| 1 |
Hello folks! |
| 2 |
|
| 3 |
I know that this question is offtopic for this list, but maybe |
| 4 |
someone has a clue nonetheless... |
| 5 |
|
| 6 |
I'm trying to access my local X display (on a Gentoo Linux machine, |
| 7 |
of course - am I now on topic? *G*) from a remote system (running |
| 8 |
Solaris 10U4 on Sparc). I cannot use ssh to login to that machine. |
| 9 |
To be somewhat secure, I tried to use xauth, but that doesn't |
| 10 |
work.... |
| 11 |
|
| 12 |
What did I do? |
| 13 |
|
| 14 |
On the local system, I did: |
| 15 |
|
| 16 |
xauth extract xauth.key $DISPLAY:0.0 |
| 17 |
ftp $remote -> put xauth.key, in BINary mode |
| 18 |
rlogin $remote |
| 19 |
|
| 20 |
On $remote, I did: |
| 21 |
|
| 22 |
export DISPLAY=$linux_box:0.0 |
| 23 |
xauth merge xauth.key |
| 24 |
xterm |
| 25 |
|
| 26 |
Result: |
| 27 |
|
| 28 |
Xlib: connection to "lin000198:0.0" refused by server |
| 29 |
Xlib: No protocol specified |
| 30 |
|
| 31 |
xterm Xt error: Can't open display: lin000198:0.0 |
| 32 |
|
| 33 |
Hm. Why's that? |
| 34 |
|
| 35 |
X is (of course) running on lin000198 and it's listening on |
| 36 |
6000/tcp: |
| 37 |
|
| 38 |
$ sudo netstat -tlpen | grep 6000 |
| 39 |
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 0 9878 4489/X |
| 40 |
|
| 41 |
Looks good, doesn't it? I'm also able to access the X server |
| 42 |
on my local $linux_box, when I do on $linux_box: |
| 43 |
|
| 44 |
xhost +$remote |
| 45 |
|
| 46 |
But I don't want to do that, as xauth is the better, more secure |
| 47 |
way. |
| 48 |
|
| 49 |
On $linux_box I ran wireshark/tcpdump and had it capture the |
| 50 |
traffic. When I run "xterm" on $remote, I see two packages with |
| 51 |
the protocol type "X11". One going from $remote -> $linux_box |
| 52 |
and one the other way (the answer). Content is pasted further |
| 53 |
down below. |
| 54 |
|
| 55 |
Does anyone know what I might have to tweak, so that xauth works? |
| 56 |
|
| 57 |
I'm using xorg-server-1.4.0.90-r3, if that matters. |
| 58 |
|
| 59 |
Thanks a lot! And sorry for being off topic. |
| 60 |
|
| 61 |
No. Time Source Destination Protocol Info |
| 62 |
10 0.860682 10.0.1.26 10.0.3.115 X11 Initial connection request |
| 63 |
|
| 64 |
Frame 10 (66 bytes on wire, 66 bytes captured) |
| 65 |
Arrival Time: Feb 7, 2008 07:54:28.331493000 |
| 66 |
[Time delta from previous captured frame: 0.000470000 seconds] |
| 67 |
[Time delta from previous displayed frame: 0.000470000 seconds] |
| 68 |
[Time since reference or first frame: 0.860682000 seconds] |
| 69 |
Frame Number: 10 |
| 70 |
Frame Length: 66 bytes |
| 71 |
Capture Length: 66 bytes |
| 72 |
[Frame is marked: True] |
| 73 |
[Protocols in frame: eth:ip:tcp:x11] |
| 74 |
[Coloring Rule Name: TCP] |
| 75 |
[Coloring Rule String: tcp] |
| 76 |
Ethernet II, Src: 00:03:ba:0c:25:75 (00:03:ba:0c:25:75), Dst: 00:15:c5:59:04:9b (00:15:c5:59:04:9b) |
| 77 |
Destination: 00:15:c5:59:04:9b (00:15:c5:59:04:9b) |
| 78 |
Address: 00:15:c5:59:04:9b (00:15:c5:59:04:9b) |
| 79 |
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) |
| 80 |
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) |
| 81 |
Source: 00:03:ba:0c:25:75 (00:03:ba:0c:25:75) |
| 82 |
Address: 00:03:ba:0c:25:75 (00:03:ba:0c:25:75) |
| 83 |
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) |
| 84 |
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) |
| 85 |
Type: IP (0x0800) |
| 86 |
Internet Protocol, Src: 10.0.1.26 (10.0.1.26), Dst: 10.0.3.115 (10.0.3.115) |
| 87 |
Version: 4 |
| 88 |
Header length: 20 bytes |
| 89 |
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) |
| 90 |
0000 00.. = Differentiated Services Codepoint: Default (0x00) |
| 91 |
.... ..0. = ECN-Capable Transport (ECT): 0 |
| 92 |
.... ...0 = ECN-CE: 0 |
| 93 |
Total Length: 52 |
| 94 |
Identification: 0x31a2 (12706) |
| 95 |
Flags: 0x04 (Don't Fragment) |
| 96 |
0... = Reserved bit: Not set |
| 97 |
.1.. = Don't fragment: Set |
| 98 |
..0. = More fragments: Not set |
| 99 |
Fragment offset: 0 |
| 100 |
Time to live: 64 |
| 101 |
Protocol: TCP (0x06) |
| 102 |
Header checksum: 0xf095 [correct] |
| 103 |
[Good: True] |
| 104 |
[Bad : False] |
| 105 |
Source: 10.0.1.26 (10.0.1.26) |
| 106 |
Destination: 10.0.3.115 (10.0.3.115) |
| 107 |
Transmission Control Protocol, Src Port: 59653 (59653), Dst Port: x11 (6000), Seq: 1, Ack: 1, Len: 12 |
| 108 |
Source port: 59653 (59653) |
| 109 |
Destination port: x11 (6000) |
| 110 |
Sequence number: 1 (relative sequence number) |
| 111 |
[Next sequence number: 13 (relative sequence number)] |
| 112 |
Acknowledgement number: 1 (relative ack number) |
| 113 |
Header length: 20 bytes |
| 114 |
Flags: 0x18 (PSH, ACK) |
| 115 |
0... .... = Congestion Window Reduced (CWR): Not set |
| 116 |
.0.. .... = ECN-Echo: Not set |
| 117 |
..0. .... = Urgent: Not set |
| 118 |
...1 .... = Acknowledgment: Set |
| 119 |
.... 1... = Push: Set |
| 120 |
.... .0.. = Reset: Not set |
| 121 |
.... ..0. = Syn: Not set |
| 122 |
.... ...0 = Fin: Not set |
| 123 |
Window size: 49640 |
| 124 |
Checksum: 0xd155 [correct] |
| 125 |
[Good Checksum: True] |
| 126 |
[Bad Checksum: False] |
| 127 |
X11, Request, Initial connection request |
| 128 |
byte-order: 0x42 (Big-endian) |
| 129 |
unused |
| 130 |
protocol-major-version: 11 |
| 131 |
protocol-minor-version: 0 |
| 132 |
authorization-protocol-name-length: 0 |
| 133 |
authorization-protocol-data-length: 0 |
| 134 |
unused |
| 135 |
|
| 136 |
0000 00 15 c5 59 04 9b 00 03 ba 0c 25 75 08 00 45 00 ...Y......%u..E. |
| 137 |
0010 00 34 31 a2 40 00 40 06 f0 95 0a 00 01 1a 0a 00 .41.@.@......... |
| 138 |
0020 03 73 e9 05 17 70 67 32 07 fd a9 d9 a8 6b 50 18 .s...pg2.....kP. |
| 139 |
0030 c1 e8 d1 55 00 00 42 00 00 0b 00 00 00 00 00 00 ...U..B......... |
| 140 |
0040 00 00 .. |
| 141 |
|
| 142 |
No. Time Source Destination Protocol Info |
| 143 |
12 0.860837 10.0.3.115 10.0.1.26 X11 Initial connection reply |
| 144 |
|
| 145 |
Frame 12 (86 bytes on wire, 86 bytes captured) |
| 146 |
Arrival Time: Feb 7, 2008 07:54:28.331648000 |
| 147 |
[Time delta from previous captured frame: 0.000147000 seconds] |
| 148 |
[Time delta from previous displayed frame: 0.000147000 seconds] |
| 149 |
[Time since reference or first frame: 0.860837000 seconds] |
| 150 |
Frame Number: 12 |
| 151 |
Frame Length: 86 bytes |
| 152 |
Capture Length: 86 bytes |
| 153 |
[Frame is marked: True] |
| 154 |
[Protocols in frame: eth:ip:tcp:x11] |
| 155 |
[Coloring Rule Name: TCP] |
| 156 |
[Coloring Rule String: tcp] |
| 157 |
