Re: X Forwarding via SSH
Leonid Podolny wrote: Hi, I have some weird ssh (X?) configuration issue I'm unable to resolve. Pretty standard scenario: I want to connect to the box A from the box B and run there X-based programs having the output forwarded to the box B via ssh tunnel. The /etc/ssh/sshd_config has "X11Forwarding yes" line in it. (at box A). And I run ssh with the '-X' switch. Both A and B are behind NAT, at different locations . However, there is static NAT mapping of port 22 to A, so I'm able to connect from B to A via ssh. However, when I try to run some X application I recieve the following error: _X11TransSocketOpen: socket() failed for tcp _X11TransSocketOpenCOTSClient: Unable to open socket for tcp _X11TransOpen: transport open failed for tcp/localhost:10 Error: Can't open display: localhost:10.0 Hope someone can help, L. When you connect via ssh, and you do "echo $DISPLAY", what is the output? Shachar -- Shachar Shemesh Open Source integration consultant Home page & resume - http://www.shemesh.biz/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: X Forwarding via SSH
-Original Message- From: Leonid Podolny [mailto:[EMAIL PROTECTED] [snip] > _X11TransSocketOpen: socket() failed for tcp > _X11TransSocketOpenCOTSClient: Unable to open socket for tcp > _X11TransOpen: transport open failed for tcp/localhost:10 > Error: Can't open display: localhost:10.0 > > Hope someone can help, L. Can you plese post the result of: ssh -v -n -X [EMAIL PROTECTED] xlogo Type the password if necessary. If the window opens, close it. Cut and paste the results and post here. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X Forwarding via SSH
> > > > > When you connect via ssh, and you do "echo $DISPLAY", what is the output? > > Shachar localhost:10.0 (It also appears at the error message I have previously sent) L. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: X Forwarding via SSH
On Mon, 17 Nov 2003, Arik Baratz wrote: > > Can you plese post the result of: > > ssh -v -n -X [EMAIL PROTECTED] xlogo > > Type the password if necessary. If the window opens, close it. Cut and paste the > results and post here. > > -- Arik kk -- Attached file included as plaintext by Listar -- -- File: out.log OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6k 30 Sep 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to x port 22. debug1: Connection established. debug1: identity file /home/leonid/.ssh/identity type -1 debug1: identity file /home/leonid/.ssh/id_rsa type -1 debug1: identity file /home/leonid/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2 debug1: match: OpenSSH_3.7.1p2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'localhost' is known and matches the RSA host key. debug1: Found key in /home/leonid/.ssh/known_hosts:2 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /home/leonid/.ssh/identity debug1: Trying private key: /home/leonid/.ssh/id_rsa debug1: Trying private key: /home/leonid/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Requesting X11 forwarding with authentication spoofing. debug1: Sending command: /usr/X11R6/bin/xlogo _X11TransSocketOpen: socket() failed for tcp debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 _X11TransSocketOpenCOTSClient: Unable to open socket for tcp _X11TransOpen: transport open failed for tcp/localhost:10 Error: Can't open display: localhost:10.0 debug1: channel 0: free: client-session, nchannels 1 debug1: fd 1 clearing O_NONBLOCK debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0 debug1: Exit status 1 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X Forwarding via SSH
Leonid Podolny wrote: On Mon, 17 Nov 2003, Arik Baratz wrote: Can you plese post the result of: ssh -v -n -X [EMAIL PROTECTED] xlogo Type the password if necessary. If the window opens, close it. Cut and paste the results and post here. -- Arik kk -- Attached file included as plaintext by Listar -- -- File: out.log OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6k 30 Sep 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to x port 22. debug1: Connection established. debug1: identity file /home/leonid/.ssh/identity type -1 debug1: identity file /home/leonid/.ssh/id_rsa type -1 debug1: identity file /home/leonid/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2 debug1: match: OpenSSH_3.7.1p2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'localhost' is known and matches the RSA host key. debug1: Found key in /home/leonid/.ssh/known_hosts:2 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /home/leonid/.ssh/identity debug1: Trying private key: /home/leonid/.ssh/id_rsa debug1: Trying private key: /home/leonid/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Requesting X11 forwarding with authentication spoofing. debug1: Sending command: /usr/X11R6/bin/xlogo _X11TransSocketOpen: socket() failed for tcp debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 _X11TransSocketOpenCOTSClient: Unable to open socket for tcp _X11TransOpen: transport open failed for tcp/localhost:10 Error: Can't open display: localhost:10.0 debug1: channel 0: free: client-session, nchannels 1 debug1: fd 1 clearing O_NONBLOCK debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0 debug1: Exit status 1 Is "xauth" installed on the remote machine? What does "echo $XAUTHORITY" give? Is there a ~/.Xauthority file? try running "xauth list" - what is the output? If you wish to obfuscate your IPs, at least indicate which is the server and which is the client IP you are using. -- Shachar Shemesh Open Source integration consultant Home page & resume - http://www.shemesh.biz/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X Forwarding via SSH
And one more thing to add to Shahar's, does your ".Xauthority" has the correct permissions for your user ? If user (leonid in your case) cannot read and write the file, then you will get permission denied error. Oleg. - Original Message - From: "Shachar Shemesh" <[EMAIL PROTECTED]> To: "Leonid Podolny" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, November 18, 2003 1:12 AM Subject: Re: X Forwarding via SSH > Leonid Podolny wrote: > > > > >On Mon, 17 Nov 2003, Arik Baratz wrote: > > > > > > > >>Can you plese post the result of: > >> > >>ssh -v -n -X [EMAIL PROTECTED] xlogo > >> > >>Type the password if necessary. If the window opens, close it. Cut and paste the results and post here. > >> > >>-- Arik > >> > >> > >kk > > > >-- Attached file included as plaintext by Listar -- > >-- File: out.log > > > >OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6k 30 Sep 2003 > >debug1: Reading configuration data /etc/ssh/ssh_config > > > >debug1: Connecting to x port 22. > > > >debug1: Connection established. > > > >debug1: identity file /home/leonid/.ssh/identity type -1 > > > >debug1: identity file /home/leonid/.ssh/id_rsa type -1 > > > >debug1: identity file /home/leonid/.ssh/id_dsa type -1 > > > >debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2 > > > >debug1: match: OpenSSH_3.7.1p2 pat OpenSSH* > > > >debug1: Enabling compatibility mode for protocol 2.0 > > > >debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2 > > > >debug1: SSH2_MSG_KEXINIT sent > > > >debug1: SSH2_MSG_KEXINIT received > > > >debug1: kex: server->client aes128-cbc hmac-md5 none > > > >debug1: kex: client->server aes128-cbc hmac-md5 none > > > >debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent > > > >debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > > > >debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > > > >debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > > > >debug1: Host 'localhost' is known and matches the RSA host key. > > > >debug1: Found key in /home/leonid/.ssh/known_hosts:2 > > > >debug1: ssh_rsa_verify: signature correct > > > >debug1: SSH2_MSG_NEWKEYS sent > > > >debug1: expecting SSH2_MSG_NEWKEYS > > > >debug1: SSH2_MSG_NEWKEYS received > > > >debug1: SSH2_MSG_SERVICE_REQUEST sent > > > >debug1: SSH2_MSG_SERVICE_ACCEPT received > > > >debug1: Authentications that can continue: publickey,password,keyboard-interactive > > > >debug1: Next authentication method: publickey > > > >debug1: Trying private key: /home/leonid/.ssh/identity > > > >debug1: Trying private key: /home/leonid/.ssh/id_rsa > > > >debug1: Trying private key: /home/leonid/.ssh/id_dsa > > > >debug1: Next authentication method: keyboard-interactive > > > >debug1: Authentications that can continue: publickey,password,keyboard-interactive > > > >debug1: Next authentication method: password > > > >debug1: Authentication succeeded (password). > > > >debug1: channel 0: new [client-session] > > > >debug1: Entering interactive session. > > > >debug1: Requesting X11 forwarding with authentication spoofing. > > > >debug1: Sending command: /usr/X11R6/bin/xlogo > > > >_X11TransSocketOpen: socket() failed for tcp > >debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 > > > >_X11TransSocketOpenCOTSClient: Unable to open socket for tcp > >_X11TransOpen: transport open failed for tcp/localhost:10 > >Error: Can't open display: localhost:10.0 > >debug1: channel 0: free: client-session, nchannels 1 > > > >debug1: fd 1 clearing O_NONBLOCK > > > >debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds > > > >debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0 > > > >debug1: Exit status 1 > > > > > Is "xauth" installed on the remote machine? > What does "echo $XAUTHORITY" give? > Is there a ~/.Xauthority file? > try running "xauth list" - what is the output? > > If you wish to obfuscate your IPs, at least indicate which is the server > and which is the client IP you are using. > > -- > Shachar Shemesh > Open Source integration consultant > Home page & resume - http://www.shemesh.biz/ > > > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > > = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: X Forwarding via SSH
-Original Message- From: Leonid Podolny [mailto:[EMAIL PROTECTED] [snip] > On Mon, 17 Nov 2003, Arik Baratz wrote: > > > > > Can you plese post the result of: > > > > ssh -v -n -X [EMAIL PROTECTED] xlogo > > > -- Attached file included as plaintext by Listar -- > -- File: out.log > > OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6k 30 Sep 2003 > debug1: Reading configuration data /etc/ssh/ssh_config [snip] > _X11TransSocketOpen: socket() failed for tcp Leonid, Can you please do ssh -X to the machine, and then: echo $DISPLAY will give you something along the lines of "localhost:10.0" Then take the number after the ':' (10 in this example) and add 6000 to it, and run telnet: telnet localhost 6010 Replace the 6010 with the number you got (if it's different than 10). Let us all know what that gives you - the exact error message. Can you also do iptables -L -v -n and mail the result? I'm assuming that the machine has iptables. The ipchains command is very similar. My current guess is that you have ipchains/iptables rules on computer "A" that prevent local users from connecting to port 6010 from localhost, but that needs to be confirmed. What's baffeling to me is that the error message mentions the socket() function rather than the connect() function as I would expect in the case that my assumption is correct. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X Forwarding via SSH
On Tue, Nov 18, 2003 at 12:32:56PM +0200, Arik Baratz wrote: > > -Original Message- > From: Leonid Podolny [mailto:[EMAIL PROTECTED] > [snip] > > > On Mon, 17 Nov 2003, Arik Baratz wrote: > > > > > > > > Can you plese post the result of: > > > > > > ssh -v -n -X [EMAIL PROTECTED] xlogo > > > > > > -- Attached file included as plaintext by Listar -- > > -- File: out.log > > > > OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6k 30 Sep 2003 > > debug1: Reading configuration data /etc/ssh/ssh_config > > [snip] > > > _X11TransSocketOpen: socket() failed for tcp > > Leonid, > > Can you please do ssh -X to the machine, and then: > > echo $DISPLAY > > will give you something along the lines of "localhost:10.0" > > Then take the number after the ':' (10 in this example) and add 6000 to it, and run > telnet: > > telnet localhost 6010 [I already took a look at this] telnet localhost 6010 indeed seems to open a tcp connection. Also note: the error is not: 'Error: Can't open display: localhost:10.0' > > Replace the 6010 with the number you got (if it's different than 10). Let us all > know what that gives you - the exact error message. > > Can you also do > > iptables -L -v -n > > and mail the result? I'm assuming that the machine has iptables. The ipchains > command is very similar. > > My current guess is that you have ipchains/iptables rules on computer > "A" that prevent local users from connecting to port 6010 from > localhost, but that needs to be confirmed. What's baffeling to me is > that the error message mentions the socket() function rather than the > connect() function as I would expect in the case that my assumption is > correct. -- Tzafrir Cohen +---+ http://www.technion.ac.il/~tzafrir/ |vim is a mutt's best friend| mailto:[EMAIL PROTECTED] +---+ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X Forwarding via SSH
Oleg Kobets wrote: And one more thing to add to Shahar's, does your ".Xauthority" has the correct permissions for your user ? If user (leonid in your case) cannot read and write the file, then you will get permission denied error. Oleg. [EMAIL PROTECTED] leonid $ ls -lh ./.Xauthority -rw---1 leonid users 100 Nov 18 13:48 ./.Xauthority [EMAIL PROTECTED] leonid $ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X Forwarding via SSH
Arik Baratz wrote: Leonid, Can you please do ssh -X to the machine, and then: echo $DISPLAY will give you something along the lines of "localhost:10.0" [EMAIL PROTECTED] leonid $ echo $DISPLAY localhost:10.0 [EMAIL PROTECTED] leonid $ Then take the number after the ':' (10 in this example) and add 6000 to it, and run telnet: telnet localhost 6010 [EMAIL PROTECTED] leonid $ su - Password: lenik root # netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:40000.0.0.0:* LISTEN 1121/mlnet tcp0 0 0.0.0.0:40010.0.0.0:* LISTEN 1121/mlnet tcp0 0 0.0.0.0:40020.0.0.0:* LISTEN 1121/mlnet tcp0 0 0.0.0.0:68820.0.0.0:* LISTEN 1121/mlnet tcp0 0 0.0.0.0:40800.0.0.0:* LISTEN 1121/mlnet tcp0 0 0.0.0.0:47210.0.0.0:* LISTEN 1121/mlnet tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1282/sshd tcp0 0 0.0.0.0:46620.0.0.0:* LISTEN 1121/mlnet tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1241/ tcp0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 31614/ Replace the 6010 with the number you got (if it's different than 10). Let us all know what that gives you - the exact error message. Can you also do iptables -L -v -n and mail the result? I'm assuming that the machine has iptables. The ipchains command is very similar. lenik root # iptables-save # Generated by iptables-save v1.2.8 on Tue Nov 18 13:50:24 2003 *filter :INPUT ACCEPT [7248:493703] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [7557:528586] COMMIT # Completed on Tue Nov 18 13:50:24 2003 lenik root # iptables -L -v -n Chain INPUT (policy ACCEPT 7295 packets, 497K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 7588 packets, 532K bytes) pkts bytes target prot opt in out source destination lenik root # My usual configuration of iptables allows all connections from localhost, but i removed all rules nevertheless for the testing, and no good. My current guess is that you have ipchains/iptables rules on computer "A" that prevent local users from connecting to port 6010 from localhost, but that needs to be confirmed. What's baffeling to me is that the error message mentions the socket() function rather than the connect() function as I would expect in the case that my assumption is correct. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** === To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X Forwarding via SSH
Shachar Shemesh wrote: Is "xauth" installed on the remote machine? [EMAIL PROTECTED] leonid $ which xauth /usr/X11R6/bin/xauth [EMAIL PROTECTED] leonid $ What does "echo $XAUTHORITY" give? There is no such variable. (?!) Is there a ~/.Xauthority file? [EMAIL PROTECTED] leonid $ ls ./.Xauthority -lh -rw---1 leonid users 100 Nov 18 14:23 ./.Xauthority [EMAIL PROTECTED] leonid $ try running "xauth list" - what is the output? [EMAIL PROTECTED] leonid $ xauth list lenik.lan:0 MIT-MAGIC-COOKIE-1 51442241782b5025c493d953c9e75284 lenik/unix:10 MIT-MAGIC-COOKIE-1 a44b010773d3ea6731c100fae04a338e [EMAIL PROTECTED] leonid $ "lenik" is the hostname of this computer. If you wish to obfuscate your IPs, at least indicate which is the server and which is the client IP you are using. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]