ssh X forwarding fails with Linux VPS (Virtual Server) - SSH

This is a discussion on ssh X forwarding fails with Linux VPS (Virtual Server) - SSH ; Hello, I cannot achieve X tunneling when I ssh into a remote system running Xeon virtualization software. Does the virtualization software carry any bearing on ssh? What can I do to fix the problem? Thank you in advance. Pan Am ...

+ Reply to Thread
Results 1 to 11 of 11

Thread: ssh X forwarding fails with Linux VPS (Virtual Server)

  1. ssh X forwarding fails with Linux VPS (Virtual Server)

    Hello,

    I cannot achieve X tunneling when I ssh into a remote system running Xeon
    virtualization software. Does the virtualization software carry any
    bearing on ssh? What can I do to fix the problem? Thank you in advance.

    Pan Am

    ---
    Details:
    FC4, OpenSSH_4.2p1, OpenSSL 0.9.7f are installed on both local and remote
    X forwarding works ok from local host to other systems,
    "X11Forwarding yes" is set on vps sshd_config
    In local shell xterm works fine (echo $DISPLAY returns :0.0 )
    On remote vps system echo $DISPLAY is unset

    ssh -l john -vv -X IP_of_VPS xterm fails with following log:

    debug1: Host '.....' is known and matches the RSA host key.
    Cannot determine realm for numeric host address
    debug1: Next authentication method: password

    debug1: Requesting X11 forwarding with authentication spoofing.
    debug2: channel 0: request x11-req confirm 0
    debug2: client_session2_setup: id 0
    debug1: Sending command: xterm
    debug2: channel 0: rcvd ext data 37
    xterm Xt error: Can't open display:


    I then tried to set "X11UseLocalhost no" in remote sshd, to no avail:

    Cannot determine realm for numeric host address
    Authentication succeeded (password).
    Requesting X11 forwarding with authentication spoofing.
    /usr/X11R6/bin/xauth: creating new authority file /home/admin/.Xauthority
    /usr/X11R6/bin/xauth: (stdin):1: bad display name "vm99:10.0" in "remove"
    SocketINETConnect() can't get address for vm07:6010: Name or service not
    known xterm Xt error: Can't open display: vm99:10.0






    *** Free account sponsored by SecureIX.com ***
    *** Encrypt your Internet usage with a free VPN account from http://www.SecureIX.com ***

  2. Re: ssh X forwarding fails with Linux VPS (Virtual Server)

    On 2006-03-02, Pan Am wrote:
    > I cannot achieve X tunneling when I ssh into a remote system running Xeon
    > virtualization software. Does the virtualization software carry any
    > bearing on ssh?


    Probably not.

    [...]
    > debug1: Requesting X11 forwarding with authentication spoofing.
    > debug2: channel 0: request x11-req confirm 0
    > debug2: client_session2_setup: id 0
    > debug1: Sending command: xterm
    > debug2: channel 0: rcvd ext data 37
    > xterm Xt error: Can't open display:


    Is something in the shell startup trashing $DISPLAY? Does "xauth list"
    show any entries?

    [...]
    > /usr/X11R6/bin/xauth: (stdin):1: bad display name "vm99:10.0" in "remove"
    > SocketINETConnect() can't get address for vm07:6010: Name or service not
    > known xterm Xt error: Can't open display: vm99:10.0


    Now that looks like a garden-variety name service misconfiguration. Check
    if your host's IP is listed in /etc/hosts and/or the DNS.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  3. Re: ssh X forwarding fails with Linux VPS (Virtual Server)

    On Thu, 02 Mar 2006 12:37:50 +0000, Darren Tucker wrote:
    >
    > Is something in the shell startup trashing $DISPLAY?
    > Does "xauth list" show any entries?
    > if your host's IP is listed in /etc/hosts and/or the DNS.


    Apparently no startup trashing occurs.
    Indeed the VPS came without any /etc/hosts
    I have added the following:
    127.0.0.1 localhost.localdomain localhost
    nnn.nn.nnn.nnn vm07

    it's getting better, but I am not there yet...

    ssh -l admin -vv -X nnn.nn.nnn.nnn

    ---- WITH X11UseLocalhost no ---------------------------------------
    debug1: Requesting X11 forwarding with authentication spoofing.
    debug2: channel 0: request x11-req confirm 0
    debug2: client_session2_setup: id 0
    debug2: channel 0: request pty-req confirm 0
    debug2: channel 0: request shell confirm 0
    debug2: fd 3 setting TCP_NODELAY
    debug2: callback done
    debug2: channel 0: open confirm rwindow 0 rmax 32768
    debug2: channel 0: rcvd adjust 131072

    [admin@vm07 ~]$ echo $DISPLAY
    vm07:12.0

    [admin@vm07 ~]$ xauth list
    vm07:12 MIT-MAGIC-COOKIE-1 jh45kj.........

