From: Jana Dunn (jana@scsr.nevada.edu)
Date: Tue Oct 21 2003 - 19:25:42 EDT
Sun Managers,
Last week I posted to sunmanagers about a problem tunnelling X11 through
ssh. In short, when I ssh'd to the server, the "proxy" display variable
wasn't set.
I figured it was a configuration problem with my Suns, and I was right.
I had compiled ssh (from http://www.ssh.com, version 3.2.5, non-commercial
version) from source code; when I initially ran the ./configure, it did
not find the appropriate X-related files and so didn't include them in. In
the configure output, I had "checking for X ... no" And then nothing
listed in the summary for X libraries or X includes.
I'll admit I hadn't read the configure output when I'd initially installed
ssh; I did
./configure
make
make install
I *did* have X libraries installed on the system; configure just couldn't
find them. By adding some echos into "configure", I found it that the
"find X" portion of configure indirectly uses /usr/ccs/lib/cpp; I have
(had) a copy of cpp in /usr/local/bin, but this utility was looking
for/using this particular copy of cpp using the full path name. The
"can't execute" error message goes to /dev/null when configure runs.
I also had a very incomplete set of X include files.
So, the solution is/was to install X headers (SUNWxwinc), cpp (SUNsprot),
and the list of X-related packages (nearly all of which I already had
installed) given to me by Sun Support (see below). Then I removed the
configure cache for ssh and reconfigured and recompiled. The client end
works now; I'll probably be working on the server end tomorrow.
----------------------
Other problems that someone else might have, but I DIDN'T have:
Make sure that xauth is in your/configure's path when you run configure or
put the path to xauth in ssh's configuration file.
(I had xauth in the path)
Make sure you have X forwarding enabled:
(I did this)
On the system where the Xserver runs (i.e. the display machine)
in /etc/ssh2/ssh2_config:
ForwardX11 yes
On the remote machine:
in /etc/ssh2/sshd2_config:
AllowX11Forwarding yes
If you compiled ssh with tcpwrappers support, make sure
that /etc/hosts.allow allows the traffic. (I didn't have tcpwrappers
compiled in.)
Check the flags you use for ssh. Based on the responses I received,
it looks like OpenSSH uses '-X' to mean ENABLE X11 forwarding;
the version of ssh I am using uses '-X' to mean DISABLE X11 forwarding.
I was using +x and +X.
Here is a man page chunk for this version of ssh:
+x Enable X11 connection forwarding (default). If X11
SECURITY extension is compiled in, treat the client
applications as untrusted (the effects of this depend
on your Xserver's security policy). See
TrustX11Applications in ssh2_config(5) for additional
details.
+X As above, but the client applications are treated as
trusted.
-x Disable X11 connection forwarding.
Here's the list of x-related packages given to me by Sun Support.
This is for Solaris 2.8.
SUNWowbcp
SUNWxwrtl
SUNWxwslb
SUNWxwplt
SUNWxwplx
SUNWxwrtx
SUNWxwpmn
SUNWmfrun
SUNWdtjxt
SUNWdtbax
SUNWolrte
SUNWxwopt
SUNWxwicx
SUNWxwice
SUNWxwslx
SUNWxwinc (include files)
SUNsprot (cpp)
Sun's info on X11 support:
http://docs.sun.com/db/doc/806-1363?q=%22X11%22
---------------
Other resources:
ssh FAQ:
http://www.uni-karlsruhe.de/~ig25/ssh-faq/
Secure Shell Knowledge Base (very basic instructions):
https://support.ssh.com/rqcustomer/servlet/login
1749 How to forward X11 applications on UNIX
1750 How to forward X11 applications using Windows client?
1751 How to forward X11 applications after su to root?
------------------------------------------------------
Jana Dunn
Telecom Analyst
SCS Telecom Engineering
University and Community College System of Nevada
Support Center: 775-784-HELP
jana@scsr.nevada.edu
http://netstats.scsr.nevada.edu/index.html
-------------------------------------------------------
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:20 EDT