xclock Error: Can't open display: - after upgrading to openSSH 5.2p1
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
xclock Error: Can't open display: - after upgrading to openSSH 5.2p1
I have got two servers apssvrX and apssvrZ on OEL. Both were built by the same team using their standard build scripts.
Having received the servers I had installed Oracle (ODI) product on it successfully.
Then as a part of requirement and as per Oracle support's advise, I had upgraded the ssh version on apssvrX server from OpenSSH_4.3p2 To OpenSSH_5.2p1, so that, I can implement the chroot jailing.
As per Oracle advise, I had downloaded the 3 RPMs from "_http://layer1.rack911.com/openssh/rhel5/x86_64/" to run them on my first server i.e., apssvrX and then configured the sshd services following the below steps:
****************************
****************************
a) Modify /etc/ssh/sshd_config to comment the below line:
# ------------
#Subsystem sftp /usr/libexec/openssh/sftp-server
# ------------
b) Add below lines:
# ----------------------------
Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
# -----------------------------
Then lastly, Restart sshd services complete the configuration
# /etc/init.d/sshd restart
****************************
****************************
apssvrX server current details are as below:
apssvrX$ uname -a
Linux apssvrX 2.6.18-128.el5 #1 SMP Wed Jan 21 08:45:05 EST 2009 x86_64 x86_64 x86_64 GNU/Linux
My problems started from this point onwards. I want to install another Oracle product using OUI, but when I try to execute xclock using the Exceed HummingBird tool on apssvrX server then it fails with the error - (xclock) Error: Can't open display:
I tried the DISPLAY variable setup as well but to no use.
Whereas I can successfully execute the xclock on apssvrZ and OUI as well. Its config details are as below:
apssvrZ$ uname -a
Linux apssvrZ 2.6.18-128.el5 #1 SMP Wed Jan 21 08:45:05 EST 2009 x86_64 x86_64 x86_64 GNU/Linux
Sorry I didn't mention it in my first post. I had already tried the "X11Forwarding Yes" by commenting out the sftp jailing configuration, restarted the sshd and tried to login yet no luck.
Below is the sshd_config of the server where I am facing the xclock issue:
[root@apssvrX]# cat /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
## Commented the sftp jailing configuration - troubleshooting xclock
## ----------------------------
##Subsystem sftp internal-sftp
##Match Group sftponly
## ChrootDirectory %h
## X11Forwarding no
## AllowTcpForwarding no
## ForceCommand internal-sftp
With deadlines nearing to complete the testing, I finally had to revert the SSH package from 5.2p1 to 4.3p2. And guess what, once it moved back to OpenSSH_4.3p2, I could execute the xclock.
I think i can now say that, the X Windows/OUI doesnot work on OEL5u3 which has OpenSSH_5.2p1.
Thanks to all who tried to advise on this thread.
I will post another thread to know, the SSH version that will help me implement SFTP chroot jailing on OEL5u3.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.