Hi, yes I can run: hosta$ ssh -X hostb hostb$ /usr/openwin/bin/xclock
xclock is displayed correctly. The program I try to start when I get the X11Forwding problems is a graphical user interface for an application which can be controlled though command line to a certain degree. The program is using the display environment variable. It works great when I logon as the user who is owning the program´s executable file. It wont work when I logon as any other user. Below is ssh´s debug info. First i use ssh to connect from node2 to node4 and then I start the PROGRAM on node4. node2:/home/myuser> ssh -Xv node4 OpenSSH_4.3p2, OpenSSL 0.9.8d 28 Sep 2006 debug1: Reading configuration data /usr/local/etc/ssh_config debug1: Connecting to node4 [node4´s ipaddress] port 22. debug1: Connection established. debug1: identity file /home/myuser/.ssh/identity type -1 debug1: identity file /home/myuser/.ssh/id_rsa type -1 debug1: identity file /home/myuser/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'node4' is known and matches the RSA host key. debug1: Found key in /home/myuser/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /home/myuser/.ssh/identity debug1: Trying private key: /home/myuser/.ssh/id_rsa debug1: Trying private key: /home/myuser/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password [EMAIL PROTECTED]'s password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Requesting X11 forwarding with authentication spoofing. Last login: Mon May 7 15:20:11 2007 from node2 Oracle Home is set node4:/home/myuser> PROGRAM ( ...starting program here... ) node4:/home/myuser> debug1: client_input_channel_open: ctype x11 rchan 2 win 65536 max 16384 debug1: client_request_x11: request from 127.0.0.1 43646 debug1: channel 1: new [x11] debug1: confirm x11 debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384 debug1: client_request_x11: request from 127.0.0.1 43647 debug1: channel 2: new [x11] debug1: confirm x11 X11 connection rejected because of wrong authentication. debug1: channel 2: free: x11, nchannels 3 node:/home/myuser> Thanks -----Original Message----- From: Francois Bolduc [mailto:[EMAIL PROTECTED] Sent: den 27 april 2007 20:33 To: [email protected] Subject: RE: RE : RE : X11Forwarding problem on Solaris. Let's isolate SSH and X11 forwarding. Can you run: hosta$ ssh -X hostb hostb$ /usr/openwin/bin/xclock If this works, can you give a sample of the command you run that fails, or simply what the command is launching? François Bolduc Consultant FUJITSU CONSEIL (Canada) inc. Bureau : 613.238.2697 [EMAIL PROTECTED] From: Staffan Persson [mailto:[EMAIL PROTECTED]: Wed 4/25/2007 1:47 PMTo: Francois Bolduc; [EMAIL PROTECTED]: RE: RE : RE : X11Forwarding problem on Solaris. Hi, below is my answers on your questions. Q. What does your sshd config look like? A. My sshd_config file is stored in the following path: /usr/local/etc and the file´s content is: Port 22 Protocol 2,1 HostKey /usr/local/etc/ssh_host_key HostKey /usr/local/etc/ssh_host_rsa_key HostKey /usr/local/etc/ssh_host_dsa_key PermitRootLogin no StrictMode no RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile ssh/authorized_keys PasswordAuthentication yes PermitEmptyPasswords no X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes AcceptEnv yes PermitUserEnvironment Yes PermitTunnel yes Subsystem sftp /usr/local/libexec/sftp-server Q. Do you have any ssh_config files that might override global settings. Look in $HOME/.ssh A. I have a $HOME/.ssh directory and in that directory the file "known_hosts" is stored. Q. When X11 Forwarding is active you should also have a .Xauthority file created in your $HOME on the remote system. A. Yes, that is correct. Q. The DISPLAY variable also gets set by the SSH daemon automatically using the display offset set in the sshd_config. Are any of the ssh environment variables set? A. The following ssh environment variables is set: $ set | egrep "DISPLAY|SSH" DISPLAY=localhost:10.0 SSH_CLIENT='An_IP-Address-1 59129 22´ SSH_CONNECTION=''An_IP-Address-1 59129 An_IP-Address-2 22' SSH_TTY=/dev/pts/3 I´ve noticed that I miss the env variable SSH_AUTH_SOCK=/tmp/ssh-WIQT5070/agent.5070 that you have specified in the mail below. Thanks -----Original Message----- From: Francois Bolduc [mailto:[EMAIL PROTECTED] Sent: den 24 april 2007 20:41 To: [email protected] Subject: RE : RE : X11Forwarding problem on Solaris. What does your sshd config look like? $ egrep -v "^#|^$" /etc/ssh/sshd_config Do you have any ssh_config files that might override global settings. Look in $HOME/.ssh When X11 Forwarding is active you should also have a .Xauthority file created in your $HOME on the remote system. The DISPLAY variable also gets set by the SSH daemon automatically using the display offset set in the sshd_config. Are any of the ssh environment variables set? $ set | egrep "DISPLAY|SSH" DISPLAY=localhost:10.0 SSH_AUTH_SOCK=/tmp/ssh-WIQT5070/agent.5070 SSH_CLIENT='192.197.1.19 28001 22' SSH_CONNECTION='192.197.1.19 28001 192.168.0.22 22' SSH_TTY=/dev/pts/2 $ François Bolduc Consultant FUJITSU CONSEIL (Canada) inc. Bureau : 613.238.2697 [EMAIL PROTECTED] -------- Message d'origine-------- De: Staffan Persson [mailto:[EMAIL PROTECTED] Date: mar. 4/24/2007 11:57 À: Francois Bolduc; [email protected] Objet : RE: RE : X11Forwarding problem on Solaris. RE : X11Forwarding problem on Solaris.Hi, no I do not switch user before calling the application. I use a user account that normally can start the application when I logon to the specified node with telnet. It is only when I use ssh that this problem occur. Thanks Staffan -----Original Message----- From: Francois Bolduc [mailto:[EMAIL PROTECTED] Sent: den 23 april 2007 19:17 To: [email protected] Subject: RE : X11Forwarding problem on Solaris. Are you switching users on the remote system with su or sudo before calling the application? François Bolduc Consultant FUJITSU CONSEIL (Canada) inc. Bureau : 613.238.2697 [EMAIL PROTECTED] -------- Message d'origine-------- De: [EMAIL PROTECTED] de la part de Staffan Persson Date: sam. 4/21/2007 11:44 À: [email protected] Objet : X11Forwarding problem on Solaris. Hi, I have a X11 Forwarding problem with OpenSSH on Solaris. The problem occur when I logon from one unix node to another using OpenSSH with the following command: > ssh -X node2 And then when I try to start an application from node2 I almost immediately get the following error message: X11 connection rejected because of wrong authentication. X connection to localhost:10.0 broken (explicit kill or server shutdown). The problem seem to occur when I am an ordinary user which is not the owner of the executable file I try to run. When I logon as the file owner then everything works just fine. I have configured OpenSSH to support X11Forwarding with the following adjustments: /usr/local/etc/ssh_config ForwardX11 yes /usr/local/etc/sshd_config X11Forwarding yes Do you know what may cause this problem and what I can do to solve it? Thanks Rickard
