1 |
Hello folks! |
2 |
|
3 |
I know that this question is offtopic for this list, but maybe |
4 |
someone has a clue nonetheless... |
5 |
|
6 |
I'm trying to access my local X display (on a Gentoo Linux machine, |
7 |
of course - am I now on topic? *G*) from a remote system (running |
8 |
Solaris 10U4 on Sparc). I cannot use ssh to login to that machine. |
9 |
To be somewhat secure, I tried to use xauth, but that doesn't |
10 |
work.... |
11 |
|
12 |
What did I do? |
13 |
|
14 |
On the local system, I did: |
15 |
|
16 |
xauth extract xauth.key $DISPLAY:0.0 |
17 |
ftp $remote -> put xauth.key, in BINary mode |
18 |
rlogin $remote |
19 |
|
20 |
On $remote, I did: |
21 |
|
22 |
export DISPLAY=$linux_box:0.0 |
23 |
xauth merge xauth.key |
24 |
xterm |
25 |
|
26 |
Result: |
27 |
|
28 |
Xlib: connection to "lin000198:0.0" refused by server |
29 |
Xlib: No protocol specified |
30 |
|
31 |
xterm Xt error: Can't open display: lin000198:0.0 |
32 |
|
33 |
Hm. Why's that? |
34 |
|
35 |
X is (of course) running on lin000198 and it's listening on |
36 |
6000/tcp: |
37 |
|
38 |
$ sudo netstat -tlpen | grep 6000 |
39 |
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 0 9878 4489/X |
40 |
|
41 |
Looks good, doesn't it? I'm also able to access the X server |
42 |
on my local $linux_box, when I do on $linux_box: |
43 |
|
44 |
xhost +$remote |
45 |
|
46 |
But I don't want to do that, as xauth is the better, more secure |
47 |
way. |
48 |
|
49 |
On $linux_box I ran wireshark/tcpdump and had it capture the |
50 |
traffic. When I run "xterm" on $remote, I see two packages with |
51 |
the protocol type "X11". One going from $remote -> $linux_box |
52 |
and one the other way (the answer). Content is pasted further |
53 |
down below. |
54 |
|
55 |
Does anyone know what I might have to tweak, so that xauth works? |
56 |
|
57 |
I'm using xorg-server-1.4.0.90-r3, if that matters. |
58 |
|
59 |
Thanks a lot! And sorry for being off topic. |
60 |
|
61 |
No. Time Source Destination Protocol Info |
62 |
10 0.860682 10.0.1.26 10.0.3.115 X11 Initial connection request |
63 |
|
64 |
Frame 10 (66 bytes on wire, 66 bytes captured) |
65 |
Arrival Time: Feb 7, 2008 07:54:28.331493000 |
66 |
[Time delta from previous captured frame: 0.000470000 seconds] |
67 |
[Time delta from previous displayed frame: 0.000470000 seconds] |
68 |
[Time since reference or first frame: 0.860682000 seconds] |
69 |
Frame Number: 10 |
70 |
Frame Length: 66 bytes |
71 |
Capture Length: 66 bytes |
72 |
[Frame is marked: True] |
73 |
[Protocols in frame: eth:ip:tcp:x11] |
74 |
[Coloring Rule Name: TCP] |
75 |
[Coloring Rule String: tcp] |
76 |
Ethernet II, Src: 00:03:ba:0c:25:75 (00:03:ba:0c:25:75), Dst: 00:15:c5:59:04:9b (00:15:c5:59:04:9b) |
77 |
Destination: 00:15:c5:59:04:9b (00:15:c5:59:04:9b) |
78 |
Address: 00:15:c5:59:04:9b (00:15:c5:59:04:9b) |
79 |
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) |
80 |
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) |
81 |
Source: 00:03:ba:0c:25:75 (00:03:ba:0c:25:75) |
82 |
Address: 00:03:ba:0c:25:75 (00:03:ba:0c:25:75) |
83 |
