Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

What port does X11 Forwarding with SSH use?

Posted on 2013-01-17
16
Medium Priority
?
3,613 Views
Last Modified: 2013-02-14
I'm using Putty and Xming on Windows to connect to an AIX box.  I'm connecting via SSH, but when I launch an application, it always comes back to the Windows box on port 6000.

I know 6000 is default for X11, but I thought the app would come to the Windows system on port 22 since it's using SSH.

Please advise.  I'm working hard to understand this.
0
Comment
Question by:fuze44
  • 8
  • 6
  • 2
16 Comments
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 300 total points
ID: 38790362
It looks like that your X11 S/W and ssh are not configured properly on the windows side.

Check your putty and Xming config for X11 tunneling / forwarding.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38792037
Make sure that PuTTY's X11 forwarding is enabled.

Configuration -> SSH -> X11 -> tick "Enable X11 forwarding". Leave "X display location" empty.

Make sure that all settings are saved in the session profile.

Once you're logged in to your target host, check the DISPLAY variable.

It should be: "localhost:10.0"

Never ever set the DISPLAY variable to something else (e. g. to the address of your Windows machine, as you would do without SSH tunneling).
0
 

Author Comment

by:fuze44
ID: 38795191
I have done all of that, but when $DISPLAY shows to be localhost:10.0 no windows will open.  

Xming (the Windows X Server) is using display 0.  Should it be changed to 10?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 68

Accepted Solution

by:
woolmilkporc earned 1200 total points
ID: 38797150
No,

localhost:10.0 is quite correct with Xming display 0:0.

This display is intercepted by the ssh daemon on the remote AIX machine, tunneled through ssh then forwarded to yout local display :0.0.

So if your Xming display is indeed :0.0 everything should work fine. If your Xming display were e.g. :0.1, however, then enter this as "localhost:0.1" at "X display location" in the PuTTY setup (the field you initially left empty).

If you didn't see any error message when starting e. g. "xclock" on AIX then this window must appear somewhere on Windows. Did you choose "Multiple Window" mode of Xming? Otherwise the xclock display will appear in the Xming main window.

Which X application are you using on AIX? Could it be that this application has its own setup mechanism containing a DISPLAY setting which overrrides the original "localhost:10.0" value?
0
 

Author Comment

by:fuze44
ID: 38797383
The X app is an old software engineering app from which I'm migrating the data to a new app.  I can get its windows to appear using just X11 without SSH by setting DISPLAY to my workstation's address via a Telnet session.  When I connect via SSH, I get an error about not being able to open the window.

It will be Tuesday before I can get back on that system at work.   I'll get more details then and double check all of these settings.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38797389
"... not being able to open the _window_ " or rather "... to open the _display_"?
0
 

Author Comment

by:fuze44
ID: 38821158
Ok, I've been trying hard to get this to work.  BTW, this is OpenSSH that has been installed onto the AIX server.  Here's where things stand:

I can still bring up X Windows using telnet and setting my display to my local IP.  I then try it via SSH in Putty,  with X11 forwarding checked.  I leave the remote DISPLAY set to localhost:10.0, but when I try to start nedit or xterm, I get:

Xlib:  connection to "localhost:10.0" refused by server
Xlib:  PuTTY X11 proxy: wrong authentication protocol attempted
Error: Can't open display: localhost:10.0

I've edited my sshd_config file to have the following values:

AllowTcpForwarding yes
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
XAuthLocation /usr/bin/X11/xauth

I've removed and regenerated the .Xauthority file.  I've restarted the ssh daemon.

I'm stuck.
0
 

Author Comment

by:fuze44
ID: 38821194
Also, here's the log from Putty:

2013-01-25 20:20:42      Looking up host "162.58.43.95"
2013-01-25 20:20:42      Connecting to 162.58.43.95 port 22
2013-01-25 20:20:42      Server version: SSH-2.0-OpenSSH_5.8
2013-01-25 20:20:42      We claim version: SSH-2.0-PuTTY_Release_0.60
2013-01-25 20:20:42      Using SSH protocol version 2
2013-01-25 20:20:42      Doing Diffie-Hellman group exchange
2013-01-25 20:20:42      Doing Diffie-Hellman key exchange with hash SHA-256
2013-01-25 20:20:45      Host key fingerprint is:
2013-01-25 20:20:45      ssh-rsa 2048 58:55:a8:1d:4e:f9:fc:82:6e:90:44:cc:36:fb:65:61
2013-01-25 20:20:45      Initialised AES-256 SDCTR client->server encryption
2013-01-25 20:20:45      Initialised HMAC-SHA1 client->server MAC algorithm
2013-01-25 20:20:45      Initialised AES-256 SDCTR server->client encryption
2013-01-25 20:20:45      Initialised HMAC-SHA1 server->client MAC algorithm
2013-01-25 20:20:46      Keyboard-interactive authentication refused
2013-01-25 20:20:48      Sent password
2013-01-25 20:20:48      Access granted
2013-01-25 20:20:48      Opened channel for session
2013-01-25 20:20:48      Requesting X11 forwarding
2013-01-25 20:20:48      X11 forwarding enabled
2013-01-25 20:20:48      Allocated pty (ospeed 38400bps, ispeed 38400bps)
2013-01-25 20:20:48      Started a shell/command

>> Right here I entered 'nedit'

2013-01-25 20:21:59      Received X11 connect request from 127.0.0.1:4242
2013-01-25 20:21:59      Opening X11 forward connection succeeded
2013-01-25 20:21:59      Forwarded X11 connection terminated
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 38821768
try to run the command

xhost +

before running nedit
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38821882
Use MIT-Magic-Cookie-1 instead of XDM-Authorization-1 in PuTTY's session configuration.
0
 

Author Comment

by:fuze44
ID: 38836899
I am using Magic Cookies (although my log posted above may have indicated differently since I tried both).

As for xhost +, it just generates the same error as when I'm trying to run an app like nedit:

root(waas-tw)> xhost +
Xlib:  connection to "localhost:10.0" refused by server
Xlib:  PuTTY X11 proxy: wrong authentication protocol attempted
1356-200 xhost unable to open display "localhost:10.0"
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38836965
Run "xhost +" on Xming, not on AIX.
0
 

Author Comment

by:fuze44
ID: 38837857
What do you mean run that on Xming?  There's no Xmine command line that I know of, nor is there a program called xhost installed with Xming, so that isn't recognize from Window's command line.

There is an -ac option which allows all clients.  That is in place.  There is also the X0.hosts file for specific hosts.  The remote machines is listed in there.
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 1200 total points
ID: 38839015
Could it be that the home directory of the user in question resides on an NFS share?

I saw this problem in the past even when the share had full write access by everybody (including root).

For some obscure reason ssh cannot update the user's .Xauthority file when it's on NFS (but not with all users, to make it really mysterious).
.
Could you check the modification date of that file (if it does exist at all)? Does it reflect the last time you logged in via ssh + X11 forwarding, or is it old?

Could you try logging in as a user whose home directory is not on NFS? Maybe "root"?
0
 

Author Comment

by:fuze44
ID: 38890887
Ok, I got it working.  Every webpage I found said to set X11UseLocalhost to yes in sshd_config.  Turns out that 'no' is the correct setting for this configuration.

My cohorts behind the firewall can now receive X windows.
0
 

Author Closing Comment

by:fuze44
ID: 38890904
Since the solution was something else, I awarded points for participation and information.  Thank you, all.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month10 days, 12 hours left to enroll

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question