X11 session tunnelling via SSH: no longer working!This is a discussion on X11 session tunnelling via SSH: no longer working! within the SUN forums, part of the Systems category; Hi! Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an SSH session used to work fine until recently. In other worlds, you would connect with ... | ||||||||
| ||||||||
| Unix Content | Register | FAQ | Calendar | Search | Today's Posts | Mark Forums Read |
|
#1
08-26-2008, 07:23 PM
|
 X11 session tunnelling via SSH: no longer working! Hi! Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an SSH session used to work fine until recently. In other worlds, you would connect with a ssh -X user@some.host from your workstation running an appropriate X11 server, the server-side SSHD would set up the DISPLAY variable pointing back to itself and everything would work as expected. Run a graphical app, and it would happily pop up in your display. However, recently this has stopped working on two different servers I use, one with Solaris 9 and the other with the latest Solaris 10. The ssh session works normally, but the DISPLAY variable does not get set and the following error pops up in the console: Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error: Failed to allocate internet-domain X11 display socket. Both servers were patched with the latest security and recommended patches. Tried by connecting from a MacOS X 10.5 portable (using the included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all with the same failed results. However, on an older Solaris 9 server that has not been recently patched, the tunnelling works as usual, so it seems to be a server-side problem. Since the tunnelling no longer works, the only way to run graphical apps is by manually doing the insecure xhost +client / DISPLAY=server:0.0; export DISPLAY routine. Has anyone run across this problem and know which patch messed things up? Is there a solution or, at least, a workaround? TIA for your help. J. Courcoul  |
|
#2
08-27-2008, 02:19 AM
|
| Re: X11 session tunnelling via SSH: no longer working! Hi > Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an > SSH session used to work fine until recently. In other worlds, you would > connect with a > > ssh -X user@some.host > > from your workstation running an appropriate X11 server, the server-side > SSHD would set up the DISPLAY variable pointing back to itself and > everything would work as expected. Run a graphical app, and it would > happily pop up in your display. > > However, recently this has stopped working on two different servers I > use, one with Solaris 9 and the other with the latest Solaris 10. The > ssh session works normally, but the DISPLAY variable does not get set > and the following error pops up in the console: > > Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error: > Failed to allocate internet-domain X11 display socket. > > Both servers were patched with the latest security and recommended > patches. Tried by connecting from a MacOS X 10.5 portable (using the > included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all > with the same failed results. However, on an older Solaris 9 server that > has not been recently patched, the tunnelling works as usual, so it > seems to be a server-side problem. > > Since the tunnelling no longer works, the only way to run graphical apps > is by manually doing the insecure xhost +client / DISPLAY=server:0.0; > export DISPLAY routine. > > Has anyone run across this problem and know which patch messed things > up? Is there a solution or, at least, a workaround? > > TIA for your help. > > J. Courcoul I had the same problem some weeks ago, it came up after installing the latest ssh patch. Somebody of the Sun Service told me the following workaround for the machine the ssh server is running on: # ifconfig lo0 inet6 plumb up Cheers, M.Bruns |
|
#3
08-27-2008, 03:22 AM
|
| Re: X11 session tunnelling via SSH: no longer working! In article "M.Bruns" > Hi > > > Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an > > SSH session used to work fine until recently. In other worlds, you would > > connect with a > > > > ssh -X user@some.host > > > > from your workstation running an appropriate X11 server, the server-side > > SSHD would set up the DISPLAY variable pointing back to itself and > > everything would work as expected. Run a graphical app, and it would > > happily pop up in your display. > > > > However, recently this has stopped working on two different servers I > > use, one with Solaris 9 and the other with the latest Solaris 10. The > > ssh session works normally, but the DISPLAY variable does not get set > > and the following error pops up in the console: > > > > Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error: > > Failed to allocate internet-domain X11 display socket. > > > > Both servers were patched with the latest security and recommended > > patches. Tried by connecting from a MacOS X 10.5 portable (using the > > included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all > > with the same failed results. However, on an older Solaris 9 server that > > has not been recently patched, the tunnelling works as usual, so it > > seems to be a server-side problem. > > > > Since the tunnelling no longer works, the only way to run graphical apps > > is by manually doing the insecure xhost +client / DISPLAY=server:0.0; > > export DISPLAY routine. > > > > Has anyone run across this problem and know which patch messed things > > up? Is there a solution or, at least, a workaround? > > > > TIA for your help. > > > > J. Courcoul > > I had the same problem some weeks ago, it came up after installing the latest > ssh patch. Somebody of the Sun Service told me the following workaround for > the machine the ssh server is running on: > > # ifconfig lo0 inet6 plumb up > > Cheers, > M.Bruns Cool! That worked like a charm. Thanks a lot! JMC |
