can't open display : (on Linux rlogin to SGI)

Hello,


When I try to open a GUI (using rsh) on SGI while on Linux, I
am told :

can't open display.

I did a "xhost SGI_computer" before I went to Linux.

The /etc/hosts file has an entry for the SGI.

And, the .rhosts file on SGI has an entry for the Linux computer.

What can I do to open the GUI?


Thank you,
Christopher Lusardi

Le Thu, 28 Apr 2005 10:21:31 -0700, clusardi2k a écrit*:
[color=blue]
>
> What can I do to open the GUI?[/color]

Use "ssh -X" instead of rlogin/rsh. rlogin/rssh shouldn't be used anymore,
never. And "ssh -X" would setup the X forwarding automatically for you.

--
Il y a toujours un bug de plus.
Loi de Lubarsky.

In article <pan.2005.04.28.19.20.04.11996@imaginet.fr>, Emmanuel Florac wrote:[color=blue]
> Le Thu, 28 Apr 2005 10:21:31 -0700, clusardi2k a écrit*:
>[color=green]
>>
>> What can I do to open the GUI?[/color]
>
> Use "ssh -X" instead of rlogin/rsh. rlogin/rssh shouldn't be used anymore,
> never. And "ssh -X" would setup the X forwarding automatically for you.[/color]

Once again, there is nothing wrong with rlogin/rsh in a trusted, secure
network... Never say never :)

Kevin

--
Unix Guy Consulting, LLC
Unix and Linux Automation, Shell, Perl and CGI scripting
[url]http://www.unix-guy.com[/url]

I forgot to add that I do not want to enter a password by using ssh -X
<host> -l <userid>

If you can, please, explain to me in a step by step method of how to
use secure shell without
entering a password. (I bet one cent that I probably woun't get it to
work!)

Thank you,
Christopher Lusardi

Hi,

<clusardi2k@aol.com> wrote:
[color=blue]
> I forgot to add that I do not want to enter a password by using ssh -X
> <host> -l <userid>[/color]

You can use SSH with public key authentication and without a passphrase.
[color=blue]
> If you can, please, explain to me in a step by step method of how to use
> secure shell without entering a password.[/color]

There are a lot of ressource available on thet that subject, google
shows things like <http://www.onlamp.com/pub/a/onlamp/excerpt/ssh_8/> or
<http://www.noah.org/ssh/publickey/>. Have a look at it.


Regards,

Dominik.

It still asks me for a password. Here is what I did. You tell me what
I did wrong?

(1) On SGI and Linux type:
ssh-keygen -t rsa
(2) (Both accepting the defaults and entering a "paraphase" met with
the same exact results!)
(3) I now have 3 files on the SGI system. They are

id_rsa
id_rsa.pub
known_hosts
(4)I now have 2 files on the Linux system. They are

id_rsa
id_rsa.pub
(5)I take the id_rsa.pub file on SGI and put it on Linux, but I rename
the file to ~user/.ssh/authroized_keys.
(6)I should be done and ready to use it, right.
(7)I type
ssh user@linux_box date
(8)It tells me
Warning: the RSA host key for 'linux_box' differs from the key for IP
address '...'
Offending key for IP is /usr/people/clusardi/.ssh/known_hosts:5
Matching host key in /usr/people/clusardi/.ssh/known_hosts:8
Are you sure you want to continue connecting (yes/no)? yes
password ########

(9)Note: The remote account is in directory /home/clusardi/.

Does SGI big endian and Linux little endian have anything to do with
it?

Thanks,
Christopher Lusardi

It still asks me for a password. Here is what I did. You tell me what
I did wrong?


(1) On SGI and Linux type:
ssh-keygen -t rsa
(2) (Both accepting the defaults and entering a "paraphase" met with
the same exact results!)
(3) I now have 3 files on the SGI system. They are
id_rsa
id_rsa.pub
known_hosts
(4)I now have 2 files on the Linux system. They are
id_rsa
id_rsa.pub
(5)I take the id_rsa.pub file on SGI and put it on Linux, but I rename
the file to ~user/.ssh/authroized_keys.
(6)I should be done and ready to use it, right.
(7)I type
ssh user@linux_box date
(8)It tells me
Warning: the RSA host key for 'linux_box' differs from the key for IP
address '...'
Offending key for IP is /usr/people/clusardi/.ssh/know*n_hosts:5
Matching host key in /usr/people/clusardi/.ssh/know*n_hosts:8
Are you sure you want to continue connecting (yes/no)? yes
password ########

(9)Notes: The remote account is in directory /home/clusardi/. And,
there is no known_hosts file any where on the Linux computer.

