Thank you for all the suggestions. I have tried to make modifications as suggested on ISSUE 1, while trying to use vnc as my test case. No success yet. Grateful for further suggestions.
Xforwarding: ------------ Changed the Xforwarding to yes in /etc/ssh/sshd_config of remote machine (inteksl52): #X11Forwarding no X11Forwarding yes the client machine was already set (barring any surprise in changed notation): Host * ForwardX11Trusted yes ForwardX11 yes Host *.fnal.gov GSSAPIAuthentication yes GSSAPIDelegateCredentials yes ForwardX11Trusted yes ForwardX11 yes xauth and $DISPLAY: ------------------- I have also checked for xauth and $DISPLAY on both machines. On host machine (hpsl5): xauth is available and DISPLAY is set to :0.0 [...@hpsl5 ~]$ rpm -q xorg-x11-xauth xorg-x11-xauth-1.0.1-2.1.i386 [...@hpsl5 ~]$ echo $DISPLAY :0.0 [...@hpsl5 ~]$ On remote machine (inteksl52): xauth is available but DISPLAY is *not* set via secure shell. However, it is set to :0.0 if echoed from its own console. [...@hpsl5 ~]$ ssh -XY [email protected] [email protected]'s password: Last login: Mon May 4 18:08:12 2009 from 192.168.10.4 [...@inteksl52 ~]$ echo $DISPLAY [...@inteksl52 ~]$ rpm -q xorg-x11-xauth xorg-x11-xauth-1.0.1-2.1.i386 [...@inteksl52 ~]$ vnc connection: --------------- vncviewer sees the vncserver if they are on the same host machine,but not accross machines or remotely (via ssh); it basically demonstrates the problem persists. On host machine: [...@hpsl5 ~]$ echo $DISPLAY :0.0 [...@hpsl5 ~]$ vncserver & [1] 5300 New 'hpsl5:2 (wss)' desktop is hpsl5:2 Starting applications specified in /home/wss/.vnc/xstartup Log file is /home/wss/.vnc/hpsl5:2.log [1]+ Done vncserver [...@hpsl5 ~]$ On remote machine (via ssh) the vnc server is activated, but the viewer seems to have the following behaviour: * for DISPLAY=:2.0, it seems to just hang * for DISPLAY=192.168.10.4:1.0 (host vnc), viewer cannot open the display * for DISPLAY=192.168.10.20.1.0 (remote vnc, using its IP), it further indicates refusal by server. sample scenario: [...@inteksl52 ~]$ vncserver New 'inteksl52:2 (wss)' desktop is inteksl52:2 Starting applications specified in /home/wss/.vnc/xstartup Log file is /home/wss/.vnc/inteksl52:2.log [...@inteksl52 ~]$ [...@inteksl52 ~]$ echo $DISPLAY [...@inteksl52 ~]$ export DISPLAY=:2.0 [...@inteksl52 ~]$ vncviewer & [1] 9162 [...@inteksl52 ~]$ VNC Viewer Free Edition 4.1.2 for X - built Feb 11 2009 12:55:24 Copyright (C) 2002-2005 RealVNC Ltd. See http://www.realvnc.com for information on VNC. [...@inteksl52 ~]$ echo $DISPLAY [...@inteksl52 ~]$ export DISPLAY=192.168.10.4:1.0 [...@inteksl52 ~]$ echo $DISPLAY 192.168.10.4:1.0 [...@inteksl52 ~]$ vncviewer & [1] 9528 [...@inteksl52 ~]$ VNC Viewer Free Edition 4.1.2 for X - built Feb 11 2009 12:55:24 Copyright (C) 2002-2005 RealVNC Ltd. See http://www.realvnc.com for information on VNC. vncviewer: unable to open display "192.168.10.4:1.0" [1]+ Exit 1 vncviewer [...@inteksl52 ~]$ [...@inteksl52 ~]$ export DISPLAY=192.168.10.20:1.0 [...@inteksl52 ~]$ vncviewer & [1] 9537 VNC Viewer Free Edition 4.1.2 for X - built Feb 11 2009 12:55:24 Copyright (C) 2002-2005 RealVNC Ltd. See http://www.realvnc.com for information on VNC. Xlib: connection to "192.168.10.20:1.0" refused by server Xlib: No protocol specified vncviewer: unable to open display "192.168.10.20:1.0" [1]+ Exit 1 vncviewer [...@inteksl52 ~]$ --- On Mon, 5/4/09, Troy Dawson <[email protected]> wrote: From: Troy Dawson <[email protected]> Subject: Re: Problems using X Windows Display To: "William Shu" <[email protected]> Cc: "[email protected]" <[email protected]> Date: Monday, May 4, 2009, 4:21 PM Hi, I'll just add a little to what Stephen said. Focus on getting #1 to work, which is to log into a remote machine and open a graphical window. It looks like you have all the right options on your client end, but you also have to have it enabled on the machine you are logging into. On the machine you are logging into, look at your /etc/ssh/sshd_config and look for the line X11Forwarding, and make sure it is yes, like so X11Forwarding yes You also have to make sure that xauth is installed. It is on most every machine that has X installed, but if you start with a stripped down server, sometimes you don't get xauth. To check (on SL5) just do rpm -q xorg-x11-xauth Also, for me, when I check to see what my display setting is, I always do echo $DISPLAY And it should come back something like localhost:10.0 That is because it's doing an ssh tunnel, so it thinks it's the localhost. Hope this helps Troy Stephen J. Gowdy wrote: > Hi William, > X displays usually are setup to enforce some sort of security. > Otherwise anyone would be able to read your password. > In case 1, was DISPLAY set on hpsl5 before you typed ssh? > I'm not sure case 2 is possible. You should use some sort of > conferencing system to allow remote users to see your display (like EVO). > For case 3 whoever is logged in the X-window should be allowed to > open windows. xauth is used normally to manage authorisation and you could > enable others to open windows on the local machine by extracting the > correct key from whoever has started the x-windows session. If I assume it > is wss, he would type something like; > >> xauth list > auth.list > > then wsshu would type; > >> xauth merge ~wss/auth.list > > assuming he is able to read that file. If not you should copy it somewhere > wsshu can read it. This probably only works till wss exits his X session. > Remember though, you are giving everything you type or see that other > user. > > regards, > > Stephen. > > On Sun, 3 May 2009, William Shu wrote: > >> I am having difficulties related to X Windowing system. Being a novice and basically overwhelmed by the X.org documentation. I present below the separate but related issues which can be summarised as: (1) displaying files from remote machines, possibly over secure shell; (2) projecting a window or entire screen onto *multiple* remote displays (monitors); and (3) using the same display when logged on as distinct users in xterm windows. >> >> In the example, I am on the host machine is hpsl5 (IP: 192.168.10.4) running SL5.0 and the remote machine is inteksl52 (192.168.10.20) running SL 5.2. >> >> Any assistance would be appreciated. >> >> >> >> >> ============================ ISSUE 1 ========================= >> >> Displaying *.pdf *.ps files from a remote machine using secure shell ssh -XY, whereas it used to work (in the distant past). I get the message: "Unable to open the diplay" . >> >> Even trying to open a specific display (192.168.10.4:0, on tinysl5) with the xlsfonts command, I still get the message "Unable to open the diplay". >> >> Unfortunately, I do not have a very clear idea how X works; the manpage X(7) is not too helpful, and dmesg does not issue any messages. >> >> Example output: >> >> [...@hpsl5 ~]$ ssh -XY [email protected] >> [email protected]'s password: >> Last login: Fri May 1 00:45:23 2009 from 192.168.10.4 >> [...@inteksl52 ~]$ printenv |grep -ie display >> [...@inteksl52 ~]$ dir *.ps >> tsi.comp.POST.SENT-13032007_pages25_26.ps >> [...@inteksl52 ~]$ gv tsi.comp.POST.SENT-13032007_pages25_26.ps & >> [1] 23151 >> [...@inteksl52 ~]$ gv: Unable to open the display. >> >> >> [...@inteksl52 ~]$ >> [...@inteksl52 ~]$ xlsfonts -fn '-*-*-*-*-*-*-0-0-0-0-*-0-*-*' >> xlsfonts: unable to open display '' >> usage: xlsfonts [-options] [-fn pattern] >> where options include: >> -l[l[l]] give long info about each font >> -m give character min and max bounds >> -C force columns >> -1 force single column >> -u keep output unsorted >> -o use OpenFont/QueryFont instead of ListFonts >> -w width maximum width for multiple columns >> -n columns number of columns if multi column >> -display displayname X server to contact >> -d displayname (alias for -display displayname) >> >> [...@inteksl52 ~]$ >> [...@inteksl52 ~]$ >> [...