|
#4
08-28-2008, 05:12 AM
|
| Re: X11 session tunnelling via SSH: no longer working! On 27 Aug., 09:22, John Courcoul > In article > > > > > > *"M.Bruns" > > Hi > > > > Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an > > > SSH session used to work fine until recently. In other worlds, you would > > > connect with a > > > > ssh -X u...@some.host > > > > from your workstation running an appropriate X11 server, the server-side > > > SSHD would set up the DISPLAY variable pointing back to itself and > > > everything would work as expected. Run a graphical app, and it would > > > happily pop up in your display. > > > > However, recently this has stopped working on two different servers I > > > use, one with Solaris 9 and the other with the latest Solaris 10. The > > > ssh session works normally, but the DISPLAY variable does not get set > > > and the following error pops up in the console: > > > > Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error: > > > Failed to allocate internet-domain X11 display socket. > > > > Both servers were patched with the latest security and recommended > > > patches. Tried by connecting from a MacOS X 10.5 portable (using the > > > included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all > > > with the same failed results. However, on an older Solaris 9 server that > > > has not been recently patched, the tunnelling works as usual, so it > > > seems to be a server-side problem. > > > > Since the tunnelling no longer works, the only way to run graphical apps > > > is by manually doing the insecure *xhost +client / DISPLAY=server:0.0; > > > export DISPLAY routine. * > > > > Has anyone run across this problem and know which patch messed things > > > up? Is there a solution or, at least, a workaround? > > > > TIA for your help. > > > > J. Courcoul > > > I had the same problem some weeks ago, it came up after installing the latest > > ssh patch. Somebody of the Sun Service told me the following workaroundfor > > the machine the ssh server is running on: > > > # ifconfig lo0 inet6 plumb up > > > Cheers, > > M.Bruns > > Cool! That worked like a charm. Thanks a lot! > > JMC- Zitierten Text ausblenden - > > - Zitierten Text anzeigen - That worked as well in my case. Thanks a lot too! But after a reboot it is no more configured and the cammand has to be entered again... Do you know how to make it permanent? Cheers Piscu |
|
#5
08-29-2008, 01:57 AM
|
| Re: X11 session tunnelling via SSH: no longer working! In article <95cc3ad7-426d-41a6-bb3b-14f8ccb3f46c@25g2000hsx.googlegroups.com>, pinsel99@yahoo.com wrote: > On 27 Aug., 09:22, John Courcoul > > > In article > > > > > > > > > > > > *"M.Bruns" > > > Hi > > > > > > Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an > > > > SSH session used to work fine until recently. In other worlds, you > > > > would > > > > connect with a > > > > > > ssh -X u...@some.host > > > > > > from your workstation running an appropriate X11 server, the > > > > server-side > > > > SSHD would set up the DISPLAY variable pointing back to itself and > > > > everything would work as expected. Run a graphical app, and it would > > > > happily pop up in your display. > > > > > > However, recently this has stopped working on two different servers I > > > > use, one with Solaris 9 and the other with the latest Solaris 10. The > > > > ssh session works normally, but the DISPLAY variable does not get set > > > > and the following error pops up in the console: > > > > > > Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error: > > > > Failed to allocate internet-domain X11 display socket. > > > > > > Both servers were patched with the latest security and recommended > > > > patches. Tried by connecting from a MacOS X 10.5 portable (using the > > > > included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all > > > > with the same failed results. However, on an older Solaris 9 server > > > > that > > > > has not been recently patched, the tunnelling works as usual, so it > > > > seems to be a server-side problem. > > > > > > Since the tunnelling no longer works, the only way to run graphical > > > > apps > > > > is by manually doing the insecure *xhost +client / DISPLAY=server:0.0; > > > > export DISPLAY routine. * > > > > > > Has anyone run across this problem and know which patch messed things > > > > up? Is there a solution or, at least, a workaround? > > > > > > TIA for your help. > > > > > > J. Courcoul > > > > > I had the same problem some weeks ago, it came up after installing the > > > latest > > > ssh patch. Somebody of the Sun Service told me the following workaround > > > for > > > the machine the ssh server is running on: > > > > > # ifconfig lo0 inet6 plumb up > > > > > Cheers, > > > M.Bruns > > > > Cool! That worked like a charm. Thanks a lot! > > > > JMC- Zitierten Text ausblenden - > > > > - Zitierten Text anzeigen - > > That worked as well in my case. Thanks a lot too! > > But after a reboot it is no more configured and the cammand has to be > entered again... > Do you know how to make it permanent? > > Cheers > Piscu That's simple enough: just add an item to the startup scripts and have it run before sshd gets launched. In other words, stuff the following inside a file that you can call /etc/init.d/sshd_tunnelling: > #!