Can you run the first ssh command below with the -v option, so;
ssh -v -XY [log in to unmask]
?
For the vncviewer you should not modify the DISPLAY variable. You should
specify the report server on the command line;
vncviewer hpsl5:2
I've never used it but that is what the man page says. You'll either need
to open some ports in the firewall or try this (from the man page again,
not actually tried) to get it to create an ssh tunnel;
vncviewer -via hpsl5 localhost:2
On Mon, 4 May 2009, William Shu wrote:
> Thank you for all the suggestions. I have tried to make modifications as suggested on ISSUE 1, while trying to use vnc as my test case. No success yet. Grateful for further suggestions.
>
>
> Xforwarding:
> ------------
> Changed the Xforwarding to yes in /etc/ssh/sshd_config of remote machine (inteksl52):
>
> #X11Forwarding no
> X11Forwarding yes
>
> the client machine was already set (barring any surprise in changed notation):
>
> Host *
> ForwardX11Trusted yes
> ForwardX11 yes
>
> Host *.fnal.gov
> GSSAPIAuthentication yes
> GSSAPIDelegateCredentials yes
> ForwardX11Trusted yes
> ForwardX11 yes
>
>
> xauth and $DISPLAY:
> -------------------
> I have also checked for xauth and $DISPLAY on both machines.
> On host machine (hpsl5): xauth is available and DISPLAY is set to :0.0
> [wss@hpsl5 ~]$ rpm -q xorg-x11-xauth
> xorg-x11-xauth-1.0.1-2.1.i386
> [wss@hpsl5 ~]$ echo $DISPLAY
> :0.0
> [wss@hpsl5 ~]$
>
>
> On remote machine (inteksl52): xauth is available but DISPLAY is *not* set via secure shell. However, it is set to :0.0 if echoed from its own console.
> [wss@hpsl5 ~]$ ssh -XY [log in to unmask]
> [log in to unmask] password:
> Last login: Mon May 4 18:08:12 2009 from 192.168.10.4
> [wss@inteksl52 ~]$ echo $DISPLAY
>
> [wss@inteksl52 ~]$ rpm -q xorg-x11-xauth
> xorg-x11-xauth-1.0.1-2.1.i386
> [wss@inteksl52 ~]$
>
>
> vnc connection:
> ---------------
> vncviewer sees the vncserver if they are on the same host machine,but not accross machines or remotely (via ssh); it basically demonstrates the problem persists.
>
> On host machine:
>
> [wss@hpsl5 ~]$ echo $DISPLAY
> :0.0
> [wss@hpsl5 ~]$ vncserver &
> [1] 5300
> New 'hpsl5:2 (wss)' desktop is hpsl5:2
>
> Starting applications specified in /home/wss/.vnc/xstartup
> Log file is /home/wss/.vnc/hpsl5:2.log
>
>
> [1]+ Done vncserver
> [wss@hpsl5 ~]$
>
>
>
>
> On remote machine (via ssh) the vnc server is activated, but the viewer seems to have the following behaviour:
> * for DISPLAY=:2.0, it seems to just hang
> * for DISPLAY=192.168.10.4:1.0 (host vnc), viewer cannot open the display
> * for DISPLAY=192.168.10.20.1.0 (remote vnc, using its IP), it further indicates refusal by server.
>
> sample scenario:
>
> [wss@inteksl52 ~]$ vncserver
>
> New 'inteksl52:2 (wss)' desktop is inteksl52:2
>
> Starting applications specified in /home/wss/.vnc/xstartup
> Log file is /home/wss/.vnc/inteksl52:2.log
>
> [wss@inteksl52 ~]$
> [wss@inteksl52 ~]$ echo $DISPLAY
>
> [wss@inteksl52 ~]$ export DISPLAY=:2.0
> [wss@inteksl52 ~]$ vncviewer &
> [1] 9162
> [wss@inteksl52 ~]$
> VNC Viewer Free Edition 4.1.2 for X - built Feb 11 2009 12:55:24
> Copyright (C) 2002-2005 RealVNC Ltd.
