sshd升級(jí)為openssh5.2后，遠(yuǎn)程使用X11-forwarding失敗

sopato

確認(rèn)配置肯定是沒(méi)有問(wèn)題的，不知大家有沒(méi)有遇到同樣的問(wèn)題，謝謝。以前用SUN SSH 1.1是一直O(jiān)K的。\r\n\r\n附配置：\r\n\r\n#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $\r\n\r\n# This is the sshd server system-wide configuration file.  See\r\n# sshd_config(5) for more information.\r\n\r\n# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin\r\n\r\n# The strategy used for options in the default sshd_config shipped with\r\n# OpenSSH is to specify options with their default value where\r\n# possible, but leave them commented.  Uncommented options change a\r\n# default value.\r\n\r\nPort 22\r\n#AddressFamily any\r\n#ListenAddress 0.0.0.0\r\n#ListenAddress ::\r\n\r\n# Disable legacy (protocol version 1) support in the server for new\r\n# installations. In future the default will change to require explicit\r\n# activation of protocol 1\r\nProtocol 2\r\n\r\n# HostKey for protocol version 1\r\n#HostKey /usr/local/etc/ssh_host_key\r\n# HostKeys for protocol version 2\r\nHostKey /usr/local/etc/ssh_host_rsa_key\r\nHostKey /usr/local/etc/ssh_host_dsa_key\r\n\r\n# Lifetime and size of ephemeral version 1 server key\r\n#KeyRegenerationInterval 1h\r\nServerKeyBits 768\r\n\r\n# Logging\r\n# obsoletes QuietMode and FascistLogging\r\nSyslogFacility AUTH\r\nLogLevel INFO\r\n\r\n# Authentication:\r\n\r\n#LoginGraceTime 2m\r\nPermitRootLogin yes\r\nStrictModes yes\r\nMaxAuthTries 6\r\n#MaxSessions 10\r\n\r\nRSAAuthentication yes\r\nPubkeyAuthentication yes\r\nAuthorizedKeysFile      .ssh/authorized_keys\r\n\r\n# For this to work you will also need host keys in /usr/local/etc/ssh_known_hosts\r\nRhostsRSAAuthentication no\r\n# similar for protocol version 2\r\nHostbasedAuthentication no\r\n# Change to yes if you don\'t trust ~/.ssh/known_hosts for\r\n# RhostsRSAAuthentication and HostbasedAuthentication\r\n#IgnoreUserKnownHosts no\r\n# Don\'t read the user\'s ~/.rhosts and ~/.shosts files\r\nIgnoreRhosts yes\r\n\r\n# To disable tunneled clear text passwords, change to no here!\r\nPasswordAuthentication yes\r\nPermitEmptyPasswords no\r\n\r\n# Change to no to disable s/key passwords\r\n#ChallengeResponseAuthentication yes\r\n\r\n# Kerberos options\r\n#KerberosAuthentication no\r\n#KerberosOrLocalPasswd yes\r\n#KerberosTicketCleanup yes\r\n#KerberosGetAFSToken no\r\n\r\n# GSSAPI options\r\n#GSSAPIAuthentication no\r\n#GSSAPICleanupCredentials yes\r\n\r\n# Set this to \'yes\' to enable PAM authentication, account processing, \r\n# and session processing. If this is enabled, PAM authentication will \r\n# be allowed through the ChallengeResponseAuthentication and\r\n# PasswordAuthentication.  Depending on your PAM configuration,\r\n# PAM authentication via ChallengeResponseAuthentication may bypass\r\n# the setting of \"PermitRootLogin without-password\".\r\n# If you just want the PAM account and session checks to run without\r\n# PAM authentication, then enable this but set PasswordAuthentication\r\n# and ChallengeResponseAuthentication to \'no\'.\r\n#UsePAM no\r\n\r\nAllowAgentForwarding yes\r\nAllowTcpForwarding yes\r\nGatewayPorts yes\r\nX11Forwarding yes\r\nX11DisplayOffset 10\r\nX11UseLocalhost yes\r\nPrintMotd yes\r\nPrintLastLog yes\r\nTCPKeepAlive yes\r\n#UseLogin no\r\n#UsePrivilegeSeparation yes\r\n#PermitUserEnvironment no\r\n#Compression delayed\r\n#ClientAliveInterval 0\r\n#ClientAliveCountMax 3\r\n#UseDNS yes\r\n#PidFile /var/run/sshd.pid\r\n#MaxStartups 10\r\nPermitTunnel yes\r\n#ChrootDirectory none\r\n\r\n# no default banner path\r\n#Banner none\r\n\r\n# override default of no subsystems\r\nSubsystem       sftp    /usr/local/libexec/sftp-server\r\n\r\n# Example of overriding settings on a per-user basis\r\n#Match User anoncvs\r\n#       ForceCommand cvs server