Ethernet II, Src: 00:15:c5:59:04:9b (00:15:c5:59:04:9b), Dst: 00:03:ba:0c:25:75 (00:03:ba:0c:25:75) |
| 158 |
Destination: 00:03:ba:0c:25:75 (00:03:ba:0c:25:75) |
| 159 |
Address: 00:03:ba:0c:25:75 (00:03:ba:0c:25:75) |
| 160 |
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) |
| 161 |
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) |
| 162 |
Source: 00:15:c5:59:04:9b (00:15:c5:59:04:9b) |
| 163 |
Address: 00:15:c5:59:04:9b (00:15:c5:59:04:9b) |
| 164 |
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) |
| 165 |
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) |
| 166 |
Type: IP (0x0800) |
| 167 |
Internet Protocol, Src: 10.0.3.115 (10.0.3.115), Dst: 10.0.1.26 (10.0.1.26) |
| 168 |
Version: 4 |
| 169 |
Header length: 20 bytes |
| 170 |
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) |
| 171 |
0000 00.. = Differentiated Services Codepoint: Default (0x00) |
| 172 |
.... ..0. = ECN-Capable Transport (ECT): 0 |
| 173 |
.... ...0 = ECN-CE: 0 |
| 174 |
Total Length: 72 |
| 175 |
Identification: 0x5b70 (23408) |
| 176 |
Flags: 0x04 (Don't Fragment) |
| 177 |
0... = Reserved bit: Not set |
| 178 |
.1.. = Don't fragment: Set |
| 179 |
..0. = More fragments: Not set |
| 180 |
Fragment offset: 0 |
| 181 |
Time to live: 64 |
| 182 |
Protocol: TCP (0x06) |
| 183 |
Header checksum: 0xc6b3 [correct] |
| 184 |
[Good: True] |
| 185 |
[Bad : False] |
| 186 |
Source: 10.0.3.115 (10.0.3.115) |
| 187 |
Destination: 10.0.1.26 (10.0.1.26) |
| 188 |
Transmission Control Protocol, Src Port: x11 (6000), Dst Port: 59653 (59653), Seq: 1, Ack: 13, Len: 32 |
| 189 |
Source port: x11 (6000) |
| 190 |
Destination port: 59653 (59653) |
| 191 |
Sequence number: 1 (relative sequence number) |
| 192 |
[Next sequence number: 33 (relative sequence number)] |
| 193 |
Acknowledgement number: 13 (relative ack number) |
| 194 |
Header length: 20 bytes |
| 195 |
Flags: 0x18 (PSH, ACK) |
| 196 |
0... .... = Congestion Window Reduced (CWR): Not set |
| 197 |
.0.. .... = ECN-Echo: Not set |
| 198 |
..0. .... = Urgent: Not set |
| 199 |
...1 .... = Acknowledgment: Set |
| 200 |
.... 1... = Push: Set |
| 201 |
.... .0.. = Reset: Not set |
| 202 |
.... ..0. = Syn: Not set |
| 203 |
.... ...0 = Fin: Not set |
| 204 |
Window size: 5888 (scaled) |
| 205 |
Checksum: 0x18c7 [incorrect, should be 0xbaee (maybe caused by "TCP checksum offload"?)] |
| 206 |
[Good Checksum: False] |
| 207 |
[Bad Checksum: True] |
| 208 |
X11, Reply, Initial connection reply |
| 209 |
success: 0 |
| 210 |
length-of-reason: 22 |
| 211 |
protocol-major-version: 11 |
| 212 |
protocol-minor-version: 0 |
| 213 |
replylength: 6 |
| 214 |
reason: No protocol specified. |
| 215 |
undecoded |
| 216 |
|
| 217 |
0000 00 03 ba 0c 25 75 00 15 c5 59 04 9b 08 00 45 00 ....%u...Y....E. |
| 218 |
0010 00 48 5b 70 40 00 40 06 c6 b3 0a 00 03 73 0a 00 .H[p@.@......s.. |
| 219 |
0020 01 1a 17 70 e9 05 a9 d9 a8 6b 67 32 08 09 50 18 ...p.....kg2..P. |
| 220 |
0030 00 5c 18 c7 00 00 00 16 00 0b 00 00 00 06 4e 6f .\............No |
| 221 |
0040 20 70 72 6f 74 6f 63 6f 6c 20 73 70 65 63 69 66 protocol specif |
| 222 |
0050 69 65 64 0a e4 bf ied... |
| 223 |
|
| 224 |
|
| 225 |
Michael |
| 226 |
|
| 227 |
-- |
| 228 |
gentoo-user@l.g.o mailing list |
Archives