> See http://www.realvnc.com for information on VNC.
>
>
> [wss@inteksl52 ~]$ echo $DISPLAY
>
> [wss@inteksl52 ~]$ export DISPLAY=192.168.10.4:1.0
> [wss@inteksl52 ~]$ echo $DISPLAY
> 192.168.10.4:1.0
> [wss@inteksl52 ~]$ vncviewer &
> [1] 9528
> [wss@inteksl52 ~]$
> VNC Viewer Free Edition 4.1.2 for X - built Feb 11 2009 12:55:24
> Copyright (C) 2002-2005 RealVNC Ltd.
> See http://www.realvnc.com for information on VNC.
> vncviewer: unable to open display "192.168.10.4:1.0"
>
> [1]+ Exit 1 vncviewer
> [wss@inteksl52 ~]$
> [wss@inteksl52 ~]$ export DISPLAY=192.168.10.20:1.0
> [wss@inteksl52 ~]$ vncviewer &
> [1] 9537
> VNC Viewer Free Edition 4.1.2 for X - built Feb 11 2009 12:55:24
> Copyright (C) 2002-2005 RealVNC Ltd.
> See http://www.realvnc.com for information on VNC.
> Xlib: connection to "192.168.10.20:1.0" refused by server
> Xlib: No protocol specified
>
> vncviewer: unable to open display "192.168.10.20:1.0"
>
> [1]+ Exit 1 vncviewer
> [wss@inteksl52 ~]$
>
>
>
> --- On Mon, 5/4/09, Troy Dawson <[log in to unmask]> wrote:
> From: Troy Dawson <[log in to unmask]>
> Subject: Re: Problems using X Windows Display
> To: "William Shu" <[log in to unmask]>
> Cc: "[log in to unmask]" <[log in to unmask]>
> Date: Monday, May 4, 2009, 4:21 PM
>
> Hi,
> I'll just add a little to what Stephen said. Focus on getting #1 to
> work, which is to log into a remote machine and open a graphical window.
>
> It looks like you have all the right options on your client end, but you
> also have to have it enabled on the machine you are logging into.
> On the machine you are logging into, look at your /etc/ssh/sshd_config
> and look for the line X11Forwarding, and make sure it is yes, like so
>
> X11Forwarding yes
>
> You also have to make sure that xauth is installed. It is on most every
> machine that has X installed, but if you start with a stripped down
> server, sometimes you don't get xauth. To check (on SL5) just do
>
> rpm -q xorg-x11-xauth
>
> Also, for me, when I check to see what my display setting is, I always do
>
> echo $DISPLAY
>
> And it should come back something like
>
> localhost:10.0
>
> That is because it's doing an ssh tunnel, so it thinks it's the
> localhost.
>
> Hope this helps
> Troy
>
> Stephen J. Gowdy wrote:
>> Hi William,
>> X displays usually are setup to enforce some sort of security.
>> Otherwise anyone would be able to read your password.
>> In case 1, was DISPLAY set on hpsl5 before you typed ssh?
>> I'm not sure case 2 is possible. You should use some sort of
>> conferencing system to allow remote users to see your display (like EVO).
>> For case 3 whoever is logged in the X-window should be allowed to
>> open windows. xauth is used normally to manage authorisation and you could
>
>> enable others to open windows on the local machine by extracting the
>> correct key from whoever has started the x-windows session. If I assume it
>
>> is wss, he would type something like;
>>
>>> xauth list > auth.list
>>
>> then wsshu would type;
>>
>>> xauth merge ~wss/auth.list
>>
>> assuming he is able to read that file. If not you should copy it somewhere
>
>> wsshu can read it. This probably only works till wss exits his X session.
>> Remember though, you are giving everything you type or see that other
>> user.
>>
>> regards,
>>
>> Stephen.
>>
>> On Sun, 3 May 2009, William Shu wrote:
>>
>>> I am having difficulties related to X Windowing system. Being a novice
> and basically overwhelmed by the X.org documentation. I present below the
> separate but related issues which can be summarised as: (1) displaying files
> from remote machines, possibly over secure shell; (2) projecting a window or
> entire screen onto *multiple* remote displays (monitors); and (3) using the same
> display when logged on as distinct users in xterm windows.
