RE: RE : RE : X11Forwarding problem on Solaris.



Hi,
yes "other user" has execution permission on the executable file.
It looks like this for the directory:
drwxrwxrwx

and for the file:
-rwxrwxr-x


-----Original Message-----
From: Vincenzo Sciarra [mailto:vincenzo.sciarra@xxxxxxxxx]
Sent: den 9 maj 2007 10:57
To: Staffan Persson
Subject: Re: RE : RE : X11Forwarding problem on Solaris.


It works great when I
logon as the user who is owning the program´s executable file. It wont
work
when I logon as any other user.


Has "other user" execution permission on executable file and related
library?




2007/5/7, Staffan Persson <s.persson@xxxxxxx>:
Hi,
yes I can run:

hosta$ ssh -X hostb
hostb$ /usr/openwin/bin/xclock

xclock is displayed correctly.

The program I try to start when I get the X11Forwding problems is a
graphical user interface for an application which can be controlled though
command line to a certain degree.
The program is using the display environment variable. It works great when
I
logon as the user who is owning the program´s executable file. It wont
work
when I logon as any other user.

Below is ssh´s debug info.
First i use ssh to connect from node2 to node4 and then I start the
PROGRAM
on node4.

node2:/home/myuser> ssh -Xv node4
OpenSSH_4.3p2, OpenSSL 0.9.8d 28 Sep 2006
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to node4 [node4´s ipaddress] port 22.
debug1: Connection established.
debug1: identity file /home/myuser/.ssh/identity type -1
debug1: identity file /home/myuser/.ssh/id_rsa type -1
debug1: identity file /home/myuser/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_43
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'node4' is known and matches the RSA host key.
debug1: Found key in /home/myuser/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/myuser/.ssh/identity
debug1: Trying private key: /home/myuser/.ssh/id_rsa
debug1: Trying private key: /home/myuser/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: password
myuser@node4's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
Last login: Mon May 7 15:20:11 2007 from node2
Oracle Home is set

node4:/home/myuser> PROGRAM ( ...starting program here... )
node4:/home/myuser> debug1: client_input_channel_open: ctype x11 rchan 2
win
65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 43646
debug1: channel 1: new [x11]
debug1: confirm x11
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 43647
debug1: channel 2: new [x11]
debug1: confirm x11
X11 connection rejected because of wrong authentication.
debug1: channel 2: free: x11, nchannels 3
node:/home/myuser>

Thanks


-----Original Message-----
From: Francois Bolduc [mailto:Francois.Bolduc@xxxxxxxxxxxxxx]
Sent: den 27 april 2007 20:33
To: secureshell@xxxxxxxxxxxxxxxxx
Subject: RE: RE : RE : X11Forwarding problem on Solaris.


Let's isolate SSH and X11 forwarding. Can you run:

hosta$ ssh -X hostb
hostb$ /usr/openwin/bin/xclock

If this works, can you give a sample of the command you run that fails, or
simply what the command is launching?
François Bolduc
Consultant
FUJITSU CONSEIL (Canada) inc.
Bureau : 613.238.2697
francois.bolduc@xxxxxxxxxxxxxx
From: Staffan Persson [mailto:s.persson@xxxxxxx]Sent: Wed 4/25/2007 1:47
PMTo: Francois Bolduc; secureshell@xxxxxxxxxxxxxxxxxxxxxxxx: RE: RE : RE :
X11Forwarding problem on Solaris.
Hi,
below is my answers on your questions.

Q. What does your sshd config look like?

A. My sshd_config file is stored in the following path:
/usr/local/etc

and the file´s content is:

Port 22
Protocol 2,1
HostKey /usr/local/etc/ssh_host_key
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_dsa_key
PermitRootLogin no
StrictMode no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile ssh/authorized_keys
PasswordAuthentication yes
PermitEmptyPasswords no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
AcceptEnv yes
PermitUserEnvironment Yes
PermitTunnel yes
Subsystem sftp /usr/local/libexec/sftp-server


Q. Do you have any ssh_config files that might override global settings


Relevant Pages

  • X11 connection rejected because of wrong authentication
    ... synopsys, however, I see "X11 connection rejected because of wrong ... debug1: Connection established. ... debug1: Next authentication method: publickey ... debug1: Trying private key: /cygdrive/c/Documents and ...
    (comp.security.ssh)
  • firefox of ssh x11
    ... with X11 forwarding. ... debug1: Reading configuration data /etc/ssh/ssh_config ... Rhosts Authentication disabled, originating port will not be trusted. ... debug1: channel 0: new ...
    (comp.os.linux.misc)
  • X11 forwarding problem
    ... I am trying to use ssh X11 forwarding to launch an X application(CM Synergy ... debug1: Rhosts Authentication disabled, ... debug1: channel 0: new ... using fake authentication data for X11 forwarding. ...
    (comp.security.ssh)
  • Key-based authentication in SSH with Sun Directory Server 6.3 (On Solaris 10 client)
    ... I'm having problems with key-based authentication on one of my Solaris ... debug1: Connection established. ... # rlogin service (explicit because of pam_rhost_auth) ... # Default definitions for Authentication management ...
    (comp.unix.solaris)
  • LDAP Authentication via SSH
    ... authenticate via SSH to the LDAP server. ... debug1: Connecting to ldapclient.domain port 22. ... debug1: Next authentication method: keyboard-interactive ... # rlogin service (explicit because of pam_rhost_auth) ...
    (SunManagers)