000? 00 00 00 00 00 00 00 05 73 68 65 6c 6c 01 ........shell. > Incoming packet #0xa, type 99 / 0x63 (SSH2_MSG_CHANNEL_SUCCESS) > ? 00000000? 00 00 01 00????????????????????????????????????? .... > Event Log: X11 forwarding enabled > Incoming packet #0xb, type 99 / 0x63 (SSH2_MSG_CHANNEL_SUCCESS) > ? 00000000? 00 00 01 00????????????????????????????????????? .... > ... > > Server side: > > # /opt/sbin/sshd -dddd > debug2: load_server_config: filename /var/openssh/etc/sshd_config > debug2: load_server_config: done config len = 476 > debug2: parse_server_config: config /var/openssh/etc/sshd_config len 476 > debug3: /var/openssh/etc/sshd_config:90 setting X11Forwarding yes > debug3: /var/openssh/etc/sshd_config:112 setting Subsystem sftp > /usr/sbin/sftp-server > debug3: /var/openssh/etc/sshd_config:127 setting ciphers > aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305 at openssh.com,aes256-cbc > debug3: /var/openssh/etc/sshd_config:136 setting KexAlgorithms > curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug3: kex names ok: > [curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1] > debug3: /var/openssh/etc/sshd_config:150 setting macs > hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-sha1 > debug1: sshd version OpenSSH_7.1, OpenSSL 1.0.2j? 26 Sep 2016 > ... > > debug1: session_new: session 0 > debug1: session_open: channel 0 > debug1: session_open: session 0: link with channel 0 > debug1: server_input_channel_open: confirm session > debug1: server_input_channel_req: channel 0 request x11-req reply 1 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req x11-req > debug3: sock_set_v6only: set socket 7 IPV6_V6ONLY > debug2: fd 6 setting O_NONBLOCK > debug3: fd 6 is O_NONBLOCK > debug1: channel 1: new [X11 inet listener] > debug2: fd 7 setting O_NONBLOCK > debug3: fd 7 is O_NONBLOCK > debug1: channel 2: new [X11 inet listener] > debug1: server_input_channel_req: channel 0 request pty-req reply 1 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req pty-req > debug1: Allocating pty. > debug1: session_pty_req: session 0 alloc /dev/pts/2 > debug1: server_input_channel_req: channel 0 request shell reply 1 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req shell > +++++++ > > debug2: load_server_config: filename /var/openssh/etc/sshd_config > debug2: load_server_config: done config len = 215 > debug2: parse_server_config: config /var/openssh/etc/sshd_config len 215 > debug3: /var/openssh/etc/sshd_config:42 setting AuthorizedKeysFile > .ssh/authorized_keys > debug3: /var/openssh/etc/sshd_config:89 setting X11Forwarding yes > debug3: /var/openssh/etc/sshd_config:112 setting Subsystem sftp > /opt/libexec/sftp-server > debug1: sshd version OpenSSH_7.6, OpenSSL 1.0.2j? 26 Sep 2016 > ... > > debug1: session_new: session 0 > debug1: session_open: channel 0 > debug1: session_open: session 0: link with channel 0 > debug1: server_input_channel_open: confirm session > debug3: send packet: type 91 > debug3: receive packet: type 98 > debug1: server_input_channel_req: channel 0 request x11-req reply 1 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req x11-req > debug3: send packet: type 4 > debug3: send packet: type 100 > debug3: receive packet: type 98 > debug1: server_input_channel_req: channel 0 request pty-req reply 1 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req pty-req > debug1: Allocating pty. > debug1: session_pty_req: session 0 alloc /dev/pts/2 > debug3: send packet: type 99 > debug3: receive packet: type 98 > debug1: server_input_channel_req: channel 0 request shell reply 1 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req shell > > Again, thx for your time. > >> Thanks for you time! >> >> Michael >> >> _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev at mindrot.org >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >