Re: X11 session tunnelling via SSH: no longer working!
- From: Martha Starkey <martha.starkey@xxxxxxx>
- Date: Tue, 02 Sep 2008 14:42:26 -0400
On 08/29/08 01:57, John Courcoul wrote:
In article <95cc3ad7-426d-41a6-bb3b-14f8ccb3f46c@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
pinsel99@xxxxxxxxx wrote:
On 27 Aug., 09:22, John Courcoul
<nospam.jmcourc...@xxxxxxxxxxxxxxxxxx> wrote:
In article <g92rlo$1a3...@xxxxxxxxxxxxxxx>,That worked as well in my case. Thanks a lot too!
"M.Bruns" <m...@xxxxxxxxxxxxx> wrote:HiCool! That worked like a charm. Thanks a lot!Graphical access to a Solaris 9 or 10 server via X11 tunneled thru anI had the same problem some weeks ago, it came up after installing the latest
SSH session used to work fine until recently. In other worlds, you would
connect with a
ssh -X u...@xxxxxxxxx
from your workstation running an appropriate X11 server, the server-side
SSHD would set up the DISPLAY variable pointing back to itself and
everything would work as expected. Run a graphical app, and it would
happily pop up in your display.
However, recently this has stopped working on two different servers I
use, one with Solaris 9 and the other with the latest Solaris 10. The
ssh session works normally, but the DISPLAY variable does not get set
and the following error pops up in the console:
Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error:
Failed to allocate internet-domain X11 display socket.
Both servers were patched with the latest security and recommended
patches. Tried by connecting from a MacOS X 10.5 portable (using the
included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all
with the same failed results. However, on an older Solaris 9 server that
has not been recently patched, the tunnelling works as usual, so it
seems to be a server-side problem.
Since the tunnelling no longer works, the only way to run graphical apps
is by manually doing the insecure xhost +client / DISPLAY=server:0.0;
export DISPLAY routine. Has anyone run across this problem and know which patch messed things
up? Is there a solution or, at least, a workaround?
TIA for your help.
J. Courcoul
ssh patch. Somebody of the Sun Service told me the following workaround for
the machine the ssh server is running on:
# ifconfig lo0 inet6 plumb up
Cheers,
M.Bruns
JMC- Zitierten Text ausblenden -
- Zitierten Text anzeigen -
But after a reboot it is no more configured and the cammand has to be
entered again...
Do you know how to make it permanent?
Cheers
Piscu
That's simple enough: just add an item to the startup scripts and have it run before sshd gets launched. In other words, stuff the following inside a file that you can call /etc/init.d/sshd_tunnelling:
#!/sbin/sh
#
# Workaround to get the sshd daemon to accept X11 tunnelling and set
# the DISPLAY variable. #
# This trick became necessary after patch 114356-14 to sshd, which
# caused the tunnelling mechanismo to cease working.
case $1 in 'start')
echo 'Starting up the loopback for ssh/X11 tunnelling.'
/usr/sbin/ifconfig lo0 inet6 plumb up
;;
'stop')
#
# Nothing to do when going down, the loopback will be taken down
# automatically.
;;
'restart')
/usr/sbin/ifconfig lo0 inet6 plumb up
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
Then make a link to this from rc3.d:
cd /etc/rc3.d
ln ../init.d/sshd_tunnelling S88sshd_tunnelling
Also, as an update as to where M.Bruns' Sun guy got the info and what to expect as remediation, read here:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-240906-1
You can touch /etc/hostname6.lo0 and that will do the same thing as your script above.
.
Cheers,
JMC
- Prev by Date: Re: how to find out what processes are taking up CPU resources?
- Next by Date: SC password Reset
- Previous by thread: Re: how to find out what processes are taking up CPU resources?
- Next by thread: SC password Reset
- Index(es):
Relevant Pages
|
