SSH経由で転送されたXクライアント "ディスプレイを開けません:localhost:11.0"
SSHサーバーが実行されているリモートマシンでX転送を有効にしました。
# grep -i forward /etc/ssh/sshd_config
X11Forwarding yes
#
ローカルマシンでは、-Xフラグを使用してSSHクライアントを起動し、リモートマシンで実行されているSSHサーバーにXサーバープロキシをセットアップするように指示しています。さらに、このプロキシを指す$DISPLAY変数を作成し、xauthを呼び出して、リモートマシン上のこのXサーバープロキシに対して認証するproxy keyをインストールします。
# echo "$DISPLAY"
localhost:11.0
# xauth list | grep 11
A58/unix:11 MIT-MAGIC-COOKIE-1 39324086672d1ae35e373476c3891a77
#
ただし、リモートマシン上のXクライアントは正しく起動しません。
# wireshark
(wireshark:10083): Gtk-WARNING **: cannot open display: localhost:11.0
# xterm
Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
xterm: Xt error: Can't open display: %s
#
X転送はxhostを使用しないため、少なくともこれは除外できます。 find /var/log/ -mmin -5 -type fコマンドを使用して、SSHサーバーが実行されているマシンとSSHクライアントが実行されているマシンの両方でいくつかの有用なログエントリを見つけようとしましたが、ヒントはありませんでした。 SSHサーバーのバージョンはOpenSSH_5.9p1で、SSHクライアントのバージョンはOpenSSH_5.2p1です。リモートマシンの/tmp/.X11-unix/ディレクトリの出力を以下に示します。
# ls -la /tmp/.X11-unix/
total 0
drwxrwxrwt 2 root root 40 Dec 9 15:44 .
drwxrwxrwt 4 root root 80 Jan 13 09:17 ..
#
上記のように、Unixドメインソケットはありません。 strace xtermの出力は次のとおりです。
# strace xterm
execve("/usr/bin/xterm", ["xterm"], [/* 16 vars */]) = 0
brk(0) = 0x9e50000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bd000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=42995, ...}) = 0
mmap2(NULL, 42995, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77b2000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXft.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\3604\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=82952, ...}) = 0
mmap2(NULL, 85732, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb779d000
mmap2(0xb77b1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0xb77b1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXaw.so.7", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\327\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=428900, ...}) = 0
mmap2(NULL, 432592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7733000
mmap2(0xb7796000, 28672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x62) = 0xb7796000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/libutempter.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\6\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=4572, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7732000
mmap2(NULL, 7432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7730000
mmap2(0xb7731000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xb7731000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libtinfo.so.5", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0Pd\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=125416, ...}) = 0
mmap2(NULL, 129100, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7710000
mmap2(0xb772d000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c) = 0xb772d000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/i686/cmov/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240o\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1413288, ...}) = 0
mmap2(NULL, 1427832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb75b3000
mprotect(0xb7709000, 4096, PROT_NONE) = 0
mmap2(0xb770a000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x156) = 0xb770a000
mmap2(0xb770d000, 10616, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb770d000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libfontconfig.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300J\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=215828, ...}) = 0
mmap2(NULL, 219492, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb757d000
mmap2(0xb75b1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x33) = 0xb75b1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libX11.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240g\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1273544, ...}) = 0
mmap2(NULL, 1277496, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7445000
mmap2(0xb7579000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x133) = 0xb7579000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXmu.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200N\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=102028, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7444000
mmap2(NULL, 101644, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb742b000
mmap2(0xb7443000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0xb7443000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXt.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\315\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=380284, ...}) = 0
mmap2(NULL, 380628, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb73ce000
mmap2(0xb7427000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x59) = 0xb7427000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libICE.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300:\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=92148, ...}) = 0
mmap2(NULL, 102224, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb73b5000
mmap2(0xb73cb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xb73cb000
mmap2(0xb73cd000, 3920, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb73cd000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libfreetype.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\202\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=632928, ...}) = 0
mmap2(NULL, 635732, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7319000
mmap2(0xb73b0000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x96) = 0xb73b0000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXrender.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\25\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=35744, ...}) = 0
mmap2(NULL, 38540, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb730f000
mmap2(0xb7318000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0xb7318000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXext.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`,\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=70320, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb730e000
mmap2(NULL, 73416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72fc000
mmap2(0xb730d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10) = 0xb730d000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXpm.so.4", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P%\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=67776, ...}) = 0
mmap2(NULL, 66460, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72eb000
