Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: 'X11 forwarding' SSHD assigns already used port
Operating Systems HP-UX 'X11 forwarding' SSHD assigns already used port Post 302266930 by piooooter on Thursday 11th of December 2008 10:18:01 AM
Old 12-11-2008
'X11 forwarding' SSHD assigns already used port
Hi,

We've been facing a strange issue. Clients use X11 forwarding via SSH on HP server and sometimes the same DISPLAY is assigned to two (maybe more) sessions. As a result, some users can't open their applications, and some have their windows redirected to somebody else.

It looks as if sshd was not aware of the ports already assigned to other sessions.

# netstat -an | egrep -e "LISTEN|TIME_WAIT" | awk '{ if($4 ~ /\*\.60[0-9]{2}/) print }' | sort
tcp 0 0 *.6010 *.* LISTEN
tcp 0 0 *.6010 *.* LISTEN
tcp 0 0 *.6011 *.* LISTEN
tcp 0 0 *.6011 *.* LISTEN
tcp 0 0 *.6012 *.* LISTEN
tcp 0 0 *.6012 *.* LISTEN
tcp 0 0 *.6013 *.* LISTEN
tcp 0 0 *.6013 *.* LISTEN
tcp 0 0 *.6014 *.* LISTEN
tcp 0 0 *.6014 *.* LISTEN
tcp 0 0 *.6015 *.* LISTEN

Did anybody experience a similar problem?

Software versions are as follows:
- OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
- HP-UX Secure Shell-A.04.30.007, HP-UX Secure Shell version
- HP-UX B.11.23 U ia64 0920657533 unlimited-user license

Kind Regards,
Pit
 

10 More Discussions You Might Find Interesting

1. OS X (Apple)

ssh forwarding to X11

Hi, I have issues with running graphical interfaces on my computer being remotely logged into a network via the -X option of ssh. My .cshrc shows DISPLAY=hostname:0 and I think there should be a different number instead of the 0. I changed the ssh_config file already to 'X11 forwarding yes', which... (0 Replies)
Discussion started by: ginese
0 Replies

2. Debian

X11 Forwarding Problem

I have 2 Debian boxes. In my ssh.com client and my putty client, I have X11 fowarding turned on for both boxes. When I connect one, I can xterm with no problem back to my pc. On the other, I keep getting: xterm Xt error: Can't open display: xterm: DISPLAY is not set On both... (3 Replies)
Discussion started by: natter
3 Replies

3. UNIX for Dummies Questions & Answers

X11 forwarding not working

Hi, I am using Putty, enabled SSH X11 forwarding and entered the X11 display location as "localhost:0". However I encountered the following error: ------------------------------------ # xclock & 2941 # X connection to localhost:10.0 broken (explicit kill or server shutdown). + Exit 1... (4 Replies)
Discussion started by: panggou
4 Replies

4. Red Hat

X11 forwarding problem between 2 RHEL4 machines with SSH

X11 forwarding problem between 2 RHEL4 machines with SSH Already configured the following on both machines under /etc/ssh Under sshd_config: UsePAM no AllowTcpForwarding yes Under ssh_config: ForwardAgent yes ForwardX11 yes ForwardX11Trusted yes ----------------------------- Using... (1 Reply)
Discussion started by: panggou
1 Replies

5. UNIX for Dummies Questions & Answers

X11 forwarding does not work after networking change

Hi all I'm having an issue with X11 Forwarding I have a VM set up on my computer which I usually "ssh -X" to over a home network (192.168.1.*). Client 192.168.1.100 Server 192.168.1.103 This worked perfectly fine for X11 forwarding. However I am not at home now (and have no access to... (2 Replies)
Discussion started by: grahambo2005
2 Replies

6. UNIX for Dummies Questions & Answers

Problem with X11 Forwarding

Hello. I installed a Debian box, and its installed remotely. I need to boot up iceweasel from there to do a quick test. I log on using: ssh root@<IP> -X I have modified the /etc/ssh/sshd_config file, and added the X11Forwarding yes flag And yet I still get: Error: cannot open... (10 Replies)
Discussion started by: dynelight
10 Replies

7. Red Hat

X11 forwarding through a tunnel

Is it possible to launch an X11 application and have it use an X11 server on the other side of a bastion host? Specifically, here's my setup: my laptop ------------- bastion -------------- remote host I have putty installed on my laptop. The bastion is rhel 6.5 and the remote host is... (1 Reply)
Discussion started by: tsreyb
1 Replies

8. IP Networking

Force SSH session without/disabling X11 forwarding.

I would like to disable X11 session forcefully. I have tried the following things: 1. Setting appropriate DISPLAY variable in the /etc/environment file to be "0.0" 2. I have tried setting the sshd_config parameter X11Forwarding to be "no" This session communication is happening by exchanging... (2 Replies)
Discussion started by: vaibhavvsk
2 Replies

9. UNIX for Beginners Questions & Answers

X11 forwarding issues

Unable to get X11 activated on my login even after Unix admin has enabled it (2 Replies)
Discussion started by: tomsayer1977
2 Replies

10. Red Hat

X11 forwarding doesn't work

hi, I'm trying to run a bash script that starts GUI. Though it says application started when I run this bash script doesn't show up any GUI. Here is what I've tried so far and please let me know if I'm missing something with the X11 set up here. cat /etc/redhat-release Red Hat Enterprise... (8 Replies)
Discussion started by: fop4658
8 Replies

