SUSE / openSUSE This Forum is for the discussion of Suse Linux.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
09-25-2005, 12:37 PM
#1
Member
Registered: Dec 2003
Location: Canada
Distribution: openSUSE Tumbleweed
Posts: 209
Rep:
ssh -X....
hi
i use suse 9.3
i have a router (dlink)
on my router, i set a Virtual Server to access ssh
from the net, i able to connect to my computer with ssh
i tried to ssh -X
but when i try to start
xclock
i get
Error: Can't open display:
printenv DISPLAY show me nothing
if i use xhost + before to connect, i get the same result...
X11Forwarding is set to yes
my firewall is closed
if i use my computer, try to with ssh with my ip router adress (ssh forward to my computer), i get the same result... ssh work but can't start a X application...
any idea?
09-25-2005, 01:10 PM
#2
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
Is X forwarding enabled on the server?
Did you try setting the display number manually?
09-25-2005, 01:12 PM
#3
Member
Registered: Sep 2005
Posts: 115
Rep:
I've wondered this too....
If using an SSH tunnel, does the X port need to be opened on the router? or does all traffic travel "inside" the ssh tunnel?
09-25-2005, 01:15 PM
#4
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
Using X forwarding and ssh will use the ssh tunnel to transmit the data so no ports should need opened unless the client machine is blocking loopback connections.
09-25-2005, 01:28 PM
#5
Member
Registered: Dec 2003
Location: Canada
Distribution: openSUSE Tumbleweed
Posts: 209
Original Poster
Rep:
Quote:
Originally posted by david_ross
Is X forwarding enabled on the server?
Did you try setting the display number manually?
sshd_config
Code:
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
PermitRootLogin no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
ssh_config
Code:
Host *
# ForwardAgent no
ForwardX11 yes
where i need to set the display number on the client or server?
how to do it?
09-25-2005, 01:58 PM
#6
Senior Member
Registered: Aug 2005
Posts: 1,755
Rep:
Did you try "ssh -Y"?
09-25-2005, 02:13 PM
#7
Member
Registered: Dec 2003
Location: Canada
Distribution: openSUSE Tumbleweed
Posts: 209
Original Poster
Rep:
Quote:
Originally posted by spooon
Did you try "ssh -Y"?
ya and i get the same thing....
09-27-2005, 11:58 AM
#8
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
Can you post the output from:
netstat -nlp
iptables -nL
on the X client.
09-27-2005, 07:49 PM
#9
Member
Registered: Dec 2003
Location: Canada
Distribution: openSUSE Tumbleweed
Posts: 209
Original Poster
Rep:
Quote:
Originally posted by david_ross
Can you post the output from:
netstat -nlp
iptables -nL
on the X client.
collinm@ws101:~> netstat -nlp
Code:
(Tous les processus ne peuvent être identifiés, les infos sur les processus
non possédés ne seront pas affichées, vous devez être root pour les voir toutes.)
Connexions Internet actives (seulement serveurs)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN -
udp 0 0 0.0.0.0:631 0.0.0.0:* -
udp 0 0 192.168.0.101:123 0.0.0.0:* -
udp 0 0 127.0.0.1:123 0.0.0.0:* -
udp 0 0 0.0.0.0:123 0.0.0.0:* -
udp 0 0 :::177 :::* -
udp 0 0 :::123 :::* -
Sockets du domaine UNIX actives(seulement serveurs)
Proto RefCpt Indicatrs Type Etat I-Node PID/Program name Chemin
unix 2 [ ACC ] STREAM LISTENING 20122 7475/kdeinit Runnin /tmp/ksocket-collinm/kdeinit-:0
unix 2 [ ACC ] STREAM LISTENING 10588 - /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 20205 7495/klauncher [kde /tmp/ksocket-collinm/klauncherhJSRQa.slave-socket
unix 2 [ ACC ] STREAM LISTENING 20336 7512/artsd /tmp/ksocket-collinm/ws101.ltsp-1d58-4339e46c
unix 2 [ ACC ] STREAM LISTENING 17338 - /var/run/.resmgr_socket
unix 2 [ ACC ] STREAM LISTENING 18866 - /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 18079 - /var/run/xdmctl/dmctl/socket
unix 2 [ ACC ] STREAM LISTENING 18088 - /var/run/xdmctl/dmctl-:0/socket
unix 2 [ ACC ] STREAM LISTENING 18911 - /var/run/powersave_socket
unix 2 [ ACC ] STREAM LISTENING 18915 - /var/run/powersave_clientsocket
unix 2 [ ACC ] STREAM LISTENING 19014 - /var/run/nscd/socket
unix 2 [ ACC ] STREAM LISTENING 20120 7475/kdeinit Runnin /tmp/ksocket-collinm/kdeinit__0
unix 2 [ ACC ] STREAM LISTENING 20185 7490/dcopserver [kd /tmp/.ICE-unix/dcop7490-1127867496
unix 2 [ ACC ] STREAM LISTENING 20329 7515/ksmserver [kde /tmp/.ICE-unix/7515
unix 2 [ ACC ] STREAM LISTENING 18084 - /tmp/.X11-unix/X
ws101:/home/collinm # iptables -nL
Code:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
input_ext all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-OUT-ERROR '
Chain forward_ext (0 references)
target prot opt source destination
Chain input_ext (1 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 code 2
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 5
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
reject_func tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:69
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT-INV '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain reject_func (1 references)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable
09-28-2005, 12:19 PM
#10
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
Looking at the netstat output there isn't a listening X connection.
Perhaps with more verbose information we could see the problem:
ssh -vvvX user@remotehost
09-28-2005, 12:20 PM
#11
Member
Registered: Sep 2005
Posts: 115
Rep:
try this:
xhost + on local
ssh -X remote
export DISPLAY=localIP:0 (or 1)
xclock
09-28-2005, 01:31 PM
#12
Member
Registered: Dec 2003
Location: Canada
Distribution: openSUSE Tumbleweed
Posts: 209
Original Poster
Rep:
Quote:
Originally posted by david_ross
Looking at the netstat output there isn't a listening X connection.
Perhaps with more verbose information we could see the problem:
ssh -vvvX user@remotehost
ok no problem
Code:
collinm@ws101:~> ssh -vvX user@xx.xx.xx.xx
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 70.80.139.21 [70.80.139.21] port 22.
debug1: Connection established.
debug1: identity file /home/collinm/.ssh/identity type -1
debug1: identity file /home/collinm/.ssh/id_rsa type -1
debug1: identity file /home/collinm/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-gro
up1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijnda
el-cbc@lysator.liu.se ,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijnda
el-cbc@lysator.liu.se ,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md
5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md
5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-gro
up1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijnda
el-cbc@lysator.liu.se ,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijnda
el-cbc@lysator.liu.se ,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md
5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md
5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 126/256
debug2: bits set: 487/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '70.80.139.21' is known and matches the RSA host key.
debug1: Found key in /home/collinm/.ssh/known_hosts:2
debug2: bits set: 524/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/collinm/.ssh/identity ((nil))
debug2: key: /home/collinm/.ssh/id_rsa ((nil))
debug2: key: /home/collinm/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/collinm/.ssh/identity
debug1: Trying private key: /home/collinm/.ssh/id_rsa
debug1: Trying private key: /home/collinm/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: x11_get_proto: /usr/X11R6/bin/xauth list :0 . 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 0
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 0
debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 0
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
All times are GMT -5. The time now is 12:58 PM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
Latest Threads
LQ News