[EMAIL PROTECTED] (Boyd Moore) wrote in message news:<[EMAIL PROTECTED]>... > Peter Cordes <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>... > > On Thu, Jul 31, 2003 at 02:17:46PM -0700, Boyd Moore wrote: > > > I have two Debian systems behind a Linksys router, with the router > > > blocking everything except returning packets. One system is debian > > > "stable" (Woody), the other "unstable" (Sid). I have read > > > through just about all the PAM docs and the Debian Security Docs, but > > > still > > > haven't been able to find out how to make Sid allow Woody, for > > > example, start an X session as a remote host - I have tried all the > > > ideas that were given. > > > > Huh, are you asking about XDM? I'm really not sure what you want to do. > > If you want to be able to run X programs on the other machine, and have them > > display on your X desktop, use ssh -X, or make forwardX11 the default for > > that host. If you want the window manager and everything to be running on > > the other machine, then I guess you want XDM, but you can't use encryption > > for that. > > Well, it was really two issues here: one about XDM and the other about ssh. > > > > > > For a while, before I updated the Sid system using dselect, I at least > > > had ssh working both ways. But now I can only ssh to Woody from Sid; > > > not the other direction. I've checked all the config files and can't > > > find > > > where it is stopping. I get the message: "ssh exchange identification: > > > Connection closed by remote host" > > > > Check /etc/hosts.allow. Put in a sshd: ALL line. > > Thanks. That fixed ssh. > > > > > > > > I would really like these two systems to trust each other with just > > > the "host.equiv" and .rhosts files set, even though that is unsafe on > > > a system exposed to the world. But for the type work I am doing, that > > > is not a problem. > > > > You should use ssh-keygen to create a keypair on each machine, and copy the > > public key from the machine you generated it on to the other machine. This > > allows quick passwordless authentication. It does only work on a > > per-account basis, not a machine-wide thing like hosts.equiv. (SSH does > > support .shosts/.rhosts, if you enable it in the config and make > > /usr/bin/ssh (not sshd) setuid root, so it can bind to a port below 1024 (to > > prove that it is trusted). If you really don't care about security, you can > > just install rlogin. I always use ssh even on my trusted LAN at home > > (except for big file transfers) because one tool for everything is easier. > > > > I thought I had rlogin, but I see it is pointing to /etc/alternatives... > You have given me another avenue to search. > Thanks again. > > > -- > > #define X(x,y) x##y > > Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) > > > > "The gods confound the man who first found out how to distinguish the hours! > > Confound him, too, who in this place set up a sundial, to cut and hack > > my day so wretchedly into small pieces!" -- Plautus, 200 BC > > > > -- > > Boyd
Well I did have rlogin, that is it points to netkit-rlogin. I finally got rsh to work by commenting out the ALL: PARANOID line in hosts.deny. I thought that the hosts.allow overrode the hosts.deny, but apparently they have reversed the priority. Now rsh, rlogin, etc. works, but still not remote X windows. I have gone through the xauth routine to make sure the .Xauthority files are the same for the same user on both hosts. And I have set the xhost + on both machines, but I always get the "Can't open display ..." message. Thanks if you can help Boyd
