Hi folks,
I've got a problem with X11 forwarding on an AIX 5.2 system thats stumped
me.
I've installed the same patched + compiled installp package on all our aix
boxes
but one of them won't play ball with X11
ssh -X -v -v user at host gives (grepped out X11 looking lines)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: ssh_session2_setup: id 0
debug2: channel 0: request pty-req
debug2: x11_get_proto: /usr/bin/X11/xauth list :0.0 . 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req
debug2: channel 0: request shell
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
... MOTD displayed OK
$> xclock
debug1: client_input_channel_open: ctype x11 rchan 2 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 33027
debug2: fd 7 setting O_NONBLOCK
debug2: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: write failed
debug2: channel 1: close_write
debug2: channel 1: output open -> closed
debug2: X11 closed 1 i3/o3
debug2: channel 1: send close
debug2: channel 1: rcvd close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
X connection to localhost:12.0 broken (explicit kill or server shutdown).
$> xauth list
1356-364 xauth: creating new authority file
/hpcx/home/z002/z002/ade45/.Xauthority
$> xauth list
1356-364 xauth: creating new authority file
/hpcx/home/z002/z002/ade45/.Xauthority
$> which xauth
/usr/bin/X11/xauth
$> lslpp -w /usr/lpp/X11/bin/xauth
File Fileset Type
----------------------------------------------------------------------------
/usr/lpp/X11/bin/xauth X11.apps.config File
$> lslpp -L X11.apps.config
Fileset Level State Type Description (Uninstaller)
----------------------------------------------------------------------------
X11.apps.config 5.2.0.0 C F AIXwindows Configuration
Applications
I'm tempted to point my finger of blame at xauth as it doesn't seem to
create an xauth
entry for my login session on this host. (the others are fine)
The one difference between this and all the others though is this host has
an X display
running locally (the others are p690 LPARS)
Should I try and put a wrapper round xauth to see if it at least gets
called?
or am I looking in the wrong place?
Many thanks
(oh, and the reason I'm not on 3.8.1p is because with Darren Tuckers patches
the users get notification that their password will expire (even if they
choose to ignore it...))
Andrew
Answering my own posts... After much swearing and trussing I figured out the problem - we have an sshrc that checks which users are allowed on and gives them the "kill -9" treatment if they're not supposed to be logged on. moving it out the way made X11 work again, looks like i'll need to make it a bit cleaner at what stage is sshrc called re privsep and xauth setup? Many thanks Andrew
Elwell, AD (Andrew) wrote:> I've got a problem with X11 forwarding on an AIX 5.2 system thats stumped > me.[...]> I'm tempted to point my finger of blame at xauth as it doesn't seem to > create an xauth > entry for my login session on this host. (the others are fine)I suspect xauth can't create the .Xauthority file for some reason (perms?). Try truss'ing xauth (yes, 5.2 has truss!) [...]> (oh, and the reason I'm not on 3.8.1p is because with Darren Tuckers patches > the users get notification that their password will expire (even if they > choose to ignore it...))I said I'd forward-port that part to post-3.8 (just a patch, it's unlikely ever be in the main tree) but I haven't been bugged too much about it :-) -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.