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) |
84 |
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) |
85 |
Type: IP (0x0800) |
86 |
Internet Protocol, Src: 10.0.1.26 (10.0.1.26), Dst: 10.0.3.115 (10.0.3.115) |
87 |
Version: 4 |
88 |
Header length: 20 bytes |
89 |
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) |
90 |
0000 00.. = Differentiated Services Codepoint: Default (0x00) |
91 |
.... ..0. = ECN-Capable Transport (ECT): 0 |
92 |
.... ...0 = ECN-CE: 0 |
93 |
Total Length: 52 |
94 |
Identification: 0x31a2 (12706) |
95 |
Flags: 0x04 (Don't Fragment) |
96 |
0... = Reserved bit: Not set |
97 |
.1.. = Don't fragment: Set |
98 |
..0. = More fragments: Not set |
99 |
Fragment offset: 0 |
100 |
Time to live: 64 |
101 |
Protocol: TCP (0x06) |
102 |
Header checksum: 0xf095 [correct] |
103 |
[Good: True] |
104 |
[Bad : False] |
105 |
Source: 10.0.1.26 (10.0.1.26) |
106 |
Destination: 10.0.3.115 (10.0.3.115) |
107 |
Transmission Control Protocol, Src Port: 59653 (59653), Dst Port: x11 (6000), Seq: 1, Ack: 1, Len: 12 |
108 |
Source port: 59653 (59653) |
109 |
Destination port: x11 (6000) |
110 |
Sequence number: 1 (relative sequence number) |
111 |
[Next sequence number: 13 (relative sequence number)] |
112 |
Acknowledgement number: 1 (relative ack number) |
113 |
Header length: 20 bytes |
114 |
Flags: 0x18 (PSH, ACK) |
115 |
0... .... = Congestion Window Reduced (CWR): Not set |
116 |
.0.. .... = ECN-Echo: Not set |
117 |
..0. .... = Urgent: Not set |
118 |
...1 .... = Acknowledgment: Set |
119 |
.... 1... = Push: Set |
120 |
.... .0.. = Reset: Not set |
121 |
.... ..0. = Syn: Not set |
122 |
.... ...0 = Fin: Not set |
123 |
Window size: 49640 |
124 |
Checksum: 0xd155 [correct] |
125 |
[Good Checksum: True] |
126 |
[Bad Checksum: False] |
127 |
X11, Request, Initial connection request |
128 |
byte-order: 0x42 (Big-endian) |
129 |
unused |
130 |
protocol-major-version: 11 |
131 |
protocol-minor-version: 0 |
132 |
authorization-protocol-name-length: 0 |
133 |
authorization-protocol-data-length: 0 |
134 |
unused |
135 |
|
136 |
0000 00 15 c5 59 04 9b 00 03 ba 0c 25 75 08 00 45 00 ...Y......%u..E. |
137 |
0010 00 34 31 a2 40 00 40 06 f0 95 0a 00 01 1a 0a 00 .41.@.@......... |
138 |
0020 03 73 e9 05 17 70 67 32 07 fd a9 d9 a8 6b 50 18 .s...pg2.....kP. |
139 |
0030 c1 e8 d1 55 00 00 42 00 00 0b 00 00 00 00 00 00 ...U..B......... |
140 |
0040 00 00 .. |
141 |
|
142 |
No. Time Source Destination Protocol Info |
143 |
12 0.860837 10.0.3.115 10.0.1.26 X11 Initial connection reply |
144 |
|
145 |
Frame 12 (86 bytes on wire, 86 bytes captured) |
146 |
Arrival Time: Feb 7, 2008 07:54:28.331648000 |
147 |
[Time delta from previous captured frame: 0.000147000 seconds] |
148 |
[Time delta from previous displayed frame: 0.000147000 seconds] |
149 |
[Time since reference or first frame: 0.860837000 seconds] |
150 |
Frame Number: 12 |
151 |
Frame Length: 86 bytes |
152 |
Capture Length: 86 bytes |
153 |
[Frame is marked: True] |
154 |
[Protocols in frame: eth:ip:tcp:x11] |
155 |
[Coloring Rule Name: TCP] |
156 |
[Coloring Rule String: tcp] |
157 |
