Eu habilitei o encaminhamento do X na máquina remota em que o servidor SSH está sendo executado:
# grep -i forward /etc/ssh/sshd_config
X11Forwarding yes
#
Na máquina local, iniciei o cliente SSH com o -Xsinalizador que instrui o servidor SSH, executando na máquina remota, a configurar um proxy do X-server. Além disso, ele cria a $DISPLAYvariável que aponta para esse proxy e solicita a xauthinstalação de uma chave de proxy que se autentica nesse proxy do servidor X na máquina remota:
# echo "$DISPLAY"
localhost:11.0
# xauth list | grep 11
A58/unix:11 MIT-MAGIC-COOKIE-1 39324086672d1ae35e373476c3891a77
#
No entanto, os clientes X na máquina remota não iniciam corretamente:
# wireshark
(wireshark:10083): Gtk-WARNING **: cannot open display: localhost:11.0
# xterm
Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
xterm: Xt error: Can't open display: %s
#
O encaminhamento X não usa xhost, pelo menos isso pode ser excluído. Tentei encontrar algumas entradas de log úteis na máquina em que o servidor SSH está em execução e na máquina em que o cliente SSH está em execução com o find /var/log/ -mmin -5 -type fcomando, mas isso não deu nenhuma dica. A versão do servidor SSH é OpenSSH_5.9p1 e a versão do cliente SSH é OpenSSH_5.2p1. A saída do diretório /tmp/.X11-unix/ na máquina remota pode ser vista abaixo:
# ls -la /tmp/.X11-unix/
total 0
drwxrwxrwt 2 root root 40 Dec 9 15:44 .
drwxrwxrwt 4 root root 80 Jan 13 09:17 ..
#
Como visto acima, não há soquetes de domínio Unix lá. A saída de strace xtermé a seguinte:
# strace xterm
execve("/usr/bin/xterm", ["xterm"], [/* 16 vars */]) = 0
brk(0) = 0x9e50000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bd000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=42995, ...}) = 0
mmap2(NULL, 42995, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77b2000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXft.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\3604\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=82952, ...}) = 0
mmap2(NULL, 85732, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb779d000
mmap2(0xb77b1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0xb77b1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXaw.so.7", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\327\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=428900, ...}) = 0
mmap2(NULL, 432592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7733000
mmap2(0xb7796000, 28672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x62) = 0xb7796000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/libutempter.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\6\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=4572, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7732000
mmap2(NULL, 7432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7730000
mmap2(0xb7731000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xb7731000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libtinfo.so.5", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0Pd\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=125416, ...}) = 0
mmap2(NULL, 129100, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7710000
mmap2(0xb772d000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c) = 0xb772d000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/i686/cmov/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240o\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1413288, ...}) = 0
mmap2(NULL, 1427832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb75b3000
mprotect(0xb7709000, 4096, PROT_NONE) = 0
mmap2(0xb770a000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x156) = 0xb770a000
mmap2(0xb770d000, 10616, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb770d000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libfontconfig.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300J\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=215828, ...}) = 0
mmap2(NULL, 219492, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb757d000
mmap2(0xb75b1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x33) = 0xb75b1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libX11.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240g\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1273544, ...}) = 0
mmap2(NULL, 1277496, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7445000
mmap2(0xb7579000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x133) = 0xb7579000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXmu.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200N\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=102028, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7444000
mmap2(NULL, 101644, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb742b000
mmap2(0xb7443000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0xb7443000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXt.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\315\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=380284, ...}) = 0
mmap2(NULL, 380628, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb73ce000
mmap2(0xb7427000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x59) = 0xb7427000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libICE.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300:\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=92148, ...}) = 0
mmap2(NULL, 102224, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb73b5000
mmap2(0xb73cb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xb73cb000
mmap2(0xb73cd000, 3920, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb73cd000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libfreetype.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\202\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=632928, ...}) = 0
mmap2(NULL, 635732, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7319000
mmap2(0xb73b0000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x96) = 0xb73b0000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXrender.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\25\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=35744, ...}) = 0
mmap2(NULL, 38540, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb730f000
mmap2(0xb7318000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0xb7318000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXext.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`,\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=70320, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb730e000
mmap2(NULL, 73416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72fc000
mmap2(0xb730d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10) = 0xb730d000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXpm.so.4", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P%\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=67776, ...}) = 0