    [admin@vm07 ~]$ xterm
    xterm Xt error: Can't open display: vm07:12.0




    ---- WITH X11UseLocalhost yes ------
    debug2: callback done
    debug2: channel 0: open confirm rwindow 0 rmax 32768
    debug2: channel 0: rcvd adjust 131072

    [admin@vm07 ~]$ echo $DISPLAY

    [admin@vm07 ~]$

    *** Free account sponsored by SecureIX.com ***
    *** Encrypt your Internet usage with a free VPN account from http://www.SecureIX.com ***

  4. Re: ssh X forwarding fails with Linux VPS (Virtual Server)

    On Thu, 02 Mar 2006 15:37:07 +0100, Pan Am wrote:

    > it's getting better, but I am not there yet...


    following up on my previous message...

    [admin@vm07 ~]$ strace xterm
    [...]
    connect(3, {sa_family=AF_INET, sin_port=htons(6010),
    sin_addr=inet_addr("NNN.NN.NNN.NNN")}, 16) = -1 EINVAL (Invalid argument)
    close(3) = 0
    [...]

    where NNN.NN.NNN.NNN is the IP of the VPS.
    what does that say?

    thank you.




    *** Free account sponsored by SecureIX.com ***
    *** Encrypt your Internet usage with a free VPN account from http://www.SecureIX.com ***

  5. Re: ssh X forwarding fails with Linux VPS (Virtual Server)

    On 2006-03-02, Pan Am wrote:
    > On Thu, 02 Mar 2006 15:37:07 +0100, Pan Am wrote:

    [from an earlier message]
    > ---- WITH X11UseLocalhost yes ------
    > debug2: callback done
    > debug2: channel 0: open confirm rwindow 0 rmax 32768
    > debug2: channel 0: rcvd adjust 131072
    > [admin@vm07 ~]$ echo $DISPLAY


    Do you have a loopback interface, is it correctly configured for
    127.0.0.1 and is it up?

    > [admin@vm07 ~]$ strace xterm
    > [...]
    > connect(3, {sa_family=AF_INET, sin_port=htons(6010),
    > sin_addr=inet_addr("NNN.NN.NNN.NNN")}, 16) = -1 EINVAL (Invalid argument)
    > close(3) = 0
    > [...]
    >
    > where NNN.NN.NNN.NNN is the IP of the VPS.
    > what does that say?


    It says that something's broken but exactly what is not obvious.

    The Linux man pages don't document what can cause connect(2) to fail with
    EINVAL. I'd check things like outbound firewall rules and/or oddball
    kernel options.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  6. Re: ssh X forwarding fails with Linux VPS (Virtual Server)

    >
    > On Thu, 02 Mar 2006 15:37:07 +0100, Pan Am wrote:
    > > it's getting better, but I am not there yet...

    >
    > following up on my previous message...
    >
    > [admin@vm07 ~]$ strace xterm
    > [...]
    > connect(3, {sa_family=AF_INET, sin_port=htons(6010),
    > sin_addr=inet_addr("NNN.NN.NNN.NNN")}, 16) = -1 EINVAL (Invalid argument)
    > close(3) = 0
    > [...]
    >
    > where NNN.NN.NNN.NNN is the IP of the VPS.
    > what does that say?


    $ man connect
    ....
    RETURN VALUE
    If the connection or binding succeeds, zero is returned. On error, -1
    is returned, and errno is set appropriately.
    ....

    So all it says is that there was an error. Probably connection refused;
    by default the SSH X proxy listens only on the loopback interface
    (127.0.0.1); connecting to your "real" IP address will not work.

    --
    Richard Silverman
    res@qoxp.net


  7. Re: ssh X forwarding fails with Linux VPS (Virtual Server)

    On 2006-03-13, Richard E. Silverman wrote:
    >>
    >> On Thu, 02 Mar 2006 15:37:07 +0100, Pan Am wrote:
    >> > it's getting better, but I am not there yet...

    >>
    >> following up on my previous message...
    >>
    >> [admin@vm07 ~]$ strace xterm
    >> [...]
    >> connect(3, {sa_family=AF_INET, sin_port=htons(6010),
    >> sin_addr=inet_addr("NNN.NN.NNN.NNN")}, 16) = -1 EINVAL (Invalid argument)
    >> close(3) = 0
    >> [...]
    >>
    >> where NNN.NN.NNN.NNN is the IP of the VPS.
    >> what does that say?

    >
    > $ man connect
    > ...
    > RETURN VALUE
    > If the connection or binding succeeds, zero is returned. On error, -1
    > is returned, and errno is set appropriately.


    If you look a little further, EINVAL is not one of the documented return
    codes (at least on my FC4 box). There's a reference to it in existing
    in SysVr4 but not what might cause it on Linux.

