OpenSSH V8.9-1I01 introduced support for X11 Port Forwarding on the server side (X11 Port Forwarding via OpenSSH enables users to connect to an SSH server on the VSI OpenVMS host and run X11 client programs, which will appear on their local display).
In the past few days I have been unsuccessfully testing this new feature using VMS x86-64 V9.2-2UPD2 + DWMOTIF V1.8 + OpenSSH V8.9-1I01 + SSL3 V3.0-14 + MobaXterm Professional Edition v24.0 build 52.04.
Even though the openssh seems to be configured correctly and decw$xauth adds the security records correctly, I always get the same error when I try to run any graphical application:
Xlib: connection to "_WSAx:" refused by server
Xlib: MoTTY X11 proxy: No authorisation provided
%DECW-E-CANT_OPEN_DISPL, Can't open display
Code: Select all
system_dirac_opa0 >product show product vms/full
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
PRODUCT KIT TYPE STATE MAINTENANCE REFERENCED BY
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
VSI X86VMS VMS V9.2-2 Oper System Installed VSI X86VMS VMS922X_PCSI V1.0 VSI X86VMS DWMOTIF V1.8
VSI X86VMS VMS922X_UPDATE V2.0 VSI X86VMS KERBEROS V3.3-2A
VSI X86VMS VMS922X_UPDATE V1.0 VSI X86VMS OPENVMS V9.2-2
VSI X86VMS TCPIP V6.0-25
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
1 item found
VMSINSTAL history file DISK$DIRAC_X86SYS:[VMS$COMMON.][SYSUPD]VMSINSTAL.HISTORY;1 contains additional information
system_dirac_opa0 >product sho product *
------------------------------------ ----------- ---------
PRODUCT KIT TYPE STATE
------------------------------------ ----------- ---------
VSI X86VMS DECNET_PHASE_IV V9.2-2 Full LP Installed
VSI X86VMS DWMOTIF V1.8 Full LP Installed
VSI X86VMS DWMOTIF_SUPPORT V9.2-2 Full LP Installed
VSI X86VMS KERBEROS V3.3-2A Full LP Installed
VSI X86VMS OPENSSH V8.9-1I01 Full LP Installed
VSI X86VMS OPENVMS V9.2-2 Platform Installed
VSI X86VMS SSL111 V1.1-1W Full LP Installed
VSI X86VMS SSL3 V3.0-14 Full LP Installed
VSI X86VMS SSL31 V3.1-4 Full LP Installed
VSI X86VMS T4 V4.4-E Full LP Installed
VSI X86VMS TCPIP V6.0-25 Full LP Installed
VSI X86VMS VMS V9.2-2 Oper System Installed
VSI X86VMS VMSI18N V9.2 Full LP Installed
------------------------------------ ----------- ---------
system_dirac_opa0 >product sho his *ssh*/since
------------------------------------ ----------- ----------- --- -----------
PRODUCT KIT TYPE OPERATION VAL DATE
------------------------------------ ----------- ----------- --- -----------
VSI X86VMS OPENSSH V8.9-1I01 Full LP Install Val 19-AUG-2024
VSI X86VMS OPENSSH V8.9-1H Full LP Remove - 19-AUG-2024
------------------------------------ ----------- ----------- --- -----------
2 items found
system_dirac_opa0 >sshver
Information on DIRAC for OpenVMS images installed on this system:
Name Version Build Link date
----------------------------------------- ------------- ---------- -------------
SSH$SCP.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SFTP.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-ADD.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-AGENT.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-KEYGEN.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-KEYSCAN.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SFTP-SERVER.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-KEYSIGN.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-PKCS11-HELPER.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-SK-HELPER.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSHD.EXE V8.9-1I04 00000000 12-AUG-2024
system_dirac_opa0 >type ssh$root:[etc]sshd_config.
...
#---
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no
#---
system_dirac >sho disp
Device: WSA1: [user]
Node: dirac.digital.com
Transport: TCPIP
Server: 10
Screen: 0
system_dirac_opa0 >mc decw$xauth list
dirac.digital.com:10 MIT-MAGIC-COOKIE-1 f074476f32c1fd7ad44a5ded9560f93f
dirac.digital.com:11 MIT-MAGIC-COOKIE-1 c6f4b69bff6c0fbb1bc37e40756ccac9
system_dirac_opa0 >search dirac_hpe-cnd1483thp_00000444.log "xauth" /windows=(2,5)
debug1: channel 1: new [X11 inet listener]
debug3: vms_change_process_owner: Switching owner to user system
debug1: Running xauth "-q" add dirac.digital.com:10 MIT-MAGIC-COOKIE-1 f074476f32c1fd7ad44a5ded9560f93f
debug3: vms_change_process_owner: Restoring owner of user
debug3: send packet: type 99
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
...