Does SGI big endian and Linux little endian have anything to do with
it?

I tried pasting and copying (via shared drive) the key over to Linux. I
compared the files with vi and diff. In vi, I did a set list to compare
control chararacters. The files appear to be the same.

Thanks,
Christopher Lusardi

Hi,

<clusardi2k@aol.com> wrote:
[color=blue]
> (2) (Both accepting the defaults and entering a "paraphase" met with
> the same exact results!)[/color]

No, you don't use a passphrase. Just hit <return>, when you are asked
for it during key generation.
[color=blue]
> (3) I now have 3 files on the SGI system. They are
> id_rsa
> id_rsa.pub
> known_hosts
> (4)I now have 2 files on the Linux system. They are
> id_rsa
> id_rsa.pub[/color]

You only need to create one pair of keys, if you just want to connect
from your Linux box to the SGI.
[color=blue]
> (7)I type
> ssh user@linux_box date[/color]

So you want to connect from your SGI? If you created new machine keys,
you might have to clean up your '~/.ssh/known_hosts'.
[color=blue]
> (8)It tells me
> Warning: the RSA host key for 'linux_box' differs from the key for IP
> address '...'
> Offending key for IP is /usr/people/clusardi/.ssh/known_hosts:5
> Matching host key in /usr/people/clusardi/.ssh/known_hosts:8[/color]

.... see above.
[color=blue]
> Are you sure you want to continue connecting (yes/no)? yes
> password ########[/color]

Is that your login or your SSH passphrase? If it's the latter one, you
need to create a new pair of keys without a passphrase.
[color=blue]
> (9)Notes: The remote account is in directory /home/clusardi/. And,
> there is no known_hosts file any where on the Linux computer.[/color]

You get one, if you login from your Linux box to another machine.
[color=blue]
> Does SGI big endian and Linux little endian have anything to do with
> it?[/color]

No.
[color=blue]
> I tried pasting and copying (via shared drive) the key over to Linux. I
> compared the files with vi and diff. In vi, I did a set list to compare
> control chararacters. The files appear to be the same.[/color]

You can also use 'scp', as SSH is already working.


Regards,

Dominik.

In article <1114796567.594875.168860@f14g2000cwb.googlegroups.com>,
[email]clusardi2k@aol.com[/email] wrote:

: (5)I take the id rsa.pub file on SGI and put it on Linux, but I rename
: the file to ~user/.ssh/authroized keys.

Double-check the permissions of the .ssh folder, its contents, your home
directory, and all directories above it. If SSH finds that the directories are
group or world writeable it'll ignore the keys and force you to enter your
password.

This is so someone else can't drop their key into your authorized_keys file and
ssh into the system as you.


Cheers - Tony 'Nicoya' Mantler :)

--
Tony 'Nicoya' Mantler -- Master of Code-fu -- [email]nicoya@ubb.ca[/email]
-- [url]http://nicoya.feline.pp.se/[/url] -- [url]http://www.ubb.ca/[/url] --

>From: Tony 'Nicoya' Mantler <nic...@ubb.ca> - Find messages by this
author[color=blue]
>Date: Fri, 29 Apr 2005 23:42:41 GMT
>Local: Fri,Apr 29 2005 4:42 pm
>Subject: Re: can't open display : (on Linux rlogin to SGI)[/color]
[color=blue]
>Double-check the permissions of the .ssh folder, its contents, your[/color]
home[color=blue]
>directory, and all directories above it. If SSH finds that the[/color]
directories are[color=blue]
>group or world writeable it'll ignore the keys and force you to enter[/color]
your[color=blue]
>password.[/color]

This worked for me, many thanks.

Christopher Lusardi

This is so someone else can't drop their key into your authorized_keys
file and
ssh into the system as you.