LEARN ABOUT SUSE

conch

CONCH(1)						    BSD General Commands Manual 						  CONCH(1)

NAME

     conch -- Conch SSH client

SYNOPSIS

     conch [-AaCfINnrsTtVvx] [-c cipher_spec] [-e escape_char] [-i identity_file] [-K connection_spec] [-L port:host:hostport] [-l user]
	   [-m mac_spec] [-o openssh_option] [-p port] [-R port:host:hostport] [user@] hostname [command]

DESCRIPTION

     conch is a SSHv2 client for logging into a remote machine and executing commands.	It provides encrypted and secure communications across a
     possibly insecure network.  Arbitrary TCP/IP ports can also be forwarded over the secure connection.

     conch connects and logs into hostname (as user or the current username).  The user must prove her/his identity through a public-key or a
     password.	Alternatively, if a connection is already open to a server, a new shell can be opened over the connection without having to reau-
     thenticate.

     If command is specified, command is executed instead of a shell.  If the -s option is given, command is treated as an SSHv2 subsystem name.

   Authentication
     Conch supports the public-key, keyboard-interactive, and password authentications.

     The public-key method allows the RSA or DSA algorithm to be used.	The client uses his/her private key, $HOME/.ssh/id_rsa or
     $HOME/.ssh/id_dsa to sign the session identifier, known only by the client and server.  The server checks that the matching public key is
     valid for the user, and that the signature is correct.

     If public-key authentication fails, conch can authenticate by sending an encrypted password over the connection.

   Connection sharing
     conch has the ability to multiplex multiple shells, commands and TCP/IP ports over the same secure connection.  To disable multiplexing for a
     connection, use the -I flag.

     The -K option determines how the client connects to the remote host.  It is a comma-separated list of the methods to use, in order of prefer-
     ence.  The two connection methods are 'unix' (for connecting over a multiplexed connection) and 'direct' (to connect directly).  To disable
     connecting over a multiplexed connection, do not include 'unix' in the preference list.

     As an example of how connection sharing works, to speed up CVS over SSH:

     conch --noshell --fork -l cvs_user cvs_host
     set CVS_RSH=conch

     Now, when CVS connects to cvs_host as cvs_user, instead of making a new connection to the server, conch will add a new channel to the exist-
     ing connection.  This saves the cost of repeatedly negotiating the cryptography and authentication.

     The options are as follows:

     -A      Enables authentication agent forwarding.

     -a      Disables authentication agent forwarding (default).

     -C      Enable compression.

     -c cipher_spec
	     Selects encryption algorithms to be used for this connection, as a comma-separated list of ciphers in order of preference.  The list
	     that conch supports is (in order of default preference): aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc,
	     cast128-ctr, cast128-cbc, blowfish-ctr, blowfish, idea-ctr, idea-cbc, 3des-ctr, 3des-cbc.

     -e ch | ^ch | none
	     Sets the escape character for sessions with a PTY (default: '~').	The escape character is only recognized at the beginning of a line
	     (after a newline).  The escape character followed by a dot ('.') closes the connection; followed by ^Z suspends the connection; and
	     followed by the escape character sends the escape character once.	Setting the character to ``none'' disables any escapes.

     -f      Fork to background after authentication.

     -I      Do not allow connection sharing over this connection.

     -i identity_spec
	     The file from which the identity (private key) for RSA or DSA authentication is read.  The defaults are $HOME/.ssh/id_rsa and
	     $HOME/.ssh/id_dsa.  It is possible to use this option more than once to use more than one private key.

     -K connection_spec
	     Selects methods for connection to the server, as a comma-separated list of methods in order of preference.  See Connection sharing
	     for more information.

     -L port:host:hostport
	     Specifies that the given port on the client host is to be forwarded to the given host and port on the remote side.  This allocates a
	     socket to listen to port on the local side, and when connections are made to that socket, they are forwarded over the secure channel
	     and a connection is made to host port hostport from the remote machine.  Only root can forward privieged ports.

     -l user
	     Log in using this username.

     -m mac_spec
	     Selects MAC (message authentication code) algorithms, as a comma-separated list in order of preference.  The list that conch supports
	     is (in order of preference): hmac-sha1, hmac-md5.

     -N      Do not execute a shell or command.

     -n      Redirect input from /dev/null.

     -o openssh_option
	     Ignored OpenSSH options.

     -p port
	     The port to connect to on the server.

     -R port:host:hostport
	     Specifies that the given port on the remote host is to be forwarded to the given host and port on the local side.	This allocates a
	     socket to listen to port on the remote side, and when connections are made to that socket, they are forwarded over the secure channel
	     and a connection is made to host port hostport from the client host.  Only root can forward privieged ports.

     -s      Reconnect to the server if the connection is lost.

     -s      Invoke command (mandatory) as a SSHv2 subsystem.

     -T      Do not allocate a TTY.

     -t      Allocate a TTY even if command is given.

     -V      Display version number only.

     -v      Log to stderr.

     -x      Disable X11 connection forwarding (default).

AUTHOR

     Written by Paul Swartz <z3p@twistedmatrix.com>.

REPORTING BUGS

     To report a bug, visit http://twistedmatrix.com/bugs/

COPYRIGHT

     Copyright (C) 2002-2008 Twisted Matrix Laboratories.
     This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
     PURPOSE.

SEE ALSO

     ssh(1)

BSD
								   May 22, 2004 							       BSD
All times are GMT -4. The time now is 02:35 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy