problem with OpenSSH X11 port forwarding

All types of networks, network stacks, and protocols supported by OpenVMS.

Topic author
joukj
Master
Posts: 239
Joined: Thu Aug 27, 2020 5:50 am
Reputation: 0
Status: Offline

problem with OpenSSH X11 port forwarding

Post by joukj » Fri Aug 30, 2024 9:19 am

I installed the latest OpenSSH (I01) on my OpenVMS X86_64 9.2-2 system switched the X11forwarding on and tried to use X11-forwarding when loging in from a Fedora 40 machine. It seems not to work (see the output/error list below (vleegert is the Fedora 40 machine, samba the OpenVMS machine)

What is wrong???


Jouk


Code: Select all

vleegert-jj ) ssh -X 131.180.116.46

 Welcome to OpenVMS (TM) x86_64 Operating System, Version V9.2-2  
joukj@131.180.116.46's password: 

    Last interactive login on Friday, 30-AUG-2024 14:53:33.62
    Last non-interactive login on Wednesday, 17-NOV-1858 00:00:00.00

samba-jj) sh display

    Device:    WSA12:  [user]
    Node:      samba.nano.tudelft.nl
    Transport: TCPIP
    Server:    10
    Screen:    0

samba-jj) mc decw$clock
X11 connection rejected because of wrong authentication.
XIO:  fatal IO error 65535 (network partner disconnected logical link) on X serv
er "_WSA12:"
      after 0 requests (0 known processed) with 0 events remaining.
X Error of failed request:  BadConnection (fatal error on display connection)
  Major opcode of failed request:  1 (X_CreateWindow)
  Serial number of failed request:  0
  Current serial number in output stream:  0
%XLIB-E-ERROREVENT, error event received from server
Xlib: client uses different protocol version (11) than server (0)!
X Toolkit Error: Can't Open display
%DWT-F-NOMSG, Message number 03AB8204
samba-jj) sh sys/noproc
OpenVMS V9.2-2  on node SAMBA   30-AUG-2024 14:55:45.95   Uptime  37 05:40:06


User avatar

m_detommaso
Master
Posts: 110
Joined: Thu Jun 06, 2019 6:57 am
Reputation: 1
Location: Brindisi (Italy)
Status: Offline
Contact:

Re: problem with OpenSSH X11 port forwarding

Post by m_detommaso » Fri Aug 30, 2024 10:20 am

It seems to be very similar to the problem I reported via the post :

https://forum.vmssoftware.com/viewtopic.php?f=9&t=9209

/Maurizio
Last edited by m_detommaso on Fri Aug 30, 2024 11:05 am, edited 1 time in total.

User avatar

martinv
Master
Posts: 141
Joined: Fri Jun 14, 2019 11:05 pm
Reputation: 0
Location: Goslar, Germany
Status: Offline
Contact:

Re: problem with OpenSSH X11 port forwarding

Post by martinv » Mon Sep 02, 2024 5:57 am

Just a data point: In my E9.2-3 + OpenSSH 8.9-1I01 installation, accessed from a Windows system with PuTTY 0.81 and Exceed 15 works.

Configuration settings:
SSH$ROOT:[ETC]sshd_config. : StrictModes no (another problem altogether), X11Forwarding yes
PuTTY settings : Connection / SSH / X11 : Enable X11 forwarding, display location localhost:1.0, authentication protocol MIT-Magic-Cookie-1
Exceed started in passive mode on display 1.0

I can see the file SYS$LOGIN:DECW$XAUTHORITY.DECW$XAUTH being created.

BTW: Testing with DECW$EXAMPLES:ICO.EXE often has better error messages than "normal" DECW applictions.
Last edited by martinv on Mon Sep 02, 2024 5:58 am, edited 1 time in total.
Opportunity is missed by most people because it is dressed in overalls and looks like work.
(Thomas A. Edison)


greg@tssolutions.com.au
Contributor
Posts: 22
Joined: Wed May 29, 2024 10:29 am
Reputation: 0
Location: Australia
Status: Offline
Contact:

Re: problem with OpenSSH X11 port forwarding

Post by greg@tssolutions.com.au » Wed Oct 02, 2024 9:06 am

Rechecked via putty (0.81) with X11 security turned off (xhost +), every thing seems in order but it does not work.