    > So all it says is that there was an error. Probably connection refused;


    I would have expected that to be ECONNREFUSED.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  8. Re: ssh X forwarding fails with Linux VPS (Virtual Server)

    >>>>> "DT" == Darren Tucker writes:

    DT> On 2006-03-13, Richard E. Silverman wrote:
    >>>
    >>> On Thu, 02 Mar 2006 15:37:07 +0100, Pan Am wrote:
    >>> > it's getting better, but I am not there yet...
    >>>
    >>> following up on my previous message...
    >>>
    >>> [admin@vm07 ~]$ strace xterm [...] connect(3, {sa_family=AF_INET,
    >>> sin_port=htons(6010), sin_addr=inet_addr("NNN.NN.NNN.NNN")}, 16) =
    >>> -1 EINVAL (Invalid argument) close(3) = 0 [...]
    >>>
    >>> where NNN.NN.NNN.NNN is the IP of the VPS. what does that say?

    >> $ man connect ... RETURN VALUE If the connection or binding
    >> succeeds, zero is returned. On error, -1 is returned, and errno is
    >> set appropriately.


    DT> If you look a little further, EINVAL is not one of the documented
    DT> return codes (at least on my FC4 box). There's a reference to it
    DT> in existing in SysVr4 but not what might cause it on Linux.

    The way I read it, the call returns -1 on any failure; the fact that
    EINVAL is -1 is a red herring. You'd need to get the value of errno for
    the real error code, which of course we don't see in strace.

    --
    Richard Silverman
    res@qoxp.net


  9. Re: ssh X forwarding fails with Linux VPS (Virtual Server)

    "Richard E. Silverman" wrote in
    news:m2k6ay471d.fsf@darwin.oankali.net:
    > >>> [admin@vm07 ~]$ strace xterm [...] connect(3, {sa_family=AF_INET,
    > >>> sin_port=htons(6010), sin_addr=inet_addr("NNN.NN.NNN.NNN")}, 16) =
    > >>> -1 EINVAL (Invalid argument) close(3) = 0 [...]
    > >>>

    >
    >>>>>> "DT" == Darren Tucker writes:

    > DT> If you look a little further, EINVAL is not one of the documented
    > DT> return codes (at least on my FC4 box). There's a reference to it
    > DT> in existing in SysVr4 but not what might cause it on Linux.
    >
    > The way I read it, the call returns -1 on any failure; the fact that
    > EINVAL is -1 is a red herring. You'd need to get the value of errno for
    > the real error code, which of course we don't see in strace.
    >


    Actually EINVAL is 22 (not -1) and is the value from errno which strace
    conveniently translated into symbolic form for you. As Darren notes, the
    man page does not list a possible EINVAL return from connect, but I would
    guess that it means the sockaddr you passed in was malformed somehow.

    Chris Dodd
    cdodd@acm.org

  10. Re: ssh X forwarding fails with Linux VPS (Virtual Server)

    On 2006-03-13, Richard E. Silverman wrote:
    >>>>>> "DT" == Darren Tucker writes:

    >
    > DT> On 2006-03-13, Richard E. Silverman wrote:
    > DT> If you look a little further, EINVAL is not one of the documented
    > DT> return codes (at least on my FC4 box). There's a reference to it
    > DT> in existing in SysVr4 but not what might cause it on Linux.
    >
    > The way I read it, the call returns -1 on any failure; the fact that
    > EINVAL is -1 is a red herring. You'd need to get the value of errno for
    > the real error code, which of course we don't see in strace.


    The strace (on Linux, anyway) includes the errno.

    $ strace telnet localhost 1234
    [...]
    connect(3, {sa_family=AF_INET, sin_port=htons(1234),
    sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ECONNREFUSED (Connection refused)
    [...]

    So we have connect(2) returning an error for which there's no explanation
    in the documentation. Use the (kernel/glibc) source, Luke.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  11. Re: ssh X forwarding fails with Linux VPS (Virtual Server)

    >>>>> "CD" == Chris Dodd writes:

    CD> Actually EINVAL is 22 (not -1) and is the value from errno which
    CD> strace conveniently translated into symbolic form for you.

    Ah, thanks -- so, strace is smarter than I am. Not surprising.

    CD> As Darren notes, the man page does not list a possible EINVAL return
    CD> from connect

    There is at least, in the Debian man page:

    CONFORMING TO
    SVr4, 4.4BSD (the connect function first appeared in BSD 4.2). SVr4
    documents the additional general error codes EADDRNOTAVAIL, EINVAL,
    EAFNOSUPPORT, EALREADY, EINTR, EPROTOTYPE, and ENOSR. It also docu-
    ments many additional error conditions not described here.

    CD> but I would guess that it means the sockaddr you
    CD> passed in was malformed somehow.

    A reasonable interpretation.

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread