SUMMARY: OpenSsh 3.1p1 on Solaris 7 and 8 problem
2007-12-24 22:19:00
> I have OpenSsh 3.1p1 installed on Solaris 7 and Solaris 8 machines. On all
> machines I have X11 forwarding enabled, with
> ForwardAgent yes
> ForwardX11 yes
> in the /etc/ssh_config and
> X11Forwarding yes
> in the /etc/sshd_config.
>
> I am able to ssh to a remote system and run an X application. However, when
> I su to root I no longer am able. Ordinarily I would use "xauth list" to
> determine the magic cookie from the display, but that does not work:
>
> (~) shalmaneser 53 % xclock
> (the X application works fine)
> (~) shalmaneser 54 % ssh srvns1
> (~) srvns1 51 % xclock
> (the X application works fine)
> (~) srvns1 52 % echo $DISPLAY
> localhost:13.1
> (~) srvns1 53 % xauth list localhost:13.1
>
> (nothing is returned. localhost:13 does not exist. However, grep-ing on the
> string ":13" returns two hits in the .Xauthority file:)
>
> (~) srvns1 54 % xauth list | grep ":13"
> srvns1/unix:13 MIT-MAGIC-COOKIE-1 611a4835e65cce94312ac15a8e32d836
> srvns1.cbot.com:13 MIT-MAGIC-COOKIE-1 65d6090ac2dfd4c46a06dc98b7b9f963
> (~) srvns1 55 % /bin/su -
> Password:
> Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001
>
> (as root, I add both of these cookies, in case either of them will work)
>
> srvns1!/ >> xauth add srvns1/unix:13 MIT-MAGIC-COOKIE-1 611a4835e65cce94312ac15a8e32d836
> srvns1!/ >> xauth add srvns1.cbot.com:13 MIT-MAGIC-COOKIE-1 65d6090ac2dfd4c46a06dc98b7b9f963
> srvns1!/ >> export DISPLAY=srvns1.cbot.com:13
> srvns1!/ >> xclock
> Error: Can't open display: srvns1.cbot.com:13
> srvns1!/ >> export DISPLAY=srvns1/unix:13
> srvns1!/ >> xclock
> Error: Can't open display: srvns1/unix:13
>
> as you can see, neither of those display names will work. I should mention
> that this did work in older versions of OpenSSH (3.0.2p1, 2.9.9p1, 2.9p1,
> 2.5.1p1, yadda yadda yadda) but has now broken with this release. I believe
> that the problem lies with the fact that DISPLAY is "localhost":something,
> and that string is not in the .Xauthority file. But that is just a guess.
> Does anyone have any suggestions on getting this to work again?
The answer:
add
X11UseLocalhost no
to the /etc/sshd_config. This is something new with version 3.1. It is not
one of the commented-out lines in the default sshd_config file, but it is in
the sshd manpage. My bad for missing it.
Thanks to:
sullivan at cs.uoregon.edu
Steve Zinck <sz at nerd.ca>
John Horne <J.Horne at plymouth.ac.uk>
Dan Astoorian <djast at cs.toronto.edu>
system administration account <sysadmin at astro.su.se>
+-----------------------------------------------------------------------+
| Christopher L. Barnard O When I was a boy I was told that |
| cbarnard at tsg.cbot.com / \ anybody could become president. |
| (312) 347-4901 O---O Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
Comments
Got something to say?
You must be logged in to post a comment.
