https://community.hpe.com/t5/operating-system-openvms/x11-forwarding-problem/m-p/3285374#M29135 hi,<BR /><BR />X11 forwarding is a standard feature in SSH v2.<BR />According to the TCPIP/SSH manual it is configured by setting AllowX11Forwarding yes<BR />in SYS$SYSDEVICE:[TCPIP$SSH.SSH2]SSHD2_CONFIG.; config file.<BR /><BR />Now ssh v2 sessions should have X11 forwarding supported - it means that X applications should be tunnelled over SSH connection to client host X display.<BR /><BR />It is important to note that DISPLAY should not be set. It will cause that X communication will not go through SSH tunnel, but beside, and will be unencrypted. <BR /><BR />DEC AXPVMS TCPIP V5.4-15 on an OpenVMS V7.3-2 works as it should during initial SSH session:<BR /><BR />ALPHAF_ZAY_PRIV $ sh disp<BR />%DECW-W-OPENIN, error opening alphaf.essnet.se:13.0 as input -SYSTEM-F-IVDEVNAM, invalid device name<BR /> <BR />Even if display reports warning. DISPLAY is "valid" and it is possible top start some X application. For example:<BR /><BR />ALPHAF_ZAY_PRIV $ cre/term/deta<BR /><BR />Let examine the DISPLAY variable in new, child window:<BR /><BR />ALPHAF_ZAY_PRIV $ sh disp<BR />%DECW-W-OPENIN, error opening DECW$DISPLAY as input -SYSTEM-W-NOSUCHDEV, no such device available<BR /><BR />There is no DISPLAY. It was not inherited from parent session, therefore next attempt will fail:<BR /><BR />ALPHAF_ZAY_PRIV $ cre/term/deta<BR />%DECW-E-CANT_OPEN_DISPL, Can't open display<BR /><BR />If we set up DISPLAY in child session, then it is possible to use X applications, but they go unencrypted beside the SSH tunnel.<BR /><BR />This behaviour is always reproducible and cause serious security problems dfor sensitive X applications.<BR /><BR />Do I something wrong or it is "just" a bug?<BR /><BR />Thank you in advance.<BR /><BR />Regards, Z Mon, 24 May 2004 19:12:59 GMT Zoltan Arpadffy_1 2004-05-24T19:12:59Z https://community.hpe.com/t5/operating-system-openvms/x11-forwarding-problem/m-p/3285374#M29135 hi,<BR /><BR />X11 forwarding is a standard feature in SSH v2.<BR />According to the TCPIP/SSH manual it is configured by setting AllowX11Forwarding yes<BR />in SYS$SYSDEVICE:[TCPIP$SSH.SSH2]SSHD2_CONFIG.; config file.<BR /><BR />Now ssh v2 sessions should have X11 forwarding supported - it means that X applications should be tunnelled over SSH connection to client host X display.<BR /><BR />It is important to note that DISPLAY should not be set. It will cause that X communication will not go through SSH tunnel, but beside, and will be unencrypted. <BR /><BR />DEC AXPVMS TCPIP V5.4-15 on an OpenVMS V7.3-2 works as it should during initial SSH session:<BR /><BR />ALPHAF_ZAY_PRIV $ sh disp<BR />%DECW-W-OPENIN, error opening alphaf.essnet.se:13.0 as input -SYSTEM-F-IVDEVNAM, invalid device name<BR /> <BR />Even if display reports warning. DISPLAY is "valid" and it is possible top start some X application. For example:<BR /><BR />ALPHAF_ZAY_PRIV $ cre/term/deta<BR /><BR />Let examine the DISPLAY variable in new, child window:<BR /><BR />ALPHAF_ZAY_PRIV $ sh disp<BR />%DECW-W-OPENIN, error opening DECW$DISPLAY as input -SYSTEM-W-NOSUCHDEV, no such device available<BR /><BR />There is no DISPLAY. It was not inherited from parent session, therefore next attempt will fail:<BR /><BR />ALPHAF_ZAY_PRIV $ cre/term/deta<BR />%DECW-E-CANT_OPEN_DISPL, Can't open display<BR /><BR />If we set up DISPLAY in child session, then it is possible to use X applications, but they go unencrypted beside the SSH tunnel.<BR /><BR />This behaviour is always reproducible and cause serious security problems dfor sensitive X applications.<BR /><BR />Do I something wrong or it is "just" a bug?<BR /><BR />Thank you in advance.<BR /><BR />Regards, Z Mon, 24 May 2004 19:12:59 GMT https://community.hpe.com/t5/operating-system-openvms/x11-forwarding-problem/m-p/3285374#M29135 Zoltan Arpadffy_1 2004-05-24T19:12:59Z https://community.hpe.com/t5/operating-system-openvms/x11-forwarding-problem/m-p/3285375#M29136 I can explain some of the DECwindows behaviour.<BR /><BR />&gt;ALPHAF_ZAY_PRIV $ sh disp <BR />&gt;%DECW-W-OPENIN, error opening alphaf.essnet.se:13.0 as input -SYSTEM-F-IVDEVNAM, invalid device name<BR /><BR />If you do a SHOW LOGICAL DECW$DISPLAY I expect you will see it defined as <BR /><BR />"alphaf.essnet.se:13.0"<BR /><BR />DECwindows allows you to use DECW$DISPLAY as either a WS* display device or a string. The SHOW DISPLAY command only copes with display devices and not string format. <BR /><BR />It looks like starting a terminal won't pass a display logical as string to the created terminal.<BR /><BR />If you do a:<BR /><BR />SET DISPLAY/CREATE/NODE=alphaf.essnet.se/server=13/screen=0 <BR />then you should be connected through the secure channel thereafter. <BR /><BR />You will need a command file that can parse the display string into its parts to set this display device since the server number may vary between invocations.<BR /><BR />Regards,<BR /><BR />Martin Kirby Tue, 25 May 2004 03:09:04 GMT https://community.hpe.com/t5/operating-system-openvms/x11-forwarding-problem/m-p/3285375#M29136 Martin Kirby 2004-05-25T03:09:04Z https://community.hpe.com/t5/operating-system-openvms/x11-forwarding-problem/m-p/3285376#M29137 Thank you... it works as you described.<BR /><BR />Regards, Z Tue, 25 May 2004 14:10:16 GMT https://community.hpe.com/t5/operating-system-openvms/x11-forwarding-problem/m-p/3285376#M29137 Zoltan Arpadffy_1 2004-05-25T14:10:16Z