@inteksl52 ~]$ xlsfonts -d 192.168.10.4:0.0 -fn '-*-*-*-*-*-*-0-0-0-0-*-0-*-*' >> xlsfonts: unable to open display '192.168.10.4:0.0' >> usage: xlsfonts [-options] [-fn pattern] >> where options include: >> -l[l[l]] give long info about each font >> -m give character min and max bounds >> -C force columns >> -1 force single column >> -u keep output unsorted >> -o use OpenFont/QueryFont instead of ListFonts >> -w width maximum width for multiple columns >> -n columns number of columns if multi column >> -display displayname X server to contact >> -d displayname (alias for -display displayname) >> >> >> >> >> >> >> ============================ ISSUE 2 ========================= >> >> >> How can I display a given window (xterm, pdf file, etc.) on a number of remote terminal? For exmple, I would want that the pdf file I am scrolling through is also visible to my remote audience on their screens. >> >> This is probably related to ISSUE 1. >> >> >> >> >> >> >> ============================ ISSUE 3 ========================= >> >> How can I be logged in as 2 distinct users (e.g., wss and wsshu or root) in terminal windows and still be able to view files *.pdf and *.ps files or choose my X windows display? On some machines, I I can view the files, possibly with some complaints, but fails on others, complaining about being unable to open display. (Unfortunately I cannot reproduce the failure on this machine, in what is given below.) Xnest does not seem to permit it. How can I go about this? >> >> Example output: >> >> [...@hpsl5 ~]$ Xnest :1 >> >> >> [1]+ Stopped Xnest :1 >> [...@hpsl5 ~]$ bg >> [1]+ Xnest :1 & >> [...@hpsl5 ~]$ xterm -display :1 >> AUDIT: Mon May 4 01:59:19 2009: 27279 Xnest: client 1 rejected from local host >> Xlib: connection to ":1.0" refused by server >> Xlib: No protocol specified >> >> xterm Xt error: Can't open display: :1 >> [...@hpsl5 ~]$ su >> Password: >> [r...@hpsl5 wss]# xterm -display :1 >> AUDIT: Mon May 4 02:00:23 2009: 27279 Xnest: client 1 rejected from local host >> Xlib: connection to ":1.0" refused by server >> Xlib: No protocol specified >> >> Warning: This program is an suid-root program or is being run by the root user. >> The full text of the error or warning message cannot be safely formatted >> in this environment. You may get a more descriptive message by running the >> program as a non-root user or by removing the suid bit on the executable. >> xterm Xt error: Can't open display: %s >> [r...@hpsl5 wss]# exit >> exit >> [...@hpsl5 ~]$ su wsshu >> Password: >> [ws...@hpsl5 wss]$ xterm -display :1 >> AUDIT: Mon May 4 02:01:44 2009: 27279 Xnest: client 1 rejected from local host >> Xlib: connection to ":1.0" refused by server >> Xlib: No protocol specified >> >> xterm Xt error: Can't open display: :1 >> [ws...@hpsl5 wss]$ cd >> [ws...@hpsl5 ~]$ xterm -display :1 >> AUDIT: Mon May 4 02:02:33 2009: 27279 Xnest: client 1 rejected from local host >> Xlib: connection to ":1.0" refused by server >> Xlib: No protocol specified >> >> xterm Xt error: Can't open display: :1 >> [ws...@hpsl5 ~]$ Xnest :2 & >> [1] 27357 >> [ws...@hpsl5 ~]$ xterm -display :2 >> AUDIT: Mon May 4 02:03:07 2009: 27357 Xnest: client 1 rejected from local host >> Xlib: connection to ":2.0" refused by server >> Xlib: No protocol specified >> >> xterm Xt error: Can't open display: :2 >> [ws...@hpsl5 ~]$ evince icegov2008-registration-noCardDetails-wss.pdf & >> [2] 27386 >> [ws...@hpsl5 ~]$ >> (evince:27386): GnomeUI-WARNING **: While connecting to session manager: >> Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed. >> >> ** (evince:27386): WARNING **: Service registration failed. >> >> ** (evince:27386): WARNING **: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. >> >> [2]+ Done evince icegov2008-registration-noCardDetails-wss.pdf >> [ws...@hpsl5 ~]$ >> >> >> William. >> >> >> >> >> >> > -- __________________________________________________ Troy Dawson [email protected] (630)840-6468 Fermilab ComputingDivision/LCSI/CSI LMSS Group __________________________________________________
