Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 17 Jul 2018, 21:02
All times are UTC - 4
 Forum index » Off-Topic Area » Security
XSecurty, SSH, XDMCP, xauth, etc.
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 2 [17 Posts]   Goto page: Previous 1, 2
Author Message
s243a

Joined: 02 Sep 2014
Posts: 1102

PostPosted: Sat 12 May 2018, 04:23    Post subject:  

So, I got something more working with ssh. Here's a draft tutorial (Will post an actual tutorial when I figure everything out). Right now, I'm doing ssh XForwarding on my local machine and displaying on a Xephry window. The distribution I'm using is tahrpup. The point of this is to experiment with ssh XForwarding on a single machine, but it could also have applications for setting up chroot environments.

Here are the steps:
1. install openSSH via the puppy package manager.
2. optionally install xauth from the puppy package manager #May not be necessary. Need to experiment more.
3. install Xephyr from the puppy package manager.
4. install twm from the puppy package manager #Not necessary but it will work better for this than jwm.
5. edit /etc/hosts.allow as follows:
Code:

ALL: LOCAL
ALL: 127.0.0.1


the blank line at the end of the file is necessary.
Configure your ssh client and server. My configuration files are:
/etc/ssh/sshd_config #for the server
/etc/ssh/ssh_config #for the client

clink on the above links to see my configuration. My configureation files at this point are fairly permissive because I'm just trying to get things working.

6. Start Xephyr. Here is the script that I created to do so:
Code:

#!/bin/bash
set -xv
exec &> /mnt/sdc6/start_Xephyr.log
export HOME=${HOME:-/root}
export NESTDISPLAY=${NESTDISPLAY:-':10'}
export DISPLAY=${DISPLAY:-':0'}
exec /usr/bin/Xephyr \
  -ac "$NESTDISPLAY" -screen 768X768 -reset -terminate  \
  -nolisten inet6 -keybd ephyr,,,xkbmodel=pc102,xkblayout=us,xkbrules=xorg,xkboption=keypad:pointerkeys,terminate:ctrl_alt_bksp

use "setxkbmap -query " to adapt the script to your keyboard. Also as noted above for better security remove the -ac option and specify the location of the Xautority file. However, it might be better to try to make things work first before tightening up the security.

7. Start the ssh server:
Code:

/etc/init.s/ssh start


8. Connect to the ssh server
Code:

ssh -Y root@127.0.0.1

Either the -Y or -X option should work to give X11 Forwarding but in my case it isn't doing anything because I get this error:
Code:

Warning: No xauth data; using fake authentication data for X11 forwarding.
X11 forwarding request failed on channel 0

You can try doing the following before logging in with ssh
Code:

export DISPLAY=:10

but this didn't work for me. All is not lost. Make sure the display variable is set with the above export statment and then type
Code:

twm & #if you want you can use a different window manager such as jwm but twm is better here.

and hit enter twice.

It seems that in an ssh shell I have to start the window manager first but if I do it in a regular console the order doesn't seem to mater. You can now start other aps:
Code:

geany &

or
Code:

rox &

I'll figure out later how to start them without having to press enter twice.
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 1102

PostPosted: Wed 16 May 2018, 01:57    Post subject:  

Some notes for me. You can see which ports are being used by X11 as follows:
Code:

root# netstat -atunp
Proto Recv-Q Send-Q Local Address  Foreign Address  State   PID/Program name
tcp        0      0 0.0.0.0:6010   0.0.0.0:*        LISTEN  24423/Xephyr

https://askubuntu.com/questions/90920/xdmcp-setup-for-lightdm-ports-not-listening

I was able to solve some errors with xauth by adding
to ~/.profile the following:
Code:

case $DISPLAY:$XAUTHORITY in
  :*:?*)
    # DISPLAY is set and points to a local display, and XAUTHORITY is
    # set, so merge the contents of `$XAUTHORITY` into ~/.Xauthority.
    XAUTHORITY=~/.Xauthority xauth merge "$XAUTHORITY";;
esac

https://unix.stackexchange.com/questions/10121/open-a-window-on-a-remote-x-display-why-cannot-open-display/10126#10126

If I start Xephyr on display :10 ssh forwarding seems to use the next available display for the forwarding. So if my sshoffset is 10, then DISPLAY=:11 would be the next available. The display variable looks like this
Code:

echo "$DISPLAY"
puppypc25156:11.0


which is in the format (HOSTNAME:DISPLAY:SCREEN).

This isn't a valid format for the display input to Xephyr. Rather Xephyr should be called like
Code:

Xephyr :11

if we actually wanted to use display 11, which we don't. One could get the host name as follows:
Code:

NESTDISPLAY=":${DISPLAY##*:}"

and IP address as follows:
Code:

IP_Addr=$(getent -i hosts ${NESTDISPLAY%%:*} | cut -d$' ' -f1)

https://serverfault.com/questions/498500/why-does-the-host-command-not-resolve-entries-in-etc-hosts
Note that the host command won't work because it doesn't look in your host file. Instead it does a direct DNS lookup, and even if you installed either bind or dig, the host command won't work because the libgost.so library is missing from the openssh package in tahrpup. This can be fixed by installing libssl1.0.0 from ubuntu.com but as I noted wouldn't be what we want anyway.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 2 [17 Posts]   Goto page: Previous 1, 2
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0367s ][ Queries: 11 (0.0079s) ][ GZIP on ]