Cheers - Tony 'Nicoya' Mantler :)
--
Tony 'Nicoya' Mantler -- Master of Code-fu -- nic...@ubb.ca
-- [url]http://nicoya.feline.pp.se/[/url] -- [url]http://www.ubb.ca/[/url] --

clusard...@aol.com May 2, 5:36 am show options

Newsgroups: comp.unix.questions, comp.sys.sgi.misc
From: clusard...@aol.com - Find messages by this author
Date: 2 May 2005 05:36:15 -0700
Local: Mon,May 2 2005 5:36 am
Subject: Re: can't open display : (on Linux rlogin to SGI)
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Remove | Report Abuse


[color=blue]
>From: Tony 'Nicoya' Mantler <nic...@ubb.ca> - Find messages by this[/color]
author[color=blue]
>Date: Fri, 29 Apr 2005 23:42:41 GMT
>Local: Fri,Apr 29 2005 4:42 pm
>Subject: Re: can't open display : (on Linux rlogin to SGI)
>Double-check the permissions of the .ssh folder, its contents, your[/color]
home[color=blue]
>directory, and all directories above it. If SSH finds that the[/color]
directories are[color=blue]
>group or world writeable it'll ignore the keys and force you to enter[/color]
your[color=blue]
>password.[/color]

This worked for me, only one-way.

On Onyx it worked:

ssh clusardi@linux_box date
....

But, going the other way it didn't appear to work.

On Linux it failed:

ssh clusardi@onyx date
ssh: connect to host onyx port 22 : Connection refused

Christopher Lusardi
[color=blue]
>This is so someone else can't drop their key into your authorized_keys[/color]
[color=blue]
>file and
>ssh into the system as you.
>Cheers - Tony 'Nicoya' Mantler :)[/color]

Tony 'Nicoya' Mantler wrote:[color=blue]
> In article <1114796567.594875.168860@f14g2000cwb.googlegroups.com>,
> [email]clusardi2k@aol.com[/email] wrote:
>
> : (5)I take the id rsa.pub file on SGI and put it on Linux, but I[/color]
rename[color=blue]
> : the file to ~user/.ssh/authroized keys.
>
> Double-check the permissions of the .ssh folder, its contents, your[/color]
home[color=blue]
> directory, and all directories above it. If SSH finds that the[/color]
directories are[color=blue]
> group or world writeable it'll ignore the keys and force you to enter[/color]
your[color=blue]
> password.
>
> This is so someone else can't drop their key into your[/color]
authorized_keys file and[color=blue]
> ssh into the system as you.
>
>
> Cheers - Tony 'Nicoya' Mantler :)
>[/color]

This worked for me, only one-way.

On Onyx it worked:

ssh clusardi@linux_box date
....

But, going the other way it didn't appear to work.

On Linux it failed:

ssh clusardi@onyx date
ssh: connect to host onyx port 22 : Connection refused

Christopher Lusardi

Hi,

<clusardi2k@aol.com> wrote:
[color=blue]
> This worked for me, only one-way.
>
> [...]
>
> ssh clusardi@onyx date
> ssh: connect to host onyx port 22 : Connection refused[/color]

That probably isn't a problem with your certificates, it looks like some
kind of firewall, non-working portforwarding or sshd not running. You
might want to check that ... .


Regards,

Dominik.

Dominik Schlütter wrote:[color=blue]
> Hi,
>
> <clusardi2k@aol.com> wrote:
>[color=green]
> > This worked for me, only one-way.
> >
> > [...]
> >
> > ssh clusardi@onyx date
> > ssh: connect to host onyx port 22 : Connection refused[/color]
>
> That probably isn't a problem with your certificates, it looks like[/color]
some[color=blue]
> kind of firewall, non-working portforwarding or sshd not running. You
> might want to check that ... .[/color]

I used chkconfig to turn the SGI and Linux options on, but I still
get the same error message:

SGI before:

fw_sshd off

SGI after

fw_ssh on

-----------

Linux before:
ssh 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Linux after:
ssh 0:on 1:on 2:on 3:on 4:on 5:on 6:on

Christopher Lusardi

A little more information about my problem follows.

ssh -v clusardi@onyx date
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted
debug1: Connecting to onyx [...] port 22
debug1: connect to address ... port: Connection refused
ssh: connect to host onyx port 22: Connection refused

Note: I received a similar error with telnet.

telnet onyx 22
telnet: Unable to connect to remote host: Connection refused

Christopher Lusardi

In article <1115040483.094437.11340@l41g2000cwc.googlegroups.com>,
[email]clusardi2k@aol.com[/email] wrote:

: ssh: connect to host onyx port 22 : Connection refused

sshd obviously isn't running on your Onyx. Please review the steps you used when
installing ssh on your Onyx, you most likely missed configuring and starting the
sshd daemon, and probably also missed generating a set of host keys.