However, using the same openssh configuration settings with the VMS field test release E9.2-3 + DWMOTIF V1.8-1 (and obviously OpenSSH V8.9-1I01 + SSL3 V3.0-14 + MobaXterm Professional Edition v24.0 build 52.04), the X11 ssh Port Forwarding functionality works perfectly and without errors.
Code: Select all
system_ft923> product show product vms/full
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
PRODUCT KIT TYPE STATE MAINTENANCE REFERENCED BY
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
VSI X86VMS VMS E9.2-3 Oper System Installed VSI X86VMS DWMOTIF V1.8-1
VSI X86VMS KERBEROS V3.3-3
VSI X86VMS OPENVMS E9.2-3
VSI X86VMS TCPIP V6.0-25
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
1 item found
system_ft923> product sho product *
------------------------------------ ----------- ---------
PRODUCT KIT TYPE STATE
------------------------------------ ----------- ---------
VMSPORTS X86VMS PERL534 T5.34-0 Full LP Installed
VSI X86VMS AVAIL_MAN_BASE E9.2-3 Full LP Installed
VSI X86VMS DECNET_PHASE_IV E9.2-3 Full LP Installed
VSI X86VMS DWMOTIF V1.8-1 Full LP Installed
VSI X86VMS DWMOTIF_SUPPORT E9.2-3 Full LP Installed
VSI X86VMS KERBEROS V3.3-3 Full LP Installed
VSI X86VMS OPENSSH V8.9-1I01 Full LP Installed
VSI X86VMS OPENVMS E9.2-3 Platform Installed
VSI X86VMS SSL111 V1.1-1W Full LP Installed
VSI X86VMS SSL3 V3.0-14 Full LP Installed
VSI X86VMS TCPIP V6.0-25 Full LP Installed
VSI X86VMS VMS E9.2-3 Oper System Installed
------------------------------------ ----------- ---------
system_ft923> product sho hist *ssl*/sin
------------------------------------ ----------- ----------- --- -----------
PRODUCT KIT TYPE OPERATION VAL DATE
------------------------------------ ----------- ----------- --- -----------
VSI X86VMS SSL3 V3.0-14 Full LP Install Val 21-AUG-2024
VSI X86VMS SSL3 V3.0-13 Full LP Remove - 21-AUG-2024
------------------------------------ ----------- ----------- --- -----------
2 items found
system_ft923> sshver
Information on FT923 for OpenVMS images installed on this system:
Name Version Build Link date
----------------------------------------- ------------- ---------- -------------
SSH$SCP.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SFTP.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-ADD.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-AGENT.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-KEYGEN.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-KEYSCAN.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SFTP-SERVER.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-KEYSIGN.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-PKCS11-HELPER.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSH-SK-HELPER.EXE V8.9-1I04 00000000 12-AUG-2024
SSH$SSHD.EXE V8.9-1I04 00000000 12-AUG-2024
system_ft923> type ssh$root:[etc]sshd_config.
...
#---
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no
#---
...
system_ft923> mc decw$xauth list
ft923.digital.com:10 MIT-MAGIC-COOKIE-1 1c599c71bc1641f642da4dd01a5d85a9
ft923.digital.com:11 MIT-MAGIC-COOKIE-1 4799e01248ef5a8d1f911854185630af
system_ft923> search ft923_192_168_1_3_00000430.log "xauth" /windows=(2,5)
debug1: channel 1: new [X11 inet listener]
debug3: vms_change_process_owner: Switching owner to user system
debug1: Running xauth "-q" add ft923.digital.com:10 MIT-MAGIC-COOKIE-1 1c599c71bc1641f642da4dd01a5d85a9
debug3: vms_change_process_owner: Restoring owner of user
debug3: send packet: type 99
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
...
Considering that the OpenSSH 8.9-1I01 release notes state that X11 Port Forwarding Feature is fully supported starting with VMS x86-64 V9.2-1 and later along with VSI SSL3 V3.0-13 and later and DWMotif V1.8, I am starting to suspect that I am missing some undocumented setting in the V9.2-2 environment or that X11 ssh Port Forwarding effectively requires Motif 1.8-1 and/or some libraries present only in E9.2-3.
Any suggestions will be greatly appreciated,
/Maurizio