HPE Community
Operating System - HP-UX
1822231 Members
3922 Online
109642 Solutions
New Discussion юеВ

Re: X authentication question (points!)

 
SOLVED
Go to solution
Christian Deutsch_1
Esteemed Contributor

тАО07-09-2007 12:41 AM

тАО07-09-2007 12:41 AM

X authentication question (points!)

Hi folks,

I have 2 servers behind a firewall, wall17.

HP-UX server has tunnelled X connection (ssh -X) to my X server (a VNC X server).

I want to display an xclock window from a Solaris server (solserv) on my (tunnelled) HP-UX server's display. I did: xhost solserv on the HP-UX server and set DISPLAY on solserv to point to the HP-UX server's display, but when I tried to open xclock I got:

"X11 connection rejected because of wrong authentication." in the HP-UX server's terminal.

Can someone explain to me how I can get authentication to work here?

Points will be awarded for all helpful answers!

Thanks, Christian

P.S.I really want to get this to work, so trying to use solserv's tunnelled X connection is not a good option for me unless you have an idea how I can really speed that connection up.
Yeshua loves you!
0 Kudos
8 REPLIES 8
Steven E. Protter
Exalted Contributor

тАО07-09-2007 01:29 AM

тАО07-09-2007 01:29 AM

Re: X authentication question (points!)

Shalom,

Ideas:

xhost +
# Maybe there is a name resolution issue.
Does the user exist on both systems?
# Maybe it really is an authentication issue.
Check the syslog on the Solaris system.
# Always helpful
See about compressing the data stream with solserv's tunnelled X solution.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Christian Deutsch_1
Esteemed Contributor

тАО07-09-2007 01:46 AM

тАО07-09-2007 01:46 AM

Re: X authentication question (points!)

Shalom Steve,

syslog is empty.

But /var/adm/messages has:

Jul 6 11:27:01 tcsun15 sshd[566]: [ID 800047 auth.error] error: Bind to port 22 on :: failed: Address already in use.

But I couldn't figure out what that means.

In any event the solution for me for the time being was to download a new JRE version (1.6 vs. 1.4.2), maybe Java was the main problem anyway in my setup.

Thanks, Christian
Yeshua loves you!
0 Kudos
Ivan Ferreira
Honored Contributor

тАО07-09-2007 09:40 AM

тАО07-09-2007 09:40 AM

Re: X authentication question (points!)

Normally, just by using ssh -X should be enough, no xhost or DISPLAY commands needed.

Check your X11Forwarding option in ssh config file.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Ivan Ferreira
Honored Contributor

тАО07-09-2007 10:16 AM

тАО07-09-2007 10:16 AM

Re: X authentication question (points!)

Also, check the permissions and ownership of your $HOME/.Xauthority file.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Jov
Honored Contributor

тАО07-09-2007 11:09 AM

тАО07-09-2007 11:09 AM

Re: X authentication question (points!)

Can you clarify in your setup tou have 2 servers (HP-UX and Solaris) or 3 Servers (HP-UX, Solaris and your X-Server)??

Assuming the former, the problem is you're using Ssh X forwarding and you're setting your display as if there is not Ssh X forwarding/tunnelling.

When Ssh X (or any form of) tunnelling is configured, you have to set your display to locahost:.

Check which port X forward port is configured to start at in your sshd.conf file on your HP-UX server, then set the display for it, then run xclock.


Jov

0 Kudos
Christian Deutsch_1
Esteemed Contributor

тАО07-09-2007 06:54 PM

тАО07-09-2007 06:54 PM

Re: X authentication question (points!)

Ivan, I'm not sure you took enough time to understand the problem, maybe I did not express myself clearly enough. Permissions for .Xauthority are 600 root: on both systems (I am root on both systems). X tunnelling works fine for both Solaris and HP-UX systems but I thought maybe network throughput is better on the HP-UX system, that was why I wanted to try using the X DISPLAY on the HP-UX system (which is actually tunnelled using ssh, there is no X server running on the HP-UX system).

Jov, your assumption was wrong, I have 2 servers, HP-UX and Solaris, and an X server which is on a third system (tunnelled through the firewall to the HP-UX server using ssh).

As I mentioned in my previous reply to this post, I "fixed" the problem for now by updating my Java version on the Solaris server so I'm not in urgent need of an answer to the "X11 connection rejected" question. I just thought maybe someone would know right away what the problem might be.
Yeshua loves you!
0 Kudos
Heironimus
Honored Contributor

тАО07-10-2007 03:06 AM

тАО07-10-2007 03:06 AM

Solution

Re: X authentication question (points!)

If you have a connection to server1 with X forwarding your DISPLAY on server1 will usually be something like localhost:10.0. In that case you can not set your DISPLAY on another machine to server1:10.0 because the only forwarded X11 port will be on server1's loopback interface. Once you get ssh to forward on the external interface instead you'll have to export the xauth cookie on server1 and import it on server2 to grant server2 access to the fake X session ssh creates.

The basic idea of exporting your DISPLAY probably wouldn't have helped your problem anyway. Sending the display data directly from server2 to desktop or relaying through server1 will send the same amount of data over the wire, you just add a hop. Unless you're changing the network path in a significant way it would probably perform the same or slightly worse.

If network bandwidth really was the problem ssh compression might help. You could also tunnel a VNC client connection though ssh instead of the X connection, VNC sends less data than a native X11 client.
0 Kudos
Christian Deutsch_1
Esteemed Contributor

тАО07-10-2007 06:30 PM

тАО07-10-2007 06:30 PM

Re: X authentication question (points!)

Right on target, Heironimus, wonderful!

Thankyou!

On hpuxserv I did:

# xauth extract - hpuxserv:10.0 > /tmp/mitcookie.hpuxserv
# scp /tmp/mitcookie.hpuxserv solserv:/tmp

On solserv I did:

# xauth merge - < /tmp/mitcookie.hpuxserv
# DISPLAY=hpuxserv:10.0
# xclock
Yeshua loves you!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.