Ethernet II, Src: 00:15:c5:59:04:9b (00:15:c5:59:04:9b), Dst: 00:03:ba:0c:25:75 (00:03:ba:0c:25:75) |
158 |
Destination: 00:03:ba:0c:25:75 (00:03:ba:0c:25:75) |
159 |
Address: 00:03:ba:0c:25:75 (00:03:ba:0c:25:75) |
160 |
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) |
161 |
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) |
162 |
Source: 00:15:c5:59:04:9b (00:15:c5:59:04:9b) |
163 |
Address: 00:15:c5:59:04:9b (00:15:c5:59:04:9b) |
164 |
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) |
165 |
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) |
166 |
Type: IP (0x0800) |
167 |
Internet Protocol, Src: 10.0.3.115 (10.0.3.115), Dst: 10.0.1.26 (10.0.1.26) |
168 |
Version: 4 |
169 |
Header length: 20 bytes |
170 |
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) |
171 |
0000 00.. = Differentiated Services Codepoint: Default (0x00) |
172 |
.... ..0. = ECN-Capable Transport (ECT): 0 |
173 |
.... ...0 = ECN-CE: 0 |
174 |
Total Length: 72 |
175 |
Identification: 0x5b70 (23408) |
176 |
Flags: 0x04 (Don't Fragment) |
177 |
0... = Reserved bit: Not set |
178 |
.1.. = Don't fragment: Set |
179 |
..0. = More fragments: Not set |
180 |
Fragment offset: 0 |
181 |
Time to live: 64 |
182 |
Protocol: TCP (0x06) |
183 |
Header checksum: 0xc6b3 [correct] |
184 |
[Good: True] |
185 |
[Bad : False] |
186 |
Source: 10.0.3.115 (10.0.3.115) |
187 |
Destination: 10.0.1.26 (10.0.1.26) |
188 |
Transmission Control Protocol, Src Port: x11 (6000), Dst Port: 59653 (59653), Seq: 1, Ack: 13, Len: 32 |
189 |
Source port: x11 (6000) |
190 |
Destination port: 59653 (59653) |
191 |
Sequence number: 1 (relative sequence number) |
192 |
[Next sequence number: 33 (relative sequence number)] |
193 |
Acknowledgement number: 13 (relative ack number) |
194 |
Header length: 20 bytes |
195 |
Flags: 0x18 (PSH, ACK) |
196 |
0... .... = Congestion Window Reduced (CWR): Not set |
197 |
.0.. .... = ECN-Echo: Not set |
198 |
..0. .... = Urgent: Not set |
199 |
...1 .... = Acknowledgment: Set |
200 |
.... 1... = Push: Set |
201 |
.... .0.. = Reset: Not set |
202 |
.... ..0. = Syn: Not set |
203 |
.... ...0 = Fin: Not set |
204 |
Window size: 5888 (scaled) |
205 |
Checksum: 0x18c7 [incorrect, should be 0xbaee (maybe caused by "TCP checksum offload"?)] |
206 |
[Good Checksum: False] |
207 |
[Bad Checksum: True] |
208 |
X11, Reply, Initial connection reply |
209 |
success: 0 |
210 |
length-of-reason: 22 |
211 |
protocol-major-version: 11 |
212 |
protocol-minor-version: 0 |
213 |
replylength: 6 |
214 |
reason: No protocol specified. |
215 |
undecoded |
216 |
|
217 |
0000 00 03 ba 0c 25 75 00 15 c5 59 04 9b 08 00 45 00 ....%u...Y....E. |
218 |
0010 00 48 5b 70 40 00 40 06 c6 b3 0a 00 03 73 0a 00 .H[p@.@......s.. |
219 |
0020 01 1a 17 70 e9 05 a9 d9 a8 6b 67 32 08 09 50 18 ...p.....kg2..P. |
220 |
0030 00 5c 18 c7 00 00 00 16 00 0b 00 00 00 06 4e 6f .\............No |
221 |
0040 20 70 72 6f 74 6f 63 6f 6c 20 73 70 65 63 69 66 protocol specif |
222 |
0050 69 65 64 0a e4 bf ied... |
223 |
|
224 |
|
225 |
Michael |
226 |
|
227 |
-- |
228 |
gentoo-user@l.g.o mailing list |