sshd failed to allocate X11 socket - why?
in [Solaris]
|
From: Thomas Maier-Komor on 13 Jan 2006 14:27 Alan Coopersmith wrote: > Thomas Maier-Komor <maierkom(a)lpr.e-technik.no-spam.tu-muenchen.de> writes in comp.unix.solaris: > |I got the following message in my syslog. > | > |Jan 13 16:44:53 anarmacil sshd[12316]: [ID 800047 auth.error] error: > |Failed to allocate internet-domain X11 display socket. > | > | > |What could the reason be for this?! In consequence the DISPLAY variable > |does not get set... > > Are all the ports around 6010 already in use? I know on Sun Ray servers > people have to set X11DisplayOffset in /etc/ssh/sshd_config to a high > enough number to avoid conflicting with the displays used by the Sun > Rays. (X display sockets are tcp port 6000+display_number, so the > usual ssh default display of :10 is 6010.) > no, there should be enough open ports. The machine is almost nothing to do... $ netstat -P tcp TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ----- ------ ------- anarmacil.32784 anarmacil.32774 49152 0 49152 0 ESTABLISHED anarmacil.32774 anarmacil.32784 49152 0 49152 0 ESTABLISHED anarmacil.961 nobody.nfsd 5840 0 49640 0 ESTABLISHED anarmacil.ssh ernie.lpr.e-technik.tu-muenchen.de.51970 15456 0 49232 0 ESTABLISHED anarmacil.964 aquila.lpr.e-technik.tu-muenchen.de.nfsd 49640 0 49640 0 ESTABLISHED anarmacil.32773 aquila.lpr.e-technik.tu-muenchen.de.46370 49640 0 49640 0 ESTABLISHED anarmacil.34878 aquila.lpr.e-technik.tu-muenchen.de.nfsd 49640 0 49640 0 TIME_WAIT anap.34879 aquilap.nfsd 49640 0 49640 0 TIME_WAIT anarmacil.34880 aquila.lpr.e-technik.tu-muenchen.de.nfsd 49640 0 49640 0 TIME_WAIT anap.34881 aquilap.nfsd 49640 0 49640 0 TIME_WAIT anap.960 aquilap.nfsd 49640 0 49640 0 ESTABLISHED anarmacil.ssh ernie.lpr.e-technik.tu-muenchen.de.51974 15456 0 49232 0 ESTABLISHED anarmacil.34876 nobody.997 5840 0 49640 0 TIME_WAIT anarmacil.34877 nobody.997 5840 0 49640 0 TIME_WAIT Active UNIX domain sockets Address Type Vnode Conn Local Addr Remote Addr 60001bedb08 stream-ord 600024a1d40 00000000 /var/run/atokserver/atokusermanagedaemon 60001bedc88 stream-ord 600024628c0 00000000 /var/run/jd_sockV6 60001bede08 stream-ord 60001be7400 00000000 /var/run/.inetd.uds This it the correct way to see all used tcp ports, isn't it? Tom
From: Dexthor on 13 Jan 2006 14:53 Did you check your sshd_config to allow "X11 forwarding" ?? Without this, it would autmatically suppress setting Display variable. Also, you must have your DISPLAY variable set before you establish the ssh tunnel, I think you are already doing it. You could post your sshd_config. -Dexthor.
From: Thomas Maier-Komor on 13 Jan 2006 16:41
Dexthor wrote: > Did you check your sshd_config to allow "X11 forwarding" ?? Without > this, it would autmatically suppress setting Display variable. Also, > you must have your DISPLAY variable set before you establish the ssh > tunnel, I think you are already doing it. > > You could post your sshd_config. > > -Dexthor. > both points check. But forget about it. I have restarted the machine now. It is now working. I had another problem for which I have already a case open, which disappeared now, too. The issue that I had is IMHO a bug in the upgrade software (I posted it a couple of hours ago on opensolaris' bug discussion list). On Solaris 9 and early /lib was a symlink to /usr/lib. So if one added an additional library path to crle with: $ crle -u -l /usr/local/lib one got a config file that included /usr/lib and /usr/local/lib as valid pathes for dynamic libraries. This was the case on this machine. The upgrade to Solaris 10 did not change that, but Solaris 10 now has a real /lib directory which is included in the default crle setup, but did not get updated in the modified version. After changing the crle setup to /lib:/usr/lib:/usr/local/lib (I have removed /usr/local/lib now, as it has become obsolete) everything works fine. I will check on Monday if the machine is now in a sane state an everything is OK to the last bit. If this is the case I will file a bug report in the case I have already opened. Cheers, Tom |