El cliente X reenviado a través de SSH "no puede abrir la pantalla: localhost: 11.0"

30

He habilitado el reenvío X en la máquina remota donde se ejecuta el servidor SSH:

# grep -i forward /etc/ssh/sshd_config 
X11Forwarding yes
# 

En la máquina local, inicié el cliente SSH con un -Xindicador que indica al servidor SSH, que se ejecuta en una máquina remota, que configure un proxy X-server. Además, crea la $DISPLAYvariable que apunta a este proxy y llama xautha instalar una clave de proxy que se autentica en este proxy X-server en la máquina remota:

# echo "$DISPLAY"
localhost:11.0
# xauth list | grep 11
A58/unix:11  MIT-MAGIC-COOKIE-1  39324086672d1ae35e373476c3891a77
# 

Sin embargo, los clientes X en la máquina remota no se inician correctamente:

# wireshark 

(wireshark:10083): Gtk-WARNING **: cannot open display: localhost:11.0
# xterm
Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
xterm: Xt error: Can't open display: %s
# 

El reenvío X no se usa, xhostasí que al menos esto se puede excluir. Traté de encontrar algunas entradas de registro útiles tanto en la máquina donde se ejecuta el servidor SSH como en la máquina donde el cliente SSH se ejecuta con el find /var/log/ -mmin -5 -type fcomando, pero esto no dio ninguna pista. La versión del servidor SSH es OpenSSH_5.9p1 y la versión del cliente SSH es OpenSSH_5.2p1. La salida del directorio /tmp/.X11-unix/ en la máquina remota se puede ver a continuación:

# ls -la /tmp/.X11-unix/
total 0
drwxrwxrwt 2 root root 40 Dec  9 15:44 .
drwxrwxrwt 4 root root 80 Jan 13 09:17 ..
# 

Como se ve arriba, no hay sockets de dominio Unix allí. La salida de strace xtermes la siguiente:

# strace xterm 
execve("/usr/bin/xterm", ["xterm"], [/* 16 vars */]) = 0
brk(0)                                  = 0x9e50000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bd000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=42995, ...}) = 0
mmap2(NULL, 42995, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77b2000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXft.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\3604\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=82952, ...}) = 0
mmap2(NULL, 85732, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb779d000
mmap2(0xb77b1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0xb77b1000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXaw.so.7", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\327\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=428900, ...}) = 0
mmap2(NULL, 432592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7733000
mmap2(0xb7796000, 28672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x62) = 0xb7796000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/libutempter.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\6\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=4572, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7732000
mmap2(NULL, 7432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7730000
mmap2(0xb7731000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xb7731000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libtinfo.so.5", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0Pd\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=125416, ...}) = 0
mmap2(NULL, 129100, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7710000
mmap2(0xb772d000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c) = 0xb772d000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/i686/cmov/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240o\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1413288, ...}) = 0
mmap2(NULL, 1427832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb75b3000
mprotect(0xb7709000, 4096, PROT_NONE)   = 0
mmap2(0xb770a000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x156) = 0xb770a000
mmap2(0xb770d000, 10616, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb770d000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libfontconfig.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300J\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=215828, ...}) = 0
mmap2(NULL, 219492, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb757d000
mmap2(0xb75b1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x33) = 0xb75b1000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libX11.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240g\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1273544, ...}) = 0
mmap2(NULL, 1277496, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7445000
mmap2(0xb7579000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x133) = 0xb7579000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXmu.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200N\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=102028, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7444000
mmap2(NULL, 101644, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb742b000
mmap2(0xb7443000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0xb7443000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXt.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\315\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=380284, ...}) = 0
mmap2(NULL, 380628, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb73ce000
mmap2(0xb7427000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x59) = 0xb7427000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libICE.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300:\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=92148, ...}) = 0
mmap2(NULL, 102224, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb73b5000
mmap2(0xb73cb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xb73cb000
mmap2(0xb73cd000, 3920, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb73cd000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libfreetype.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\202\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=632928, ...}) = 0
mmap2(NULL, 635732, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7319000
mmap2(0xb73b0000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x96) = 0xb73b0000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXrender.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\25\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=35744, ...}) = 0
mmap2(NULL, 38540, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb730f000
mmap2(0xb7318000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0xb7318000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXext.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`,\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=70320, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb730e000
mmap2(NULL, 73416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72fc000
mmap2(0xb730d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10) = 0xb730d000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXpm.so.4", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P%\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=67776, ...}) = 0
mmap2(NULL, 66460, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72eb000
mmap2(0xb72fb000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10) = 0xb72fb000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libz.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\32\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=90192, ...}) = 0
mmap2(NULL, 92868, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72d4000
mmap2(0xb72ea000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xb72ea000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libexpat.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@#\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=165192, ...}) = 0
mmap2(NULL, 167996, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72aa000
mprotect(0xb72d0000, 4096, PROT_NONE)   = 0
mmap2(0xb72d1000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26) = 0xb72d1000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libxcb.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\221\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=136968, ...}) = 0
mmap2(NULL, 139728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7287000
mmap2(0xb72a8000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x20) = 0xb72a8000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/i686/cmov/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\n\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=9844, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7286000
mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7282000
mmap2(0xb7284000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7284000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libSM.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \26\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=28320, ...}) = 0
mmap2(NULL, 31120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb727a000
mmap2(0xb7281000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0xb7281000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXau.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\n\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=8592, ...}) = 0
mmap2(NULL, 11384, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7277000
mmap2(0xb7279000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7279000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXdmcp.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\17\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=19364, ...}) = 0
mmap2(NULL, 22144, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7271000
mmap2(0xb7276000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4) = 0xb7276000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libuuid.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\22\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=17992, ...}) = 0
mmap2(NULL, 20716, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb726b000
mmap2(0xb726f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xb726f000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb726a000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7269000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7269700, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb726f000, 4096, PROT_READ)   = 0
mprotect(0xb7284000, 4096, PROT_READ)   = 0
mprotect(0xb72a8000, 4096, PROT_READ)   = 0
mprotect(0xb72d1000, 8192, PROT_READ)   = 0
mprotect(0xb73b0000, 16384, PROT_READ)  = 0
mprotect(0xb7427000, 4096, PROT_READ)   = 0
mprotect(0xb75b1000, 4096, PROT_READ)   = 0
mprotect(0xb770a000, 8192, PROT_READ)   = 0
mprotect(0xb772d000, 8192, PROT_READ)   = 0
mprotect(0x80a9000, 4096, PROT_READ)    = 0
mprotect(0xb77db000, 4096, PROT_READ)   = 0
munmap(0xb77b2000, 42995)               = 0
geteuid32()                             = 0
getegid32()                             = 0
getuid32()                              = 0
getgid32()                              = 0
setuid32(0)                             = 0
brk(0)                                  = 0x9e50000
brk(0x9e71000)                          = 0x9e71000
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
open("/proc/meminfo", O_RDONLY)         = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "MemTotal:        2039468 kB\nMemF"..., 1024) = 1024
close(3)                                = 0
munmap(0xb77bc000, 4096)                = 0
socket(PF_NETLINK, SOCK_RAW, 0)         = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=16008, groups=00000000}, [12]) = 0
time(NULL)                              = 1389599545
sendto(3, "\24\0\0\0\26\0\1\0039\233\323R\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0009\233\323R\210>\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 164
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0009\233\323R\210>\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 320
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0009\233\323R\210>\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
open("/etc/nsswitch.conf", O_RDONLY)    = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=475, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 475
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb77bc000, 4096)                = 0
open("/etc/host.conf", O_RDONLY)        = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=9, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "multi on\n", 4096)             = 9
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb77bc000, 4096)                = 0
getpid()                                = 16008
open("/etc/resolv.conf", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=108, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "domain data.ee\nsearch data.ee li"..., 4096) = 108
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb77bc000, 4096)                = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=42995, ...}) = 0
mmap2(NULL, 42995, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77b2000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/i686/cmov/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\32\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=42628, ...}) = 0
mmap2(NULL, 45768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb725d000
mmap2(0xb7267000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9) = 0xb7267000
close(3)                                = 0
mprotect(0xb7267000, 4096, PROT_READ)   = 0
munmap(0xb77b2000, 42995)               = 0
open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=256, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "127.0.0.1\tlocalhost\n127.0.1.1\tTh"..., 4096) = 256
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb77bc000, 4096)                = 0
socket(PF_INET, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_TCP) = 3
setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(6011), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ETIMEDOUT (Connection timed out)
close(3)                                = 0
open("/usr/lib/i386-linux-gnu/X11/XtErrorDB", O_RDONLY) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
getuid32()                              = 0
write(2, "Warning: This program is an suid"..., 302Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
) = 302
write(2, "xterm: ", 7xterm: )                  = 7
write(2, "Xt error: Can't open display: %s"..., 33Xt error: Can't open display: %s
) = 33
exit_group(1)                           = ?
# 