As a test
$ set displ/creat/node=x.x.x.x/tran=tcp/serv=0/screen=0
$ create/term
Worked fine
$ Set display/dele
Which resets it back to the ssh connection
Xlib: PuTTY X11 proxy: No authorisation provided

Test using OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
> set display=localhost:0
> ssh -X xx@vms
$ create/term
Works fine

As does using Putty to Ubuntu, OpenSSH_8.9p1 Ubuntu-3ubuntu0.10, OpenSSL 3.0.2 15 Mar 2022

All very confusing.
Still feel it is a handshaking issue between Putty (and/or Cygwin) and our implementation of X11forwarding.
gt
VMS Ambassador
Downunder


greg@tssolutions.com.au
Contributor
Posts: 22
Joined: Wed May 29, 2024 10:29 am
Reputation: 0
Location: Australia
Status: Offline
Contact:

Re: problem with OpenSSH X11 port forwarding

Post by greg@tssolutions.com.au » Fri Oct 04, 2024 1:21 am

Opps

The following was incorrect:
Test using OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
> set display=localhost:0
> ssh -X xx@vms
$ create/term
Works fine

It does no, I had a catch-all in my login that set the display if not already set.
The real error for this was

Warning: untrusted X11 forwarding setup failed: xauth key data not generated

So neither Putty of W11 ssh X11q forwarding worked connecting to VMS. Detailed logs are available.
gt
VMS Ambassador
Downunder


Topic author
joukj
Master
Posts: 239
Joined: Thu Aug 27, 2020 5:50 am
Reputation: 0
Status: Offline

Re: problem with OpenSSH X11 port forwarding

Post by joukj » Wed Oct 23, 2024 10:24 am

I got it more or less working on OpenVMS V8.4-2LI (AXP) an OpenSSH 8.9-1J
most things ( i.e. "crea/term") work, but "mc decw$clock" give a hard crash


rick.retterer
Visitor
Posts: 2
Joined: Fri Aug 06, 2021 3:16 pm
Reputation: 0
Status: Offline

Re: problem with OpenSSH X11 port forwarding

Post by rick.retterer » Mon Oct 28, 2024 12:29 pm

Hi,
Hello,

I am from the OpenVMS Support Team. We do have X11 Forwarding working in both OpenSSH V8.9-1i01 as well as OpenSSH V8.9-1J. I use it every day in my job here at VSI, so I know it works as it should.

Pre-Reqs:

OpenVMS X86 V9.2-2 w/Update 2. You will want to have the OpenVMS DECWindows Update V1.8-2 installed.

OpenVMS Alpha, you will need to have V1.7-0E or later installed. In addition, you will need to install the RTLv9 update kit when it becomes available. We found that there are some POSIX memory allocation routines that are causing issues in RTLv6 and later that were causing some issues. This is fixed in the forthcoming RTLv9 release.

OpenVMS IA64, you will want to have DECWindows V1.7-0E or later installed, and like the Alpha Architecture, you will also need to have RTLv9 installed for everything to work as you expect.

What doesn't work, is X11 Forwarding in this case acting as a proxy to allow you to bounce a Decwindows app from a OpenVMS system, to a PC, to yet another PC. In other words, using a Xwindows Client to function as a X11 Proxy to allow a DECWindows application to be displayed from OpenVMS to a PC or Linux X11 Server, and then sending that application to yet another PC or Linux X11 Xserver.

Simple Example:
OpenVMS (DECW$CLOCK) --> Windows 11, XMING w/Putty --> Windows 11, Xming w/Putty

How to remotely display X11 application on an Ubuntu 20 desktop

On the client Ubuntu Desktop system

An Ubuntu 24.04 desktop, is by default not supporting displaying remote X11 based applications as Ubuntu X Windows system is based on "Wayland" instead of the one from X.org. You can easily check this with the command:

$ echo $XDG_SESSION_TYPE
wayland


When you see as output "wayland" instead of "x11" then you know we have some work to perform to allow remote X11 application to be able to pop-up on our Ubuntu desktop.

To modify this please edit the /etc/gdm3/custom.conf file and uncomment the "WaylandEnable" line as follows and restart the system:

# Uncomment the line below to force the login screen to use Xorg:

WaylandEnable=false

Next:

To accept "x11" applications add the following to your personal Secure Shell config file ($HOME/.ssh/config) as global variables:

ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes


On the remote system where the x11 application runs:

To allow X11 forwarding on the remote system we also need to make sure that in the /etc/ssh/ssh_config file (not your local Ubuntu desktop system) we uncomment or add the following lines:

# ForwardAgent no
ForwardX11 yes
ForwardX11Trusted yes

Furthermore, also edit the /etc/ssh/sshd_config file and define the following settings:

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no


The X11UseLocalhost no setting is required to avoid the error message X11 forwarding request failed on channel 0 [2].

And finally, restart the Secure Shell daemon (sshd) with the command : sudo systemctl restart sshd

The Remote X11 test:
On your Ubuntu desktop, bring up a terminal window, and execute the command: "xhost +" (without the quotes).

Again, from your Ubuntu desktop (via a terminal window) login on the remote server from where you want to launch a x11 application and get it visible on your Ubuntu desktop. Therefore, use the following command:

ssh username@fully.qual.domain.name

Now, you can launch any available x11 application and have that application's GUI interface displayed on your Ubuntu desktop, e.g. /usr/bin/xclock -or- /usr/bin/xterm etc...

