X11 session tunnelling via SSH: no longer working! - SUN

This is a discussion on X11 session tunnelling via SSH: no longer working! - SUN ; Hi! Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an SSH session used to work fine until recently. In other worlds, you would connect with a ssh -X user@some.host from your workstation running an appropriate ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: X11 session tunnelling via SSH: no longer working!

  1. X11 session tunnelling via SSH: no longer working!

    Hi!

    Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an
    SSH session used to work fine until recently. In other worlds, you would
    connect with a

    ssh -X user@some.host

    from your workstation running an appropriate X11 server, the server-side
    SSHD would set up the DISPLAY variable pointing back to itself and
    everything would work as expected. Run a graphical app, and it would
    happily pop up in your display.

    However, recently this has stopped working on two different servers I
    use, one with Solaris 9 and the other with the latest Solaris 10. The
    ssh session works normally, but the DISPLAY variable does not get set
    and the following error pops up in the console:

    Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error:
    Failed to allocate internet-domain X11 display socket.

    Both servers were patched with the latest security and recommended
    patches. Tried by connecting from a MacOS X 10.5 portable (using the
    included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all
    with the same failed results. However, on an older Solaris 9 server that
    has not been recently patched, the tunnelling works as usual, so it
    seems to be a server-side problem.

    Since the tunnelling no longer works, the only way to run graphical apps
    is by manually doing the insecure xhost +client / DISPLAY=server:0.0;
    export DISPLAY routine.

    Has anyone run across this problem and know which patch messed things
    up? Is there a solution or, at least, a workaround?

    TIA for your help.

    J. Courcoul

  2. Re: X11 session tunnelling via SSH: no longer working!

    Hi

    > Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an
    > SSH session used to work fine until recently. In other worlds, you would
    > connect with a
    >
    > ssh -X user@some.host
    >
    > from your workstation running an appropriate X11 server, the server-side
    > SSHD would set up the DISPLAY variable pointing back to itself and
    > everything would work as expected. Run a graphical app, and it would
    > happily pop up in your display.
    >
    > However, recently this has stopped working on two different servers I
    > use, one with Solaris 9 and the other with the latest Solaris 10. The
    > ssh session works normally, but the DISPLAY variable does not get set
    > and the following error pops up in the console:
    >
    > Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error:
    > Failed to allocate internet-domain X11 display socket.
    >
    > Both servers were patched with the latest security and recommended
    > patches. Tried by connecting from a MacOS X 10.5 portable (using the
    > included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all
    > with the same failed results. However, on an older Solaris 9 server that
    > has not been recently patched, the tunnelling works as usual, so it
    > seems to be a server-side problem.
    >
    > Since the tunnelling no longer works, the only way to run graphical apps
    > is by manually doing the insecure xhost +client / DISPLAY=server:0.0;
    > export DISPLAY routine.
    >
    > Has anyone run across this problem and know which patch messed things
    > up? Is there a solution or, at least, a workaround?
    >
    > TIA for your help.
    >
    > J. Courcoul


    I had the same problem some weeks ago, it came up after installing the latest
    ssh patch. Somebody of the Sun Service told me the following workaround for
    the machine the ssh server is running on:

    # ifconfig lo0 inet6 plumb up

    Cheers,
    M.Bruns

  3. Re: X11 session tunnelling via SSH: no longer working!

    In article ,
    "M.Bruns" wrote:

    > Hi
    >
    > > Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an
    > > SSH session used to work fine until recently. In other worlds, you would
    > > connect with a
    > >
    > > ssh -X user@some.host
    > >
    > > from your workstation running an appropriate X11 server, the server-side
    > > SSHD would set up the DISPLAY variable pointing back to itself and
    > > everything would work as expected. Run a graphical app, and it would
    > > happily pop up in your display.
    > >
    > > However, recently this has stopped working on two different servers I
    > > use, one with Solaris 9 and the other with the latest Solaris 10. The
    > > ssh session works normally, but the DISPLAY variable does not get set
    > > and the following error pops up in the console:
    > >
    > > Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error:
    > > Failed to allocate internet-domain X11 display socket.
    > >
    > > Both servers were patched with the latest security and recommended
    > > patches. Tried by connecting from a MacOS X 10.5 portable (using the
    > > included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all
    > > with the same failed results. However, on an older Solaris 9 server that
    > > has not been recently patched, the tunnelling works as usual, so it
    > > seems to be a server-side problem.
    > >
    > > Since the tunnelling no longer works, the only way to run graphical apps
    > > is by manually doing the insecure xhost +client / DISPLAY=server:0.0;
    > > export DISPLAY routine.
    > >
    > > Has anyone run across this problem and know which patch messed things
    > > up? Is there a solution or, at least, a workaround?
    > >
    > > TIA for your help.
    > >
    > > J. Courcoul