strace xterm se cuelga durante 60 segundos después de imprimir la siguiente línea:

connect (3, {sa_family = AF_INET, sin_port = htons (6011), sin_addr = inet_addr ("127.0.0.1")}, 16

EDITAR: después de permitir conexiones desde 127.0.0.0/8 a 127.0.0.0/8, pude pasar la connectllamada al sistema y ahora el problema parece ser una clave MIT-MAGIC-COOKIE-1 no válida:

connect(3, {sa_family=AF_INET, sin_port=htons(6010), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
getpeername(3, {sa_family=AF_INET, sin_port=htons(6010), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
uname({sys="Linux", node="ThinkCentreA58", ...}) = 0
access("/root/.Xauthority", R_OK)       = 0
open("/root/.Xauthority", O_RDONLY)     = 4
fstat64(4, {st_mode=S_IFREG|0600, st_size=522, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7726000
read(4, "\0\0\0\4\177\0\0\1\0\0041000\0\22MIT-MAGIC-COOKIE"..., 4096) = 522
read(4, "", 4096)                       = 0
close(4)                                = 0
munmap(0xb7726000, 4096)                = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(37220), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"l\0\v\0\0\0\22\0\20\0\0\0", 12}, {"", 0}, {"MIT-MAGIC-COOKIE-1", 18}, {"\0\0", 2}, {"I%f9\331-f\f\235i\321\354:a~\341", 16}, {"", 0}], 6) = 48
recv(3, 0x94b0ec8, 8, 0)                = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN}], 1, -1)    = 1 ([{fd=3, revents=POLLIN}])
recv(3, "\0\36\v\0\0\0\10\0", 8, 0)     = 8
recv(3, "Invalid MIT-MAGIC-COOKIE-1 key\0\0", 32, 0) = 32
write(2, "Invalid MIT-MAGIC-COOKIE-1 key", 30Invalid MIT-MAGIC-COOKIE-1 key) = 30
shutdown(3, 2 /* send and receive */)   = 0
close(3)                                = 0
open("/usr/lib/i386-linux-gnu/X11/XtErrorDB", O_RDONLY) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
getuid32()                              = 0
write(2, "Warning: This program is an suid"..., 302Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
) = 302
write(2, "xterm: ", 7xterm: )                  = 7
write(2, "Xt error: Can't open display: %s"..., 33Xt error: Can't open display: %s
) = 33
exit_group(1)                           = ?
# 

¿Alguna idea de cómo proceder con la solución de problemas?

Martín
fuente
1
El #sugiere que está iniciando sesión como root. Si eso es cierto, ¿por qué?
Faheem Mitha
55
A veces, la raíz se trata de manera diferente que otros usuarios. Si es posible, pruebe con un usuario normal. En cualquier caso, hacer cosas como root si no es necesario es generalmente una mala idea.
Faheem Mitha
44
También intente usar en ssh -Ylugar de ssh -X, eso podría ayudarlo a evitar problemas de autenticación.
terdon
1
@FaheemMitha Creé un usuario no root para una máquina donde se ejecuta el servidor SSH e inicié sesión en el servidor SSH con este usuario no root, pero desafortunadamente esto no cambió nada. @terdon probé ssh -Y, pero esto no ayudó. Todavía recibo el cannot open displaymensaje de error.
Martin
2
Agregar la -vbandera a ssh a menudo también es útil para solucionar problemas.
alanc

Respuestas:

19

Esta es la forma más básica de cómo debería funcionar:

En el cliente / máquina local (Xorg instalado en el cliente) intente esto:

$ xhost +
access control disabled, clients can connect from any host

Más tarde intente:

$ ssh -AY user@host xterm

o

$ ssh -AX user@host xterm

Con clientes no estándar, puede ser necesario xhost.

comprobar 9.3.5.6. Clientes X no estándar

nbari
fuente
2
Hasta donde sé, xhostACL ni siquiera se verifica si el reenvío X se realiza a través de SSH.
Martin
Tienes razón, pero por algunas razones a veces no funciona como se esperaba. también puedes probar esto: - X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes más sobre: X-Forwarding
nbari
12

Tuve el mismo problema. Xauth faltaba en el control remoto.

sudo apt-get install xauth

resuelto el problema.

MaWo
fuente
¡Muchas gracias, perdí 2 horas de mi vida por este problema antes de que aparecieras!
Andrew Brennan el
El hecho de que tenga que instalar esto manualmente en RHEL 7 parece desagradable.
Windfinder
3

Primero, un punto de la metodología de depuración, cuando ejecuta xterm como root, no imprime ningún mensaje de diagnóstico útil, por lo tanto, al solucionar problemas de xterm, hágalo como un usuario común.

Ahora en cuanto a su problema, hay dos tipos de reenvío X11, seguro y privilegiado, y probablemente no lo habilitó ForwardX11Trusted yes. No lo necesita en Debian y derivados porque siempre lo habilitan.

Entonces, algunos antecedentes sobre cómo llegamos aquí. X11 no es el protocolo más seguro. Fue diseñado en tiempos más amigables, y se han realizado una serie de esfuerzos para hacerlo más seguro a lo largo de los años, incluido el funcionamiento a través de un túnel de caparazón seguro. Tunneling X11 reduce casi todas las vulnerabilidades de X11. Uno que queda es el riesgo de mostrar ventanas de sistemas no confiables. Se hizo un esfuerzo para declarar un subconjunto seguro del protocolo que impediría el despliegue de rastreadores de claves y similares. El proyecto, aunque técnicamente exitoso, tiene algunos desafíos del mundo real, como el hecho extraño de que encontrar programas que solo usan el subconjunto seguro es realmente difícil porque mucha de la funcionalidad deshabilitada es muy útil,

La otra posibilidad es que el reenvío X11 solo esté habilitado en un host específico. La forma más fácil de verificar si este es el problema es usar el -Yindicador con ssh para habilitar el reenvío X11 confiable. Si eso resuelve, agregue ambas líneas de permiso hacia adelante a las secciones de host relevantes de su archivo de configuración ssh.

hildred
fuente
2

En mi entorno Ubuntu (estándar) recibí el mensaje de error xterm over ssh "... suid-root program ..." (ver arriba), incluso con todas las configuraciones de reenvío adecuadas. Este comportamiento desapareció y pronto sshd está configurado para usar solo IPv4, debido a un error de reenvío X11 en SSH si IPv6 en el sistema está deshabilitado.

vi /etc/ssh/sshd_config
AddressFamily inet

service ssh reload
Johann Klasek
fuente
Tengo IPv6 deshabilitado, ¡así que funcionó como un campeón! ¡Gracias!
Terrance
2

Yo edite

vim /etc/hosts

agregó las siguientes líneas

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

y mi problema está solucionado :)

ahmet
fuente
Estoy usando las "pruebas" de Debian y, debido a algunas actualizaciones, mi archivo "hosts" cambió. La línea con la entrada localhost fue comentada. Entonces su solución me dio la pista que necesitaba. Muchas gracias.
Winnie Tigger
1

Estaba sufriendo el mismo problema, trabajando bien después de hacer lo siguiente

  1. desde el terminal que no funciona (root en mi caso) configuré la pantalla: export DISPLAY=':0'y puede agregarla /etc/environmentpara que sea permanente
  2. desde un terminal de trabajo (terminal de usuario en mi caso) ejecutar xhost +local:
Hussam Hassen
fuente