For SYSTEMS using MS-Windows 10 or MS-Windows 11 and using Xvnc, Xming, ReflectionsX, eXceed, MobaXterm.

On Your OpenVMS System:

1) Set your default directory to be SSH$ROOT:[ETC]

2) Edit your SSH_CONFIG.

3) Just below the line that has "# ForwardAgent no" add the following two lines:

ForwardX11 yes
ForwardX11Trusted yes

4) Save the file and exit the editor.

5) Next, edit the SSHD_CONFIG. file.

6) Locate the line that reads: "#GatewayPorts no", add or uncomment the three lines shown below:

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no


7) Save the file and exit your editor.

8) This will require a restart of OpenSSH on all versions of OpenVMS that are using OpenSSH V8.9-1i01 or later.

NOTE: Doing this will drop all OpenSSH connections. Do not do this from an SSH login on OpenVMS either.
Instead, use "Telnet" to do this or use a connection through the Remote Console Login.

9) After restarting OpenSSH on the OpenVMS system you will need to start your PC-Xserver. Then initiate a SSH session via putty or your favorite terminal emulator that supports SSH connections.

If on Putty, then make sure you have X11 Forwarding enabled.

Category: CONNECTIONS --> SSH -->X11 --> ENABLE X11 FORWARDING AND MIT-MAGIC-COOKIE-1

You should be able to leave X-DISPLAY-LOCATION and X AUTHORITY FILE FOR LOCAL DISPLAY options BLANK.

These are the exact steps that I've been able to use to get DECWindows Apps (including an entire CDE New Desktop session) to display on my local PC, From Boston MA, to Houston, Tx.

Rick Retterer

User avatar

m_detommaso
Master
Posts: 110
Joined: Thu Jun 06, 2019 6:57 am
Reputation: 1
Location: Brindisi (Italy)
Status: Offline
Contact:

Re: problem with OpenSSH X11 port forwarding

Post by m_detommaso » Mon Oct 28, 2024 2:31 pm

Excellent technical article, Rick; thanks for sharing.

Just an observation: for V9.2-2 w/Update2 one prerequisite is Motif V1.8-2, but this update kit is not available on service platform; so I suspect it is only available internally to VSI team.

My tests confirmed also that X11Forwarding works with E9.2-3 and Motif 1.8-1 https://forum.vmssoftware.com/viewtopic ... ing#p22161

/Maurizio
Last edited by m_detommaso on Mon Oct 28, 2024 2:32 pm, edited 1 time in total.


Topic author
joukj
Master
Posts: 239
Joined: Thu Aug 27, 2020 5:50 am
Reputation: 0
Status: Offline

Re: problem with OpenSSH X11 port forwarding

Post by joukj » Tue Oct 29, 2024 9:39 am

This explains why we had problems :
-V9.2-2 does work unless you have an unreleased version of Decwindows
-Some applications fail because there are bugs in the RTL which will be fixed in RTL V9.0 (release date TBD)

BTW what version of RTL is included in V9.2-2 & V9.2-3?


gcalliet
Contributor
Posts: 11
Joined: Mon Aug 05, 2024 11:13 am
Reputation: 0
Status: Offline

Re: problem with OpenSSH X11 port forwarding

Post by gcalliet » Tue Oct 29, 2024 1:38 pm

Very interesting.

On my side, I installed the new versions of OpenVMS and OpenSSH on a virtual machine to test that. And I have got another problem.
See post : https://forum.vmssoftware.com/viewtopic.php?f=9&t=9247

I think it is not a x11 forwarding problem. Something more general about ssh.

Message on the sesssion log :

SSH$ROOT:[000000.VAR]x881_192_168_1_107_000004b5.log;1

Accepted password for system from 192.168.1.107 port 0 ssh2
vms_update_sysuaf_valid_access: vms_add_login_msg failed with status 0


My products:
$ product sho prod openssh/full
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
PRODUCT KIT TYPE STATE MAINTENANCE REFERENCED BY
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
VSI X86VMS OPENSSH V8.9-1H01 Full LP Installed VSI X86VMS OPENVMS E9.2-3
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
1 item found
$ product sho prod openvms/full
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
PRODUCT KIT TYPE STATE MAINTENANCE REFERENCED BY
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
VSI X86VMS OPENVMS E9.2-3 Platform Installed
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
1 item found
$ product sho prod dwmotif/full
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
PRODUCT KIT TYPE STATE MAINTENANCE REFERENCED BY
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
VSI X86VMS DWMOTIF V1.8-1 Full LP Installed VSI X86VMS OPENVMS E9.2-3
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------

Have someone had this problem?

Post Reply