mmap2(NULL, 66460, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72eb000
mmap2(0xb72fb000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10) = 0xb72fb000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libz.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\32\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=90192, ...}) = 0
mmap2(NULL, 92868, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72d4000
mmap2(0xb72ea000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xb72ea000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libexpat.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@#\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=165192, ...}) = 0
mmap2(NULL, 167996, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72aa000
mprotect(0xb72d0000, 4096, PROT_NONE) = 0
mmap2(0xb72d1000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26) = 0xb72d1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libxcb.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\221\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=136968, ...}) = 0
mmap2(NULL, 139728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7287000
mmap2(0xb72a8000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x20) = 0xb72a8000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/i686/cmov/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\n\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=9844, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7286000
mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7282000
mmap2(0xb7284000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7284000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libSM.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \26\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=28320, ...}) = 0
mmap2(NULL, 31120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb727a000
mmap2(0xb7281000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0xb7281000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXau.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\n\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=8592, ...}) = 0
mmap2(NULL, 11384, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7277000
mmap2(0xb7279000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7279000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXdmcp.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\17\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=19364, ...}) = 0
mmap2(NULL, 22144, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7271000
mmap2(0xb7276000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4) = 0xb7276000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libuuid.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\22\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=17992, ...}) = 0
mmap2(NULL, 20716, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb726b000
mmap2(0xb726f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xb726f000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb726a000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7269000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7269700, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb726f000, 4096, PROT_READ) = 0
mprotect(0xb7284000, 4096, PROT_READ) = 0
mprotect(0xb72a8000, 4096, PROT_READ) = 0
mprotect(0xb72d1000, 8192, PROT_READ) = 0
mprotect(0xb73b0000, 16384, PROT_READ) = 0
mprotect(0xb7427000, 4096, PROT_READ) = 0
mprotect(0xb75b1000, 4096, PROT_READ) = 0
mprotect(0xb770a000, 8192, PROT_READ) = 0
mprotect(0xb772d000, 8192, PROT_READ) = 0
mprotect(0x80a9000, 4096, PROT_READ) = 0
mprotect(0xb77db000, 4096, PROT_READ) = 0
munmap(0xb77b2000, 42995) = 0
geteuid32() = 0
getegid32() = 0
getuid32() = 0
getgid32() = 0
setuid32(0) = 0
brk(0) = 0x9e50000
brk(0x9e71000) = 0x9e71000
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
open("/proc/meminfo", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "MemTotal: 2039468 kB\nMemF"..., 1024) = 1024
close(3) = 0
munmap(0xb77bc000, 4096) = 0
socket(PF_NETLINK, SOCK_RAW, 0) = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=16008, groups=00000000}, [12]) = 0
time(NULL) = 1389599545
sendto(3, "\24\0\0\0\26\0\1\0039\233\323R\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0009\233\323R\210>\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 164
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0009\233\323R\210>\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 320
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0009\233\323R\210>\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=475, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 475
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb77bc000, 4096) = 0
open("/etc/host.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=9, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "multi on\n", 4096) = 9
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb77bc000, 4096) = 0
getpid() = 16008
open("/etc/resolv.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=108, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "domain data.ee\nsearch data.ee li"..., 4096) = 108
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb77bc000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=42995, ...}) = 0
mmap2(NULL, 42995, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77b2000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/i686/cmov/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\32\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=42628, ...}) = 0
mmap2(NULL, 45768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb725d000
mmap2(0xb7267000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9) = 0xb7267000
close(3) = 0
mprotect(0xb7267000, 4096, PROT_READ) = 0
munmap(0xb77b2000, 42995) = 0
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=256, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "127.0.0.1\tlocalhost\n127.0.1.1\tTh"..., 4096) = 256
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb77bc000, 4096) = 0
socket(PF_INET, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_TCP) = 3
setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(6011), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ETIMEDOUT (Connection timed out)
close(3) = 0
open("/usr/lib/i386-linux-gnu/X11/XtErrorDB", O_RDONLY) = -1 ENOENT (No such file or directory)
getuid32() = 0
geteuid32() = 0
getuid32() = 0
write(2, "Warning: This program is an suid"..., 302Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
) = 302
write(2, "xterm: ", 7xterm: ) = 7
write(2, "Xt error: Can't open display: %s"..., 33Xt error: Can't open display: %s
) = 33
exit_group(1) = ?
#
strace xterm trava por 60 segundos após imprimir a linha abaixo:
conectar (3, {sa_family = AF_INET, sin_port = htons (6011), sin_addr = inet_addr ("127.0.0.1")}, 16
EDIT: depois de permitir conexões de 127.0.0.0/8 a 127.0.0.0/8, consegui passar a connectchamada do sistema e agora o problema parece ser uma chave MIT-MAGIC-COOKIE-1 inválida:
connect(3, {sa_family=AF_INET, sin_port=htons(6010), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
getpeername(3, {sa_family=AF_INET, sin_port=htons(6010), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
uname({sys="Linux", node="ThinkCentreA58", ...}) = 0
access("/root/.Xauthority", R_OK) = 0
open("/root/.Xauthority", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0600, st_size=522, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7726000
read(4, "\0\0\0\4\177\0\0\1\0\0041000\0\22MIT-MAGIC-COOKIE"..., 4096) = 522
read(4, "", 4096) = 0
close(4) = 0
munmap(0xb7726000, 4096) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(37220), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"l\0\v\0\0\0\22\0\20\0\0\0", 12}, {"", 0}, {"MIT-MAGIC-COOKIE-1", 18}, {"\0\0", 2}, {"I%f9\331-f\f\235i\321\354:a~\341", 16}, {"", 0}], 6) = 48
recv(3, 0x94b0ec8, 8, 0) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
recv(3, "\0\36\v\0\0\0\10\0", 8, 0) = 8
recv(3, "Invalid MIT-MAGIC-COOKIE-1 key\0\0", 32, 0) = 32
write(2, "Invalid MIT-MAGIC-COOKIE-1 key", 30Invalid MIT-MAGIC-COOKIE-1 key) = 30
shutdown(3, 2 /* send and receive */) = 0
close(3) = 0
open("/usr/lib/i386-linux-gnu/X11/XtErrorDB", O_RDONLY) = -1 ENOENT (No such file or directory)
getuid32() = 0
geteuid32() = 0
getuid32() = 0
write(2, "Warning: This program is an suid"..., 302Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
) = 302
write(2, "xterm: ", 7xterm: ) = 7
write(2, "Xt error: Can't open display: %s"..., 33Xt error: Can't open display: %s
) = 33
exit_group(1) = ?
#
Alguma idéia de como proceder com a solução de problemas?
#sugere que você está efetuando login como root. Se isso é verdade, por quê?ssh -Yvez dessh -X, que pode ajudá-lo a solucionar problemas de autenticação.ssh -Y, mas isso não ajudou. Eu ainda recebo acannot open displaymensagem de erro.-vsinalizador ao ssh também é útil na solução de problemas.Respostas:
Esta é a maneira muito básica de como deve funcionar:
Na máquina cliente / local (o Xorg instalado no cliente), tente o seguinte:
Mais tarde tente:
ou
Com clientes não padrão, o xhost pode ser necessário.
verifique 9.3.5.6. Clientes X fora do padrão
fonte
xhostACL nem é verificada se o encaminhamento do X é feito no SSH.X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yesmais sobre: X-ForwardingEu tive o mesmo problema. O Xauth estava ausente no controle remoto.
sudo apt-get install xauthresolveu o problema.
fonte
Primeiro, um ponto da metodologia de depuração: quando você executa o xterm como root, ele não imprime nenhuma mensagem de diagnóstico útil; portanto, ao solucionar o xterm, faça isso como um usuário comum.
Agora, quanto ao seu problema, existem dois tipos de encaminhamento do X11, seguros e privilegiados, e você provavelmente não o ativou
ForwardX11Trusted yes. Você não precisa dele no Debian e derivados porque eles sempre o habilitam.Então, alguns antecedentes sobre como chegamos aqui. X11 não é o protocolo mais seguro. Ele foi projetado em tempos mais amigáveis e houve vários esforços para torná-lo mais seguro ao longo dos anos, incluindo a execução em um túnel de shell seguro. O encapsulamento do X11 reduz quase todas as vulnerabilidades do X11. Um que resta é o risco de exibir janelas de sistemas não confiáveis. Foi feito um esforço para declarar um subconjunto seguro do protocolo que impediria a implantação de farejadores de chaves e similares. O projeto, embora tecnicamente bem-sucedido, tem alguns desafios do mundo real, como o fato estranho de que encontrar programas que usam apenas o subconjunto seguro é realmente difícil, porque muitas das funcionalidades desativadas são muito úteis,
A outra possibilidade é que o encaminhamento do X11 seja ativado apenas em um host específico. A maneira mais fácil de verificar se esse é o problema é usar o
-Ysinalizador com ssh para ativar o encaminhamento confiável do X11. Se isso resolver, adicione ambas as linhas de permissão direta às seções relevantes do host do seu arquivo de configuração ssh.fonte
No meu ambiente Ubuntu (padrão), recebi a mensagem de falha do xterm over ssh "... programa suid-root ..." (veja acima), mesmo com todas as configurações de encaminhamento apropriadas. Esse comportamento desapareceu logo que o sshd está configurado para usar apenas IPv4, devido a um bug de encaminhamento do X11 no SSH se o IPv6 no sistema estiver desativado.
fonte
Eu editei
adicionou as seguintes linhas
e meu problema foi corrigido :)
fonte
eu estava sofrendo do mesmo problema, funcionando bem depois de fazer o seguinte
export DISPLAY=':0'e você pode adicioná-lo/etc/environmentpara torná-lo permanentexhost +local:fonte