Find the answer to your Linux question:
Results 1 to 6 of 6
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Exclamation ssh access denied

    Hi everybody!

    I'm trying to access from a PC running XP to a laptop running Red Hat (Red Hat Enterprise Linux WS release 4 (Nahant Update 4)).

    What I want to do is execute firefox(make it run on the laptop)from the PC. As far as I am concerned, I need to forwardX11 through the ssh session, so I need to have an ssh server on the laptop and a ssh client on the PC.

    I installed putty on the PC, and I was even able to open a ssh session but for some reason when I tried executing firefox nothing happened. I had previously enabled X11 forwarding under putty and I had added localhost:0 in the X display location box as well but it wasn't working anyway.

    So I installed openSSH and openSSL in the laptop (as I wasn't sure what ssh server I had previously, I don't know if I should have erased the previous ssh server... as you might start to guess, I'm a bit newbie...).
    After installing them, I did the following:

    I added this line into /etc/rc.d/rc.local:
    cp /usr/local/src/openssh-2.9p2/contrib/redhat/sshd.pam /etc/pam.d/sshd
    and in:
    I changed X11Forwarding no to X11Forwarding yes

    Finally I followed these instructions to create a key in the laptop:
    % ssh-keygen
    Generating public/private rsa1 key pair.
    Enter file in which to save the key (/Users/user/.ssh/identity):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /Users/user/.ssh/identity.
    Your public key has been saved in /Users/user/.ssh/
    The key fingerprint is:
    xxx user@host

    After all this mess, when I try to establish the ssh session I get:
    Access Denied.
    Even if I try ssh localhost from the laptop I get the same message.

    I don't know even where to start to look at, any ideas?

  2. #2
    Just Joined! Nautilus's Avatar
    Join Date
    Jun 2007
    London,UK and Athens,GR

    The first thing I would do is look at the logs off your ssh server (usually it logs in syslog.conf). This will give you more clues.

    Now, my guess in your case is that you don't have the right permissions on the files of your ~/.ssh (strange hey? YES, it defenitely matters what the permissions of your files in ~/.ssh are. Too strict permissions obviously don't allow the server to read the files, to loose permissions cause the ssh server to deny to move forward unless you fix this security hole). I am not sure if this is your case but defenitely this is a good match. So, these are the permissions on my home directory, if yours are not exactly the same change them to this:

    <username>@<hostnamr>:~$ ls -la .ssh/
    total 28
    drwxr-xr-x 2 username usergroup 106 Jan 2 10:10 .
    drwxr-xr-x 4 username usergroup 4096 Jan 28 2008 ..
    -rw------- 1 username usergroup 590 Jan 2 10:10 authorized_keys
    -rw------- 1 username usergroup 668 Jan 2 10:07 id_dsa
    -rw-r--r-- 1 username usergroup 608 Jan 2 10:07
    -r-------- 1 username usergroup 1671 Jan 2 10:02 id_rsa
    -r--r--r-- 1 username usergroup 400 Jan 2 10:02
    -rw-r--r-- 1 username usergroup 938 Jan 7 12:02 known_hosts

  3. #3
    Nautilus's post is important and may be why you are getting denied access. However, there is another problem that I saw. From what I could gather from your post, you don't have an X server running on your windows machine. You need one running on the client or you will get a message something like: "Could not find running x server..."

    I personally use xming: Xming X Server for Windows

    So the short checklist:

    1.) enable x11 forwarding in your ssh config file (don't forget to restart the ssh server after making those changes)
    2.) Start xming running on your windows machine
    3.) Connect via putty after turning on X forwarding
    4.) start firefox, it should use the running xming x server

    If you have done all of these things and it still isn't working then you should repost.
    Linux since: 2001
    Gentoo since: 2004
    - - - - - - - -
    I fix things until they break.

  4. $spacer_open
  5. #4
    Thanks for the indeas Nautilus!
    Anyway, I haven't fixed anything.
    First I checked this:
    root@uashost7:~/.ssh# ll
    total 4
    -rw-r--r-- 1 root root 223 Jan 22 07:53 known_hosts

    So it looks like yours but with less entries.

    Then I went to /etc/syslog, I hope it's useful for you, here is the content:
    # Log all kernel messages to the console.
    # Logging much else clutters up the screen.
    #kern.* /dev/console
    *.* @
    # Log anything (except mail) of level info or higher.
    # Don't log private authentication messages!
    *.info;mail.none;authpriv.none;cron.none /var/log/messages
    # The authpriv file has restricted access.
    authpriv.* /var/log/secure
    # Log all the mail messages in one place.
    mail.* -/var/log/maillog
    # Log cron stuff
    cron.* /var/log/cron
    # Everybody gets emergency messages
    *.emerg *
    # Save news errors of level crit and higher in a special file.
    uucp,news.crit /var/log/spooler
    # Save boot messages also to boot.log
    local7.* /var/log/boot.log

    Do you need any other information?
    Thank you very much!

  6. #5
    Ok, so I need X server installed. I'll do that, but anyway, first I need to fix the Access Denied problem. If you know any other thing that I should check please let me know.
    I'll try uninstalling openssh and openssl because it seems that the problem appeared after installing them.


  7. #6
    Just Joined! Nautilus's Avatar
    Join Date
    Jun 2007
    London,UK and Athens,GR
    Hi kokotx1981,

    Only now I got a chance to check the forum... Loads of work...

    So. I insist. What about your ~/.ssh directory ?

    root@uashost7:~/.ssh# ll
    total 4
    -rw-r--r-- 1 root root 223 Jan 22 07:53 known_hosts
    So it looks like yours but with less entries.
    If you executed ssh-keygen how comes you haven't got your keys in there (id_rsa, etc)? With ssh-keygen you generate the keys in one host for a particular user. The private keys you keep them where they are (e.g. id_rsa). The public keys (e.g. you distribute it to the ~/.ssh directory and you copy their content into authorized_keys. And you make sure they have no more or no less permissions than they should. Try to google for more details on that.

    After this you should be able to ssh without the need of being asked a password in ssh. After this, follow sdimhoff's instructions and you should be ok.

    I hope this helps and I am not too late!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts