Re: X tunneling

Belinda Dermody · ‎01-16-2006

I have two systems one in VA and the other Tx going through a firewall. As root I can connect via Putty to my HP system and start up a xterm and have it run/display on my HP system back here in VA.
But if I log into the TX system via Putty as sybase and try to run execute Xterm command I get the following error message on my terminal here in VA

Vail:/usr/sybase: xterm
Xlib: connection to "10.89.1.20:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
Error: Can't open display: 10.89.1.20:10.0
Error: Couldn't find per display information
Vail:/usr/sybase:

I do a echo $DISPLAY on both systems as root and sybase and they both come up as the same, I use the same Putty load configuration just log into the remote system as either root or sybase and I bring up the host X application on the local host as root and then sybase. In other words I do the same for either user and it works for root but not for sybase.

Ivan Ferreira · ‎01-16-2006

Normally, connection to "10.89.1.20:10.0" refused by server, these errors means that the is not authorized to use the display. If you where on a Unix client, you should have to issue the xhost command or xauth to permit the access.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Belinda Dermody · ‎01-16-2006

Question: Why does it work for root and not sybase ?????

Zinky · ‎01-16-2006

Where is the DISPLAY 10.89.1.20:10.0 ? On your VA HP-UX machine (which probly is an a Workstation with a Graphics Head/Full X) or a PC running a PC-based X-Server?

Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler

Sandman! · ‎01-16-2006

James,

What does the output of xhost show you?

# xhost

cheers!

Belinda Dermody · ‎01-16-2006

The 10.89.1.20:0.0 is displayed when I do a echo $DISPLAY on the remote system in TX (which I connect to via Putty and have X-tunneling turned on). I am running Kea-X application on my PC which I connect to my local HP server and the echo DISPLAY show my PC address plus .bcharrispub.com:0.0

Belinda Dermody · ‎01-16-2006

xhost command from my VA server...

$ xhost
access control disabled, clients can connect from any host

Zinky · ‎01-16-2006

As I suspect - you're using a PC based X-Server.

Somewhere in your Kea_X menus, you should have the option to set its security. Set it so the server you are connecting to is allowed to DISPLAY.

I am still wondering though - the error mesage in your post says 10.89.1.20:10.0. If Are you sure your Kea-X DISPLAY session is :0.0 or :10.0?

Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler

Ivan Ferreira · ‎01-16-2006

Ensure that you have configured:

X11Forwarding yes

In /opt/ssh/etc/sshd_config

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Belinda Dermody · ‎01-16-2006

Like I stated earlier, when I do the echo $DISPLAY when I root on the TX and the Va system they shown the same as the user sybase $DISPLAY.
sybase or root userid on TX server connection via Putty DISPLAY=10.89.1.20:10.0

sybase or root userid on VA server connection via Kea-X Terminal DISPLAY=.bcharrispub.com:0.0

Sandman! · ‎01-16-2006

James,

Maybe the problem lies with your .Xauthority file. What is your Remote X11 authentication protocol set to in PuTTY. It should match the one in your .Xauthority file for user sybase.

cheers!

Belinda Dermody · ‎01-16-2006

Xforwarding is set to yes other wise I wouldn't be able to bring up the xterm as root.

Zinky · ‎01-16-2006

Have you found that Kea-X setting for display security? What does it is set to? Can you try setting it to allow all to display?

The :10 I now understand to mean you have X11 forwarding indeed.

Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler

Belinda Dermody · ‎01-17-2006

Sorry guys, went home after a long day, but back at it. Nelson, the Kea-X security file would be the same for either the root account or the sybase account, because I bring up the local X application and login in as either root or sybase.

The error seems to be generated from the Remote site when I initiate the xterm from the putty session. I removed the .Xauthority file on the remote site for sybase user but I still get the same error and the .Xauthority file is re-created.

Zinky · ‎01-17-2006

If your sshd_config file indeed shows you have X11 Forwarding set to on (which the :10 in your echo of $DISPLAY indicates) -- then the problem may be exactly that.. your KeaX -- which DISPLAY is defaulted to :0. I wonder if KeaX has a facility for security to allow all acces for whatever DISPLAY instances -- i.e. :10 ?

Can you try:

ssh from your PC/Kea-X station as root
echo $DISPLAY
su - to Sybase
set DISPLAY to your PC/Kea-X machine's IP/DNS suffixed with :0.0
xterm

Also:

telnet (not PUTTY ssh) to the HP TX/VA machines as sybase
set DISPLAY to yourPC/Kea-X suffixed with :0.0
xterm

Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler

Belinda Dermody · ‎01-17-2006

Kind of understand what you stated Nelson, but what I do not understand is

The echo $DISPLAY results on the local and the remote host are EXACTLY the same as the userid of root and sybase.

