Prev: Sudden X11 forwarding glitch - Can't open display "localhost:10.0"
Next: slack64 and /lib32 missing ?
From: Aaron W. Hsu on 7 Feb 2010 17:31
On Sun, 07 Feb 2010 15:54:38 -0500, Mike Jones <Not(a)arizona.bay> wrote:

> I've no idea what happened, but something is barfing my X11 forwarding
> all of a sudden. I'm getting Can't open display "localhost:10.0" for
>
> ssh -Y 192.168.1.1 X11app

A few points to note here. I see a lot of people using the -Y option, but
from everything that I've read and heard, that's asking for trouble, as
none of the appropriate security measures are taken to ensure that you
have a secure connection. The -X option is the one that enables these
security measures by default.

> Everything else works fine, console apps like Lynx, nano, etc. Its just
> the X11 apps that can't seen to get hold of the X11 display, even though
> everything worked fine a week ago (confirmed by client-machine use). The
> problem seems to be located on the server box as all clients and all
> accounts on the LAN are affected the same, no X11 apps suddenly.
>
> Where should I start looking for problems on this one? I've been checking
> through looking for any hack-glitches I might have introduced over the
> last week (since this problem appeared), but I can't recall fiddling with
> anything X11 or ssh related for while now.

When I run X11 Forwarding, I usually have to do two things. Firstly, I
have to make sure that I use the -X option, and secondly, I need to make
sure that connections to my localhost are enabled. That is, I need to make
sure that local non-loopback X11 connections are okay. I do this with
'xhost +localhost'. This usually works for me.

Aaron W. Hsu

--
A professor is one who talks in someone else's sleep.
From: Mike Jones on 7 Feb 2010 18:24
Responding to Aaron W. Hsu:

> On Sun, 07 Feb 2010 15:54:38 -0500, Mike Jones <Not(a)arizona.bay> wrote:
>
>> I've no idea what happened, but something is barfing my X11 forwarding
>> all of a sudden. I'm getting Can't open display "localhost:10.0" for
>>
>> ssh -Y 192.168.1.1 X11app
>
> A few points to note here. I see a lot of people using the -Y option,
> but
> from everything that I've read and heard, that's asking for trouble, as
> none of the appropriate security measures are taken to ensure that you
> have a secure connection. The -X option is the one that enables these
> security measures by default.
>
>> Everything else works fine, console apps like Lynx, nano, etc. Its just
>> the X11 apps that can't seen to get hold of the X11 display, even
>> though everything worked fine a week ago (confirmed by client-machine
>> use). The problem seems to be located on the server box as all clients
>> and all accounts on the LAN are affected the same, no X11 apps
>> suddenly.
>>
>> Where should I start looking for problems on this one? I've been
>> checking through looking for any hack-glitches I might have introduced
>> over the last week (since this problem appeared), but I can't recall
>> fiddling with anything X11 or ssh related for while now.
>
> When I run X11 Forwarding, I usually have to do two things. Firstly, I
> have to make sure that I use the -X option, and secondly, I need to make
> sure that connections to my localhost are enabled. That is, I need to
> make sure that local non-loopback X11 connections are okay. I do this
> with 'xhost +localhost'. This usually works for me.
>
> Aaron W. Hsu


1: The whole LAN sits behind a firewalled server box. No forwarding
outside the LAN occurs. Therefore, the -Y switch is acceptable in this
contained environment, and necessary for client machines to use server-
based internet apps via ssh.

2: Everything else works fine. All connections run and all non-X11
applications poerate as normal. The fault is a Can't open display
"localhost:10.0" one and its appearance is a mystery to me.

What I'm looking for here is what folks would be looking for if this
glitch suddenly occured on their LAN.

Cheers.

--
*=( http://www.thedailymash.co.uk/
*=( For all your UK news needs.
From: Bit Twister on 7 Feb 2010 18:54
On Sun, 07 Feb 2010 23:24:04 GMT, Mike Jones wrote:

I have yet to be forced to use -Y or -X

> What I'm looking for here is what folks would be looking for if this
> glitch suddenly occured on their LAN.


Check forwarding in ssh config file

$ grep -i forward /etc/ssh/sshd_config
#AllowAgentForwarding yes
#AllowTcpForwarding yes
X11Forwarding yes
# X11Forwarding no
# AllowTcpForwarding no

If I change anything reboot sshd daemon.

Verify I can ssh on local node and same on the target node.

$ xhost +localhost
$ ssh $USER(a)localhost
$ xterm
$ exit

Next try target machine by ip address.

$ xhost +target_machine_ip_addy_here
$ ssh $USER(a)target_machine_ip_addy_here
$ xterm
$ exit

Last, check for dns lookup problem.
$ xhost +target_machine_name_here
$ ssh $USER(a)target_machine_name_here
$ xterm
$ exit
From: Mike Jones on 7 Feb 2010 20:00
Responding to Bit Twister:

> On Sun, 07 Feb 2010 23:24:04 GMT, Mike Jones wrote:
>
> I have yet to be forced to use -Y or -X
>
>> What I'm looking for here is what folks would be looking for if this
>> glitch suddenly occured on their LAN.
>
>
> Check forwarding in ssh config file
>
> $ grep -i forward /etc/ssh/sshd_config #AllowAgentForwarding yes
> #AllowTcpForwarding yes
> X11Forwarding yes
> # X11Forwarding no
> # AllowTcpForwarding no
>
> If I change anything reboot sshd daemon.
>
> Verify I can ssh on local node and same on the target node.
>
> $ xhost +localhost
> $ ssh $USER(a)localhost
> $ xterm
> $ exit
>
> Next try target machine by ip address.
>
> $ xhost +target_machine_ip_addy_here
> $ ssh $USER(a)target_machine_ip_addy_here $ xterm
> $ exit
>
> Last, check for dns lookup problem.
> $ xhost +target_machine_name_here
> $ ssh $USER(a)target_machine_name_here
> $ xterm
> $ exit



Everything /except/ X11 apps is still working fine. The LAN uses static
IP addresses. All current client machines have the same X11 apps problem
(with the common server) at the same time. Something odd has happened on
the server box, and its got something to do with the display @ 10.0
thing, related to -X and -Y usage.

"ssh -t 192.168.1.1 nano" gets me nano.

"ssh -X 192.168.1.1 dillo" doesn't get me an expected "bad atom" fault.

"ssh -Y 192.168.1.1 dillo" gets Can't open display "localhost:10.0"

AFAICR I've done nothing that could cause a SNAFU here, and this has been
a problem for up to the last week, based on client reports of failure to
access X11 apps via ssh. I'm scratching for clues here.

--
*=( http://www.thedailymash.co.uk/
*=( For all your UK news needs.
From: Mike Jones on 8 Feb 2010 05:42
Responding to Henrik Carlqvist:

> Mike Jones <Not(a)Arizona.Bay> wrote:
>> I've no idea what happened, but something is barfing my X11 forwarding
>> all of a sudden. I'm getting Can't open display "localhost:10.0"
>
> Do you have your home directory on an NFS file system? Does some of your
> machines in the LAN run kernel 2.6.24 or newer? If so, you might have
> been bitten by a kernel bug:
> http://bugzilla.kernel.org/show_bug.cgi?id=12557
>
> regards Henrik


Not using NFS, but sshfs. As I mentioned before, there have been no
problems of this kind ever before, and suddenly, this week, "Can't open
display" becomes permanent. The patches in the URL you suggested look
interesting, as I'm using the standard S12.2 kernel (2.6.27.7), but the
behaviour pattern of this fault strongly suggests some other cause. this
is why I've thrown this to the NG, just in case anybody else had a "Oh
yeah, that one eh?" experience and a few tips on where to start looking
for glitches I may have intruduced without knowing it. Yes, I know nobody
else but me would know what I've fiddled with over the weeks\months
\years, but a process of "Check this, check that, check the other" might
be the thing that moves this one, as I'm now scratching my head wondering
what happened, clue-free. :(

Thanks for the URL BTW.

--
*=( http://www.thedailymash.co.uk/
*=( For all your UK news needs.
 |  Next  |  Last
Pages: 1 2 3 4
Prev: Sudden X11 forwarding glitch - Can't open display "localhost:10.0"
Next: slack64 and /lib32 missing ?