mmap2(0xb72fb000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10) = 0xb72fb000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libz.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\32\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=90192, ...}) = 0
mmap2(NULL, 92868, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72d4000
mmap2(0xb72ea000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xb72ea000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libexpat.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@#\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=165192, ...}) = 0
mmap2(NULL, 167996, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72aa000
mprotect(0xb72d0000, 4096, PROT_NONE) = 0
mmap2(0xb72d1000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26) = 0xb72d1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libxcb.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\221\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=136968, ...}) = 0
mmap2(NULL, 139728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7287000
mmap2(0xb72a8000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x20) = 0xb72a8000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/i686/cmov/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\n\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=9844, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7286000
mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7282000
mmap2(0xb7284000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7284000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libSM.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \26\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=28320, ...}) = 0
mmap2(NULL, 31120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb727a000
mmap2(0xb7281000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0xb7281000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXau.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\n\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=8592, ...}) = 0
mmap2(NULL, 11384, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7277000
mmap2(0xb7279000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7279000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXdmcp.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\17\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=19364, ...}) = 0
mmap2(NULL, 22144, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7271000
mmap2(0xb7276000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4) = 0xb7276000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libuuid.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\22\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=17992, ...}) = 0
mmap2(NULL, 20716, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb726b000
mmap2(0xb726f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xb726f000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb726a000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7269000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7269700, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb726f000, 4096, PROT_READ) = 0
mprotect(0xb7284000, 4096, PROT_READ) = 0
mprotect(0xb72a8000, 4096, PROT_READ) = 0
mprotect(0xb72d1000, 8192, PROT_READ) = 0
mprotect(0xb73b0000, 16384, PROT_READ) = 0
mprotect(0xb7427000, 4096, PROT_READ) = 0
mprotect(0xb75b1000, 4096, PROT_READ) = 0
mprotect(0xb770a000, 8192, PROT_READ) = 0
mprotect(0xb772d000, 8192, PROT_READ) = 0
mprotect(0x80a9000, 4096, PROT_READ) = 0
mprotect(0xb77db000, 4096, PROT_READ) = 0
munmap(0xb77b2000, 42995) = 0
geteuid32() = 0
getegid32() = 0
getuid32() = 0
getgid32() = 0
setuid32(0) = 0
brk(0) = 0x9e50000
brk(0x9e71000) = 0x9e71000
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
open("/proc/meminfo", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "MemTotal: 2039468 kB\nMemF"..., 1024) = 1024
close(3) = 0
munmap(0xb77bc000, 4096) = 0
socket(PF_NETLINK, SOCK_RAW, 0) = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=16008, groups=00000000}, [12]) = 0
time(NULL) = 1389599545
sendto(3, "\24\0\0\0\26\0\1\0039\233\323R\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0009\233\323R\210>\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 164
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0009\233\323R\210>\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 320
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0009\233\323R\210>\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=475, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 475
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb77bc000, 4096) = 0
open("/etc/Host.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=9, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "multi on\n", 4096) = 9
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb77bc000, 4096) = 0
getpid() = 16008
open("/etc/resolv.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=108, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "domain data.ee\nsearch data.ee li"..., 4096) = 108
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb77bc000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=42995, ...}) = 0
mmap2(NULL, 42995, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77b2000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/i686/cmov/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\32\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=42628, ...}) = 0
mmap2(NULL, 45768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb725d000
mmap2(0xb7267000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9) = 0xb7267000
close(3) = 0
mprotect(0xb7267000, 4096, PROT_READ) = 0
munmap(0xb77b2000, 42995) = 0
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=256, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "127.0.0.1\tlocalhost\n127.0.1.1\tTh"..., 4096) = 256
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb77bc000, 4096) = 0
socket(PF_INET, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_TCP) = 3
setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(6011), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ETIMEDOUT (Connection timed out)
close(3) = 0
open("/usr/lib/i386-linux-gnu/X11/XtErrorDB", O_RDONLY) = -1 ENOENT (No such file or directory)
getuid32() = 0
geteuid32() = 0
getuid32() = 0
write(2, "Warning: This program is an suid"..., 302Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
) = 302
write(2, "xterm: ", 7xterm: ) = 7
write(2, "Xt error: Can't open display: %s"..., 33Xt error: Can't open display: %s
) = 33
exit_group(1) = ?