We do not have telnet active for connection to TX, I can only get to it via ssh connection.

Zinky · ‎01-17-2006

"The echo $DISPLAY results on the local and the remote host are EXACTLY the same as the userid of root and sybase."

I am confused: when you say local - your VA HP-UX host? and remote means - your TX host? And this is with respect to your Kea-X pc?

Can you post exactly (cut and paste) the results of:

ssh to your TX or VA host as root
echo $DISPLAY
env |grep SSH

BTW, which node does IP 10.89.1.20 refer to? I don't think you've ever confirmed which machine is it.

Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler

Belinda Dermody · ‎01-17-2006

Nelson, appreciate all your assistance in this matter, it is really driving me grayer and grayer.

Tahoe: /root ssh 10.89.1.20 echo $DISPLAY
198.212.9.19:10.0

Tahoe: /root ssh 10.89.1.20 env |grep SSH
SSH_CONNECTION=198.212.9.19 64702 10.89.1.20 22
SSH_CLIENT=198.212.9.19 64702 22
Tahoe: /root

OK the 10.89.1.20 is in TX, and the local host is here in VA on Tahoe (where the Kea-X is running.

Zinky · ‎01-17-2006

James, I am a bit confused with your environment but I think we're closer.

"OK the 10.89.1.20 is in TX, and the local host is here in VA on Tahoe (where the Kea-X is running."

How do you establish your X-Windows environment via Kea-X? Correct me if I am wrong but it seems you:

Launch Kea-X on your PC (IP-?)
Connect (via SSH/Putty built into Kea-X?) to connect to your local host - TAHOE. xterm or Full CDE session.

Can you on Tahoe as root:

TAHOE:root# echo $DISPLAY

What does DISPLAY show?

From TAHOE, you ssh to that TX machine for which you get a DISPLAY of the TX machine with :20 - which is proof the TX machine has X11 forwarding.

Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler

Belinda Dermody · ‎01-17-2006

Nelson, sorry. I launch Kea-X from my pc and it is straight X connection to tahoe and I log in. I shows up as a straight /bin/sh connection

as root on my Kea-X (tahoe) session
echo $DISPLAY
va6its202061.bcharrispub.com:0.0

from root on tahoe
# ssh 10.89.1.20 echo $DISPLAY
va6its202061.bcharrispub.com:0.0
#

Sandman! · ‎01-17-2006

James,

One more question...how are you logging in locally as well as remotely? Are you logged in locally as root and remotely as sybase? Could you shed some more light on this aspect and explain the connection sequence. For example:

>>log in locally as root...su to sybase...ssh to the remote server box and log in as sybase...startup the xterm<<

Just a simple connection sequence like this, only for sybase not for root (as that's working).

cheers!

Zinky · ‎01-17-2006

James, I think we're very close..

"as root on my Kea-X (tahoe) session
echo $DISPLAY
va6its202061.bcharrispub.com:0.0

from root on tahoe
# ssh 10.89.1.20 echo $DISPLAY
va6its202061.bcharrispub.com:0.0"

Let's call 10.89.1.20 as TXSERVER.

Can you try doing a full ssh to TXSERVER and do an echo $DISPLAY instead of doing from TAHOE "ssh TXSERVER echo $DISPLAY"?

I see some inconsitency in your earlier post:

"Tahoe: /root ssh 10.89.1.20 echo $DISPLAY
198.212.9.19:10.0"

Once on TXSERVER(on your SSH session from TAHOE - which is an X-Terminal session from your PC) -- can you launch xterm as root?

Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler

Belinda Dermody · ‎01-17-2006

Ok, guys I just found a big thing that will keep me looking for awhile and I will let you know what I discovered. The SSH configuration and X tunneling on both system in TX and VA is correct and working. Because I just tested it as userid jmarrion and the Xterm pops back up here in Va, so now I believe it is something different with the userid of sybase and I will be checking the environments for that userid to see what would be causing this problem....

Belinda Dermody · ‎01-17-2006

The problem is the home directory for sybase on the TX system. It was set up in the passwd file to point to where sybase is installed /usr/sybase, I created a additional one in /home/sybase and copied over the .profile and other .files and the .ssh directory and made the correct permissions and changed the passwd file to point to this and everything came up correctly. Thank you all for the time and effort you spent with me...

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: X tunneling

X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling

Re: X tunneling