>>>
>>> In the example, I am on the host machine is hpsl5 (IP: 192.168.10.4)
> running SL5.0 and the remote machine is inteksl52 (192.168.10.20) running SL
> 5.2.
>>>
>>> Any assistance would be appreciated.
>>>
>>>
>>>
>>>
>>> ============================ ISSUE 1 =========================
>>>
>>> Displaying *.pdf *.ps files from a remote machine using secure shell
> ssh -XY, whereas it used to work (in the distant past). I get the message:
> "Unable to open the diplay" .
>>>
>>> Even trying to open a specific display (192.168.10.4:0, on tinysl5)
> with the xlsfonts command, I still get the message "Unable to open the
> diplay".
>>>
>>> Unfortunately, I do not have a very clear idea how X works; the
> manpage X(7) is not too helpful, and dmesg does not issue any messages.
>>>
>>> Example output:
>>>
>>> [wss@hpsl5 ~]$ ssh -XY [log in to unmask]
>>> [log in to unmask] password:
>>> Last login: Fri May 1 00:45:23 2009 from 192.168.10.4
>>> [wss@inteksl52 ~]$ printenv |grep -ie display
>>> [wss@inteksl52 ~]$ dir *.ps
>>> tsi.comp.POST.SENT-13032007_pages25_26.ps
>>> [wss@inteksl52 ~]$ gv tsi.comp.POST.SENT-13032007_pages25_26.ps &
>>> [1] 23151
>>> [wss@inteksl52 ~]$ gv: Unable to open the display.
>>>
>>>
>>> [wss@inteksl52 ~]$
>>> [wss@inteksl52 ~]$ xlsfonts -fn '-*-*-*-*-*-*-0-0-0-0-*-0-*-*'
>>> xlsfonts: unable to open display ''
>>> usage: xlsfonts [-options] [-fn pattern]
>>> where options include:
>>> -l[l[l]] give long info about each font
>>> -m give character min and max bounds
>>> -C force columns
>>> -1 force single column
>>> -u keep output unsorted
>>> -o use OpenFont/QueryFont instead of
> ListFonts
>>> -w width maximum width for multiple columns
>>> -n columns number of columns if multi column
>>> -display displayname X server to contact
>>> -d displayname (alias for -display displayname)
>>>
>>> [wss@inteksl52 ~]$
>>> [wss@inteksl52 ~]$
>>> [wss@inteksl52 ~]$ xlsfonts -d 192.168.10.4:0.0 -fn
> '-*-*-*-*-*-*-0-0-0-0-*-0-*-*'
>>> xlsfonts: unable to open display '192.168.10.4:0.0'
>>> usage: xlsfonts [-options] [-fn pattern]
>>> where options include:
>>> -l[l[l]] give long info about each font
>>> -m give character min and max bounds
>>> -C force columns
>>> -1 force single column
>>> -u keep output unsorted
>>> -o use OpenFont/QueryFont instead of
> ListFonts
>>> -w width maximum width for multiple columns
>>> -n columns number of columns if multi column
>>> -display displayname X server to contact
>>> -d displayname (alias for -display displayname)
>>>
>>>
>>>
>>>
>>>
>>>
>>> ============================ ISSUE 2 =========================
>>>
>>>
>>> How can I display a given window (xterm, pdf file, etc.) on a number
> of remote terminal? For exmple, I would want that the pdf file I am scrolling
> through is also visible to my remote audience on their screens.
>>>
>>> This is probably related to ISSUE 1.
>>>
>>>
>>>
>>>
>>>
>>>
>>> ============================ ISSUE 3 =========================
>>>
>>> How can I be logged in as 2 distinct users (e.g., wss and wsshu or
> root) in terminal windows and still be able to view files *.pdf and *.ps files
> or choose my X windows display? On some machines, I I can view the files,
> possibly with some complaints, but fails on others, complaining about being
> unable to open display. (Unfortunately I cannot reproduce the failure on this
> machine, in what is given below.) Xnest does not seem to permit it. How can I go
> about this?
>>>
>>> Example output:
>>>
>>> [wss@hpsl5 ~]$ Xnest :1
>>>
>>>
>>> [1]+ Stopped Xnest :1
>>> [wss@hpsl5 ~]$ bg
>>> [1]+ Xnest :1 &
>>> [wss@hpsl5 ~]$ xterm -display :1
>>> AUDIT: Mon May 4 01:59:19 2009: 27279 Xnest: client 1 rejected from
> local host
>>> Xlib: connection to ":1.0" refused by server
>>> Xlib: No protocol specified
>>>
>>> xterm Xt error: Can't open display: :1
>>> [wss@hpsl5 ~]$ su
>>> Password:
>>> [root@hpsl5 wss]# xterm -display :1
>>> AUDIT: Mon May 4 02:00:23 2009: 27279 Xnest: client 1 rejected from
> local host
>>> Xlib: connection to ":1.0" refused by server
>>> Xlib: No protocol specified
>>>
>>> Warning: This program is an suid-root program or is being run by the
> root user.
>>> The full text of the error or warning message cannot be safely
> formatted
>>> in this environment. You may get a more descriptive message by running
> the
>>> program as a non-root user or by removing the suid bit on the
> executable.
>>> xterm Xt error: Can't open display: %s
>>> [root@hpsl5 wss]# exit
>>> exit
>>> [wss@hpsl5 ~]$ su wsshu
>>> Password:
>>> [wsshu@hpsl5 wss]$ xterm -display :1
>>> AUDIT: Mon May 4 02:01:44 2009: 27279 Xnest: client 1 rejected from
> local host
>>> Xlib: connection to ":1.0" refused by server
>>> Xlib: No protocol specified
>>>
>>> xterm Xt error: Can't open display: :1
>>> [wsshu@hpsl5 wss]$ cd
>>> [wsshu@hpsl5 ~]$ xterm -display :1
>>> AUDIT: Mon May 4 02:02:33 2009: 27279 Xnest: client 1 rejected from
> local host
>>> Xlib: connection to ":1.0" refused by server
>>> Xlib: No protocol specified
>>>
>>> xterm Xt error: Can't open display: :1
>>> [wsshu@hpsl5 ~]$ Xnest :2 &
>>> [1] 27357
>>> [wsshu@hpsl5 ~]$ xterm -display :2
>>> AUDIT: Mon May 4 02:03:07 2009: 27357 Xnest: client 1 rejected from
> local host
>>> Xlib: connection to ":2.0" refused by server
>>> Xlib: No protocol specified
>>>
>>> xterm Xt error: Can't open display: :2
>>> [wsshu@hpsl5 ~]$ evince icegov2008-registration-noCardDetails-wss.pdf
> &
>>> [2] 27386
>>> [wsshu@hpsl5 ~]$
>>> (evince:27386): GnomeUI-WARNING **: While connecting to session
> manager:
>>> Authentication Rejected, reason : None of the authentication protocols
> specified are supported and host-based authentication failed.
>>>
>>> ** (evince:27386): WARNING **: Service registration failed.
>>>
>>> ** (evince:27386): WARNING **: Did not receive a reply. Possible
> causes include: the remote application did not send a reply, the message bus
> security policy blocked the reply, the reply timeout expired, or the network
> connection was broken.
>>>
>>> [2]+ Done evince
> icegov2008-registration-noCardDetails-wss.pdf
>>> [wsshu@hpsl5 ~]$
>>>
>>>
>>> William.
>>>
>>>
>>>
>>>
>>>
>>>
>>
>
>
>
--
/------------------------------------+-------------------------\
|Stephen J. Gowdy | CERN Office: 8-1-11|
|http://cern.ch/gowdy/ | CH-1211 Geneva 23 |
| | Switzerland |
|EMail: [log in to unmask] | Tel: +41 76 487 2215 |
\------------------------------------+-------------------------/
|