    >
    > I had the same problem some weeks ago, it came up after installing the latest
    > ssh patch. Somebody of the Sun Service told me the following workaround for
    > the machine the ssh server is running on:
    >
    > # ifconfig lo0 inet6 plumb up
    >
    > Cheers,
    > M.Bruns


    Cool! That worked like a charm. Thanks a lot!

    JMC

  4. Re: X11 session tunnelling via SSH: no longer working!

    On 27 Aug., 09:22, John Courcoul
    wrote:
    > In article ,
    >
    >
    >
    >
    >
    > *"M.Bruns" wrote:
    > > Hi

    >
    > > > Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an
    > > > SSH session used to work fine until recently. In other worlds, you would
    > > > connect with a

    >
    > > > ssh -X u...@some.host

    >
    > > > from your workstation running an appropriate X11 server, the server-side
    > > > SSHD would set up the DISPLAY variable pointing back to itself and
    > > > everything would work as expected. Run a graphical app, and it would
    > > > happily pop up in your display.

    >
    > > > However, recently this has stopped working on two different servers I
    > > > use, one with Solaris 9 and the other with the latest Solaris 10. The
    > > > ssh session works normally, but the DISPLAY variable does not get set
    > > > and the following error pops up in the console:

    >
    > > > Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error:
    > > > Failed to allocate internet-domain X11 display socket.

    >
    > > > Both servers were patched with the latest security and recommended
    > > > patches. Tried by connecting from a MacOS X 10.5 portable (using the
    > > > included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all
    > > > with the same failed results. However, on an older Solaris 9 server that
    > > > has not been recently patched, the tunnelling works as usual, so it
    > > > seems to be a server-side problem.

    >
    > > > Since the tunnelling no longer works, the only way to run graphical apps
    > > > is by manually doing the insecure *xhost +client / DISPLAY=server:0.0;
    > > > export DISPLAY routine. *

    >
    > > > Has anyone run across this problem and know which patch messed things
    > > > up? Is there a solution or, at least, a workaround?

    >
    > > > TIA for your help.

    >
    > > > J. Courcoul

    >
    > > I had the same problem some weeks ago, it came up after installing the latest
    > > ssh patch. Somebody of the Sun Service told me the following workaroundfor
    > > the machine the ssh server is running on:

    >
    > > # ifconfig lo0 inet6 plumb up

    >
    > > Cheers,
    > > M.Bruns

    >
    > Cool! That worked like a charm. Thanks a lot!
    >
    > JMC- Zitierten Text ausblenden -
    >
    > - Zitierten Text anzeigen -


    That worked as well in my case. Thanks a lot too!

    But after a reboot it is no more configured and the cammand has to be
    entered again...
    Do you know how to make it permanent?

    Cheers
    Piscu

  5. Re: X11 session tunnelling via SSH: no longer working!

    In article
    <95cc3ad7-426d-41a6-bb3b-14f8ccb3f46c@25g2000hsx.googlegroups.com>,
    pinsel99@yahoo.com wrote:

    > On 27 Aug., 09:22, John Courcoul
    > wrote:
    > > In article ,
    > >
    > >
    > >
    > >
    > >
    > > *"M.Bruns" wrote:
    > > > Hi

    > >
    > > > > Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an
    > > > > SSH session used to work fine until recently. In other worlds, you
    > > > > would
    > > > > connect with a

    > >
    > > > > ssh -X u...@some.host

    > >
    > > > > from your workstation running an appropriate X11 server, the
    > > > > server-side
    > > > > SSHD would set up the DISPLAY variable pointing back to itself and
    > > > > everything would work as expected. Run a graphical app, and it would
    > > > > happily pop up in your display.