These steps are not automatic, sadly.


Cheers - Tony 'Nicoya' Mantler :)

--
Tony 'Nicoya' Mantler -- Master of Code-fu -- [email]nicoya@ubb.ca[/email]
-- [url]http://nicoya.feline.pp.se/[/url] -- [url]http://www.ubb.ca/[/url] --

Tony 'Nicoya' Mantler wrote:[color=blue]
> In article <1115040483.094437.11340@l41g2000cwc.googlegroups.com>,
> [email]clusardi2k@aol.com[/email] wrote:
>
> : ssh: connect to host onyx port 22 : Connection refused
>
> sshd obviously isn't running on your Onyx. Please review the steps[/color]
you used when[color=blue]
> installing ssh on your Onyx, you most likely missed configuring and[/color]
starting the[color=blue]
> sshd daemon, and probably also missed generating a set of host keys.
>
> These steps are not automatic, sadly.[/color]

I've never started a daemon before. How do I start sshd on SGI,
properly?

Please be descriptive in your step by step directions. (As I'm about as
novice as one can be without being ignorant! I don't want to wait
months to get it done.)

Thank you,
Christopher Lusardi

In comp.sys.sgi.misc [email]clusardi2k@aol.com[/email] wrote:

[....][color=blue]
> I've never started a daemon before. How do I start sshd on SGI,
> properly?[/color]

Hm, edit file /etc/config/sshd and change the 'no' in there to 'yes'? Or
am I completely wrog. Do not forget to check the config files in
directory /etc/openssh/ - of course you have to install the ssh package
first, if not already done.

Toni
(xp&fup2cssm)
--
I am root. If you see me laughing you better have a backup.

[email]clusardi2k@aol.com[/email] wrote:
[color=blue]
> Tony 'Nicoya' Mantler wrote:[color=green]
>> In article <1115040483.094437.11340@l41g2000cwc.googlegroups.com>,
>> [email]clusardi2k@aol.com[/email] wrote:
>>
>> : ssh: connect to host onyx port 22 : Connection refused
>>
>> sshd obviously isn't running on your Onyx. Please review the steps[/color]
> you used when[color=green]
>> installing ssh on your Onyx, you most likely missed configuring and[/color]
> starting the[color=green]
>> sshd daemon, and probably also missed generating a set of host keys.
>>
>> These steps are not automatic, sadly.[/color]
>
> I've never started a daemon before. How do I start sshd on SGI,
> properly?
>
> Please be descriptive in your step by step directions. (As I'm about as
> novice as one can be without being ignorant! I don't want to wait
> months to get it done.)
>
> Thank you,
> Christopher Lusardi[/color]

If you don't want to/can't get sshd running on the Onyx, and you're working
over a relatively secure network, rsh/rlogin is fine.

Some Linux distros. have removed the ability from the X server to accept
network connections, instead making it only listen on a UNIX domain socket
(probably /tmp/.X11-unix/X0). Ssh can be used to tunnel X and open the UNIX
domain socket locally, so it all works relatively seamlessly.

To get XFree86 to listen on the network will depend on which distro you are
using. For RH distros you need to edit the file /etc/X11/gdm/gdm.conf and
change the line "DisallowTCP=true" to "DisallowTCP=false". Then restart X.

However, you should realize that now your traffic (including X) will be sent
over the network unencrypted - everything you type into a remote terminal
shell, remote dialog box etc. can be captured. Also, your X display itself
may be compromised, and clients can potentially hijack all events including
keystrokes. The chance of this happening is fairly minimal, but it's
definitely greater than zero. Whatever you do don't use a plain 'xhost +',
even 'xhost +host' is quite dangerous as any user logged into 'host' can
connect to your X server; use xauth instead.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : [email]nmw@ion.le.ac.uk[/email]
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555

Once again you are correct in your analysis of the problem, hooray!

This is what I did:

1) Added another /etc/passwd nobody entry

Originally had only,
nobody:x:6003:6001:original nobody uid:/dev/null/:/dev/null

Now is,
nobody:x:6001:6001:original nobody uid:/dev/null/:/dev/null
nobody:x:6003:6001:original nobody uid:/dev/null/:/dev/null

2) Started ssh demon with

/etc/init.d/fw_sshd start

Thank you,
Christopher Lusardi