X11 session tunnelling via SSH: no longer working!
John Courcoul
Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an
SSH session used to work fine until recently. In other worlds, you would
connect with a
ssh -X us...@some.host
from your workstation running an appropriate X11 server, the server-side
SSHD would set up the DISPLAY variable pointing back to itself and
everything would work as expected. Run a graphical app, and it would
happily pop up in your display.
However, recently this has stopped working on two different servers I
use, one with Solaris 9 and the other with the latest Solaris 10. The
ssh session works normally, but the DISPLAY variable does not get set
and the following error pops up in the console:
Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error:
Failed to allocate internet-domain X11 display socket.
Both servers were patched with the latest security and recommended
patches. Tried by connecting from a MacOS X 10.5 portable (using the
included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all
with the same failed results. However, on an older Solaris 9 server that
has not been recently patched, the tunnelling works as usual, so it
seems to be a server-side problem.
Since the tunnelling no longer works, the only way to run graphical apps
is by manually doing the insecure xhost +client / DISPLAY=server:0.0;
export DISPLAY routine.
Has anyone run across this problem and know which patch messed things
up? Is there a solution or, at least, a workaround?
TIA for your help.
J. Courcoul
M.Bruns
I had the same problem some weeks ago, it came up after installing the latest
ssh patch. Somebody of the Sun Service told me the following workaround for
the machine the ssh server is running on:
# ifconfig lo0 inet6 plumb up
Cheers,
M.Bruns
John Courcoul
"M.Bruns" <m...@linmpi.mpg.de> wrote:
Cool! That worked like a charm. Thanks a lot!
JMC
pins...@yahoo.com
<nospam.jmcourc...@removethis.mac.com> wrote:
> In article <g92rlo$1a3...@gwdu112.gwdg.de>,
>
>
>
>
>
> "M.Bruns" <m...@linmpi.mpg.de> wrote:
> > Hi
>
> > > Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an
> > > SSH session used to work fine until recently. In other worlds, you would
> > > connect with a
>
>
> - Zitierten Text anzeigen -
That worked as well in my case. Thanks a lot too!
But after a reboot it is no more configured and the cammand has to be
entered again...
Do you know how to make it permanent?
Cheers
Piscu
John Courcoul
<95cc3ad7-426d-41a6...@25g2000hsx.googlegroups.com>,
pins...@yahoo.com wrote:
That's simple enough: just add an item to the startup scripts and have
it run before sshd gets launched. In other words, stuff the following
inside a file that you can call /etc/init.d/sshd_tunnelling:
> #!/sbin/sh
> #
> # Workaround to get the sshd daemon to accept X11 tunnelling and set
> # the DISPLAY variable.
> #
> # This trick became necessary after patch 114356-14 to sshd, which
> # caused the tunnelling mechanismo to cease working.
>
> case $1 in
> 'start')
> echo 'Starting up the loopback for ssh/X11 tunnelling.'
> /usr/sbin/ifconfig lo0 inet6 plumb up
> ;;
> 'stop')
> #
> # Nothing to do when going down, the loopback will be taken down
> # automatically.
> ;;
>
> 'restart')
> /usr/sbin/ifconfig lo0 inet6 plumb up
> ;;
> *)
> echo "Usage: $0 { start | stop }"
> exit 1
> ;;
> esac
Then make a link to this from rc3.d:
> cd /etc/rc3.d
> ln ../init.d/sshd_tunnelling S88sshd_tunnelling
Also, as an update as to where M.Bruns' Sun guy got the info and what to
expect as remediation, read here:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-240906-1
Cheers,
JMC
Martha Starkey
You can touch /etc/hostname6.lo0 and that will do the same thing as your
script above.
>
> Cheers,
>
> JMC