RE: RE : RE : X11Forwarding problem on Solaris.

Hi,
yes "other user" has execution permission on the executable file.
It looks like this for the directory:
drwxrwxrwx

and for the file:
-rwxrwxr-x


-----Original Message-----
From: Vincenzo Sciarra [mailto:vincenzo.sciarra@gmail.com]
Sent: den 9 maj 2007 10:57
To: Staffan Persson
Subject: Re: RE : RE : X11Forwarding problem on Solaris.


> It works great when I
> logon as the user who is owning the program´s executable file. It wont
work
> when I logon as any other user.


Has "other user" execution permission on executable file and related
library?




2007/5/7, Staffan Persson <s.persson@home.se>:
> Hi,
> yes I can run:
>
> hosta$ ssh -X hostb
> hostb$ /usr/openwin/bin/xclock
>
> xclock is displayed correctly.
>
> The program I try to start when I get the X11Forwding problems is a
> graphical user interface for an application which can be controlled though
> command line to a certain degree.
> The program is using the display environment variable. It works great when
I
> logon as the user who is owning the program´s executable file. It wont
work
> when I logon as any other user.
>
> Below is ssh´s debug info.
> First i use ssh to connect from node2 to node4 and then I start the
PROGRAM
> on node4.
>
> node2:/home/myuser> ssh -Xv node4
> OpenSSH_4.3p2, OpenSSL 0.9.8d 28 Sep 2006
> debug1: Reading configuration data /usr/local/etc/ssh_config
> debug1: Connecting to node4 [node4´s ipaddress] port 22.
> debug1: Connection established.
> debug1: identity file /home/myuser/.ssh/identity type -1
> debug1: identity file /home/myuser/.ssh/id_rsa type -1
> debug1: identity file /home/myuser/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_43
> debug1: match: OpenSSH_4.3 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.3
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'node4' is known and matches the RSA host key.
> debug1: Found key in /home/myuser/.ssh/known_hosts:1
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/myuser/.ssh/identity
> debug1: Trying private key: /home/myuser/.ssh/id_rsa
> debug1: Trying private key: /home/myuser/.ssh/id_dsa
> debug1: Next authentication method: keyboard-interactive
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Next authentication method: password
> myuser@node4's password:
> debug1: Authentication succeeded (password).
> debug1: channel 0: new [client-session]
> debug1: Entering interactive session.
> debug1: Requesting X11 forwarding with authentication spoofing.
> Last login: Mon May  7 15:20:11 2007 from node2
> Oracle Home is set
>
> node4:/home/myuser> PROGRAM        ( ...starting program here... )
> node4:/home/myuser> debug1: client_input_channel_open: ctype x11 rchan 2
win
> 65536 max 16384
> debug1: client_request_x11: request from 127.0.0.1 43646
> debug1: channel 1: new [x11]
> debug1: confirm x11
> debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
> debug1: client_request_x11: request from 127.0.0.1 43647
> debug1: channel 2: new [x11]
> debug1: confirm x11
> X11 connection rejected because of wrong authentication.
> debug1: channel 2: free: x11, nchannels 3
> node:/home/myuser>
>
> Thanks
>
>
> -----Original Message-----
> From: Francois Bolduc [mailto:Francois.Bolduc@ca.fujitsu.com]
> Sent: den 27 april 2007 20:33
> To: secureshell@securityfocus.com
> Subject: RE: RE : RE : X11Forwarding problem on Solaris.
>
>
> Let's isolate SSH and X11 forwarding. Can you run:
>
> hosta$ ssh -X hostb
> hostb$ /usr/openwin/bin/xclock
>
> If this works, can you give a sample of the command you run that fails, or
> simply what the command is launching?
> François Bolduc
> Consultant
> FUJITSU CONSEIL (Canada) inc.
> Bureau :        613.238.2697
> francois.bolduc@ca.fujitsu.com
> From: Staffan Persson [mailto:s.persson@home.se]Sent: Wed 4/25/2007 1:47
> PMTo: Francois Bolduc; secureshell@securityfocus.comSubject: RE: RE : RE :
> X11Forwarding problem on Solaris.
> Hi,
> below is my answers on your questions.
>
> Q. What does your sshd config look like?
>
> A. My sshd_config file is stored in the following path:
> /usr/local/etc
>
> and the file´s content is:
>
> Port 22
> Protocol 2,1
> HostKey /usr/local/etc/ssh_host_key
> HostKey /usr/local/etc/ssh_host_rsa_key
> HostKey /usr/local/etc/ssh_host_dsa_key
> PermitRootLogin no
> StrictMode no
> RSAAuthentication yes
> PubkeyAuthentication yes
> AuthorizedKeysFile    ssh/authorized_keys
> PasswordAuthentication yes
> PermitEmptyPasswords no
> X11Forwarding yes
> X11DisplayOffset 10
> X11UseLocalhost yes
> AcceptEnv           yes
> PermitUserEnvironment Yes
> PermitTunnel yes
> Subsystem          sftp        /usr/local/libexec/sftp-server
>
>
> Q. Do you have any ssh_config files that might override global settings