#
strace xtermは、以下の行を印刷した後60秒間ハングします。
connect(3、{sa_family = AF_INET、sin_port = htons(6011)、sin_addr = inet_addr( "127.0.0.1")}、16
編集:127.0.0.0/8から127.0.0.0/8への接続を許可した後、connectシステムコールを渡すことができましたが、問題は無効なMIT-MAGIC-COOKIE-1キーであるようです:
connect(3, {sa_family=AF_INET, sin_port=htons(6010), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
getpeername(3, {sa_family=AF_INET, sin_port=htons(6010), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
uname({sys="Linux", node="ThinkCentreA58", ...}) = 0
access("/root/.Xauthority", R_OK) = 0
open("/root/.Xauthority", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0600, st_size=522, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7726000
read(4, "\0\0\0\4\177\0\0\1\0\0041000\0\22MIT-MAGIC-COOKIE"..., 4096) = 522
read(4, "", 4096) = 0
close(4) = 0
munmap(0xb7726000, 4096) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(37220), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"l\0\v\0\0\0\22\0\20\0\0\0", 12}, {"", 0}, {"MIT-MAGIC-COOKIE-1", 18}, {"\0\0", 2}, {"I%f9\331-f\f\235i\321\354:a~\341", 16}, {"", 0}], 6) = 48
recv(3, 0x94b0ec8, 8, 0) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
recv(3, "\0\36\v\0\0\0\10\0", 8, 0) = 8
recv(3, "Invalid MIT-MAGIC-COOKIE-1 key\0\0", 32, 0) = 32
write(2, "Invalid MIT-MAGIC-COOKIE-1 key", 30Invalid MIT-MAGIC-COOKIE-1 key) = 30
shutdown(3, 2 /* send and receive */) = 0
close(3) = 0
open("/usr/lib/i386-linux-gnu/X11/XtErrorDB", O_RDONLY) = -1 ENOENT (No such file or directory)
getuid32() = 0
geteuid32() = 0
getuid32() = 0
write(2, "Warning: This program is an suid"..., 302Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
) = 302
write(2, "xterm: ", 7xterm: ) = 7
write(2, "Xt error: Can't open display: %s"..., 33Xt error: Can't open display: %s
) = 33
exit_group(1) = ?
#
トラブルシューティングを進める方法はありますか?
これは、それがどのように機能するかの非常に基本的な方法です。
クライアント/ローカルマシン(Xorgがクライアントにインストールされている)でこれを試してください:
$ xhost +
access control disabled, clients can connect from any Host
後で試す:
$ ssh -AY user@Host xterm
または
$ ssh -AX user@Host xterm
非標準クライアントでは、xhostが必要になる場合があります。
チェック 9.3.5.6。非標準Xクライアント
同じ問題がありました。リモートにXauthがありませんでした。
Sudo apt-get install xauth
問題を解決しました。
最初にデバッグ方法論のポイントです。xtermをrootとして実行すると、有用な診断メッセージは出力されないため、xtermのトラブルシューティングを行うときは、通常のユーザーとして実行してください。
問題については、X11転送にはセキュアと特権の2つのタイプがあり、おそらくForwardX11Trusted yes。彼らは常にそれを有効にするので、あなたはDebianと派生物でそれを必要としません。
どうやってここに来たかについての背景。 X11は最も安全なプロトコルではありません。友好的な時期に設計され、安全なシェルトンネルを介して実行するなど、長年にわたってより安全にするために多くの努力がなされてきました。 X11のトンネリングは、X11の脆弱性のほとんどすべてを軽減します。残っているのは、信頼できないシステムからのウィンドウを表示するリスクです。キースニファーなどの展開を妨げるプロトコルの安全なサブセットを宣言するための努力が行われました。プロジェクトは技術的には成功していますが、多くの無効化された機能は非常に便利であり、ほとんどの人が完全なプロトコルを使用する許可は、制限されたサブセットで動作するプログラムを作成するためのほとんどのドライブです。
もう1つの可能性は、X11転送が特定のホストでのみ有効になっていることです。これが問題であるかどうかを確認する最も簡単な方法は、-Yフラグでsshを使用して、信頼できるX11転送を有効にします。それが解決した場合、ssh構成ファイルの関連するHostセクションに両方のforward allow行を追加します。
私の(標準の)Ubuntu環境では、適切な転送設定がすべて行われている場合でも、xterm over sshエラーメッセージ "... suid-root program ..."(上記を参照)が表示されました。システム上のIPv6が無効になっている場合、SSHのX11転送バグのため、sshdがIPv4のみを使用するように構成され、すぐにこの動作はなくなりました。
vi /etc/ssh/sshd_config
AddressFamily inet
service ssh reload
編集した
vim /etc/hosts
次の行を追加しました
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
そして私の問題は修正されました:)
私は同じ問題に苦しんでいました、次のことをした後でうまくいきました
- 非稼働端末(私の場合はルート)からディスプレイを設定します:
export DISPLAY=':0'と/etc/environmentに追加して永続的にすることができます - 動作している端末(私の場合はユーザー端末)から
xhost +local:を実行します