/sbin/sh > # > # Workaround to get the sshd daemon to accept X11 tunnelling and set > # the DISPLAY variable. > # > # This trick became necessary after patch 114356-14 to sshd, which > # caused the tunnelling mechanismo to cease working. > > case $1 in > 'start') > echo 'Starting up the loopback for ssh/X11 tunnelling.' > /usr/sbin/ifconfig lo0 inet6 plumb up > ;; > 'stop') > # > # Nothing to do when going down, the loopback will be taken down > # automatically. > ;; > > 'restart') > /usr/sbin/ifconfig lo0 inet6 plumb up > ;; > *) > echo "Usage: $0 { start | stop }" > exit 1 > ;; > esac Then make a link to this from rc3.d: > cd /etc/rc3.d > ln ../init.d/sshd_tunnelling S88sshd_tunnelling Also, as an update as to where M.Bruns' Sun guy got the info and what to expect as remediation, read here: http://sunsolve.sun.com/search/docum...=1-66-240906-1 Cheers, JMC |
|
#6
09-02-2008, 02:42 PM
|
| Re: X11 session tunnelling via SSH: no longer working! On 08/29/08 01:57, John Courcoul wrote: > In article > <95cc3ad7-426d-41a6-bb3b-14f8ccb3f46c@25g2000hsx.googlegroups.com>, > pinsel99@yahoo.com wrote: > >> On 27 Aug., 09:22, John Courcoul >> >>> In article >>> >>> >>> >>> >>> >>> "M.Bruns" >>>> Hi >>>>> Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an >>>>> SSH session used to work fine until recently. In other worlds, you >>>>> would >>>>> connect with a >>>>> ssh -X u...@some.host >>>>> from your workstation running an appropriate X11 server, the >>>>> server-side >>>>> SSHD would set up the DISPLAY variable pointing back to itself and >>>>> everything would work as expected. Run a graphical app, and it would >>>>> happily pop up in your display. >>>>> However, recently this has stopped working on two different servers I >>>>> use, one with Solaris 9 and the other with the latest Solaris 10. The >>>>> ssh session works normally, but the DISPLAY variable does not get set >>>>> and the following error pops up in the console: >>>>> Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error: >>>>> Failed to allocate internet-domain X11 display socket. >>>>> Both servers were patched with the latest security and recommended >>>>> patches. Tried by connecting from a MacOS X 10.5 portable (using the >>>>> included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all >>>>> with the same failed results. However, on an older Solaris 9 server >>>>> that >>>>> has not been recently patched, the tunnelling works as usual, so it >>>>> seems to be a server-side problem. >>>>> Since the tunnelling no longer works, the only way to run graphical >>>>> apps >>>>> is by manually doing the insecure xhost +client / DISPLAY=server:0.0; >>>>> export DISPLAY routine. >>>>> Has anyone run across this problem and know which patch messed things >>>>> up? Is there a solution or, at least, a workaround? >>>>> TIA for your help. >>>>> J. Courcoul >>>> I had the same problem some weeks ago, it came up after installing the >>>> latest >>>> ssh patch. Somebody of the Sun Service told me the following workaround >>>> for >>>> the machine the ssh server is running on: >>>> # ifconfig lo0 inet6 plumb up >>>> Cheers, >>>> M.Bruns >>> Cool! That worked like a charm. Thanks a lot! >>> >>> JMC- Zitierten Text ausblenden - >>> >>> - Zitierten Text anzeigen - >> That worked as well in my case. Thanks a lot too! >> >> But after a reboot it is no more configured and the cammand has to be >> entered again... >> Do you know how to make it permanent? >> >> Cheers >> Piscu > > That's simple enough: just add an item to the startup scripts and have > it run before sshd gets launched. In other words, stuff the following > inside a file that you can call /etc/init.d/sshd_tunnelling: > >> #!/sbin/sh >> # >> # Workaround to get the sshd daemon to accept X11 tunnelling and set >> # the DISPLAY variable. >> # >> # This trick became necessary after patch 114356-14 to sshd, which >> # caused the tunnelling mechanismo to cease working. >> >> case $1 in >> 'start') >> echo 'Starting up the loopback for ssh/X11 tunnelling.' >> /usr/sbin/ifconfig lo0 inet6 plumb up >> ;; >> 'stop') >> # >> # Nothing to do when going down, the loopback will be taken down >> # automatically. >> ;; >> >> 'restart') >> /usr/sbin/ifconfig lo0 inet6 plumb up >> ;; >> *) >> echo "Usage: $0 { start | stop }" >> exit 1 >> ;; >> esac > > Then make a link to this from rc3.d: > >> cd /etc/rc3.d >> ln ../init.d/sshd_tunnelling S88sshd_tunnelling > > Also, as an update as to where M.Bruns' Sun guy got the info and what to > expect as remediation, read here: > > http://sunsolve.sun.com/search/docum...=1-66-240906-1 You can touch /etc/hostname6.lo0 and that will do the same thing as your script above. > > Cheers, > > JMC |