    > >
    > > > > However, recently this has stopped working on two different servers I
    > > > > use, one with Solaris 9 and the other with the latest Solaris 10. The
    > > > > ssh session works normally, but the DISPLAY variable does not get set
    > > > > and the following error pops up in the console:

    > >
    > > > > Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error:
    > > > > Failed to allocate internet-domain X11 display socket.

    > >
    > > > > Both servers were patched with the latest security and recommended
    > > > > patches. Tried by connecting from a MacOS X 10.5 portable (using the
    > > > > included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all
    > > > > with the same failed results. However, on an older Solaris 9 server
    > > > > that
    > > > > has not been recently patched, the tunnelling works as usual, so it
    > > > > seems to be a server-side problem.

    > >
    > > > > Since the tunnelling no longer works, the only way to run graphical
    > > > > apps
    > > > > is by manually doing the insecure *xhost +client / DISPLAY=server:0.0;
    > > > > export DISPLAY routine. *

    > >
    > > > > Has anyone run across this problem and know which patch messed things
    > > > > up? Is there a solution or, at least, a workaround?

    > >
    > > > > TIA for your help.

    > >
    > > > > J. Courcoul

    > >
    > > > I had the same problem some weeks ago, it came up after installing the
    > > > latest
    > > > ssh patch. Somebody of the Sun Service told me the following workaround
    > > > for
    > > > the machine the ssh server is running on:

    > >
    > > > # ifconfig lo0 inet6 plumb up

    > >
    > > > Cheers,
    > > > M.Bruns

    > >
    > > Cool! That worked like a charm. Thanks a lot!
    > >
    > > JMC- Zitierten Text ausblenden -
    > >
    > > - Zitierten Text anzeigen -

    >
    > That worked as well in my case. Thanks a lot too!
    >
    > But after a reboot it is no more configured and the cammand has to be
    > entered again...
    > Do you know how to make it permanent?
    >
    > Cheers
    > Piscu


    That's simple enough: just add an item to the startup scripts and have
    it run before sshd gets launched. In other words, stuff the following
    inside a file that you can call /etc/init.d/sshd_tunnelling:

    > #!/sbin/sh
    > #
    > # Workaround to get the sshd daemon to accept X11 tunnelling and set
    > # the DISPLAY variable.
    > #
    > # This trick became necessary after patch 114356-14 to sshd, which
    > # caused the tunnelling mechanismo to cease working.
    >
    > case $1 in
    > 'start')
    > echo 'Starting up the loopback for ssh/X11 tunnelling.'
    > /usr/sbin/ifconfig lo0 inet6 plumb up
    > ;;
    > 'stop')
    > #
    > # Nothing to do when going down, the loopback will be taken down
    > # automatically.
    > ;;
    >
    > 'restart')
    > /usr/sbin/ifconfig lo0 inet6 plumb up
    > ;;
    > *)
    > echo "Usage: $0 { start | stop }"
    > exit 1
    > ;;
    > esac


    Then make a link to this from rc3.d:

    > cd /etc/rc3.d
    > ln ../init.d/sshd_tunnelling S88sshd_tunnelling


    Also, as an update as to where M.Bruns' Sun guy got the info and what to
    expect as remediation, read here:

    http://sunsolve.sun.com/search/docum...=1-66-240906-1

    Cheers,

    JMC

  6. Re: X11 session tunnelling via SSH: no longer working!

    On 08/29/08 01:57, John Courcoul wrote:
    > In article
    > <95cc3ad7-426d-41a6-bb3b-14f8ccb3f46c@25g2000hsx.googlegroups.com>,
    > pinsel99@yahoo.com wrote:
    >
    >> On 27 Aug., 09:22, John Courcoul
    >> wrote:
    >>> In article ,
    >>>
    >>>
    >>>
    >>>
    >>>
    >>> "M.Bruns" wrote:
    >>>> Hi
    >>>>> Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an
    >>>>> SSH session used to work fine until recently. In other worlds, you
    >>>>> would
    >>>>> connect with a
    >>>>> ssh -X u...@some.host
    >>>>> from your workstation running an appropriate X11 server, the
    >>>>> server-side
    >>>>> SSHD would set up the DISPLAY variable pointing back to itself and
    >>>>> everything would work as expected. Run a graphical app, and it would
    >>>>> happily pop up in your display.
    >>>>> However, recently this has stopped working on two different servers I
    >>>>> use, one with Solaris 9 and the other with the latest Solaris 10. The
    >>>>> ssh session works normally, but the DISPLAY variable does not get set
    >>>>> and the following error pops up in the console:
    >>>>> Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error:
    >>>>> Failed to allocate internet-domain X11 display socket.
    >>>>> Both servers were patched with the latest security and recommended
    >>>>> patches. Tried by connecting from a MacOS X 10.5 portable (using the
    >>>>> included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all
    >>>>> with the same failed results. However, on an older Solaris 9 server
    >>>>> that
    >>>>> has not been recently patched, the tunnelling works as usual, so it
    >>>>> seems to be a server-side problem.
    >>>>> Since the tunnelling no longer works, the only way to run graphical
    >>>>> apps
    >>>>> is by manually doing the insecure xhost +client / DISPLAY=server:0.0;
    >>>>> export DISPLAY routine.
    >>>>> Has anyone run across this problem and know which patch messed things
    >>>>> up? Is there a solution or, at least, a workaround?
    >>>>> TIA for your help.
    >>>>> J. Courcoul
    >>>> I had the same problem some weeks ago, it came up after installing the
    >>>> latest
    >>>> ssh patch. Somebody of the Sun Service told me the following workaround
    >>>> for
    >>>> the machine the ssh server is running on:
    >>>> # ifconfig lo0 inet6 plumb up
    >>>> Cheers,
    >>>> M.Bruns
    >>> Cool! That worked like a charm. Thanks a lot!
    >>>
    >>> JMC- Zitierten Text ausblenden -
    >>>
    >>> - Zitierten Text anzeigen -

    >> That worked as well in my case. Thanks a lot too!
    >>
    >> But after a reboot it is no more configured and the cammand has to be
    >> entered again...
    >> Do you know how to make it permanent?
    >>
    >> Cheers
    >> Piscu

    >
    > That's simple enough: just add an item to the startup scripts and have
    > it run before sshd gets launched. In other words, stuff the following
    > inside a file that you can call /etc/init.d/sshd_tunnelling:
    >
    >> #!/sbin/sh
    >> #
    >> # Workaround to get the sshd daemon to accept X11 tunnelling and set
    >> # the DISPLAY variable.
    >> #
    >> # This trick became necessary after patch 114356-14 to sshd, which
    >> # caused the tunnelling mechanismo to cease working.
    >>
    >> case $1 in
    >> 'start')
    >> echo 'Starting up the loopback for ssh/X11 tunnelling.'
    >> /usr/sbin/ifconfig lo0 inet6 plumb up
    >> ;;
    >> 'stop')
    >> #
    >> # Nothing to do when going down, the loopback will be taken down
    >> # automatically.
    >> ;;
    >>
    >> 'restart')
    >> /usr/sbin/ifconfig lo0 inet6 plumb up
    >> ;;
    >> *)
    >> echo "Usage: $0 { start | stop }"
    >> exit 1
    >> ;;
    >> esac

    >
    > Then make a link to this from rc3.d:
    >
    >> cd /etc/rc3.d
    >> ln ../init.d/sshd_tunnelling S88sshd_tunnelling

    >
    > Also, as an update as to where M.Bruns' Sun guy got the info and what to
    > expect as remediation, read here:
    >
    > http://sunsolve.sun.com/search/docum...=1-66-240906-1


    You can touch /etc/hostname6.lo0 and that will do the same thing as your
    script above.



    >
    > Cheers,
    >
    > JMC


+ Reply to Thread