From a WS2019 box, i try to open a graphic display (firewall-config) on a remote RHEL/v8.7 vm (hostname: PAxAnsible) via a SSH/bash/root session but i get …
unable to init server: could not connect: connection refused
Gtk-WARNING **: 16:06:18.402: cannot open display
… and concludes with the same messages. -The specified path is where firewall-config resides on PAxAnsible. -I also tried targeting root@PAxAnsible and get the same results. -PAxAnsible is a member or our private SSO/vSphere domain InfraMgmt.PAx.
What am i doing wrong; what do i do to resolve this issue?
While looking over the verbose debug, i found the concluding rows to be most relevant (and i’m not limited in posting them) …
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:VuNq2rGlROktEqligvcqJOtpp+vCnxNrfWwwuMnsUco
debug1: Host ‘172.20.0.28’ is known and matches the ECDSA host key.
debug1: Found key in C:\Users\Glenn/.ssh/known_hosts:15
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:YPwUAON7CfMJn5IZ4Y+NeknfOOvewr8l7FnZeJ9JaQM C:\Users\Glenn/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: C:\Users\Glenn/.ssh/id_dsa
debug1: Trying private key: C:\Users\Glenn/.ssh/id_ecdsa
debug1: Trying private key: C:\Users\Glenn/.ssh/id_ed25519
debug1: Trying private key: C:\Users\Glenn/.ssh/id_xmss
debug1: Next authentication method: password
debug1: read_passphrase: can’t open /dev/tty: No such file or directory
CreateProcessW failed error:2
ssh_askpass: posix_spawn: No such file or directory
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can’t open /dev/tty: No such file or directory
CreateProcessW failed error:2
ssh_askpass: posix_spawn: No such file or directory
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can’t open /dev/tty: No such file or directory
CreateProcessW failed error:2
ssh_askpass: posix_spawn: No such file or directory
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: No more authentication methods to try. root@172.20.0.28: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
Edit the file ~/.ssh/known_hosts file and remove line related to 172.20.0.28 and you should able to login. My next best guess is your version of ssh is older on WS2019. You need at least ssh version 8.1. Here is how to check ssh version:
I installed OpenSSH/v9.1.0 beta on the WS2019 client, cleaned up its known_hosts, but still get the display errors (cannot connect / gtk warning), however, i can login . I noticed that the target/server SSH is v8.0; is this an issue (should it be 8.1 or higher)? I did a yum upgrade openSSH on the server but got nothing to do; as a Linux novice, i’m a bit intimidated by downloading and installing a newer OpenSSH package (will it b a parallel install) … Also, running xterm results in an error …
Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
xterm: Xt error: Can't open display: %s
xterm: DISPLAY is not set
I searched on related issues that prescribe to set Display=:0.0 and tried such but it didn’t help. Next, i’ll create another user (not root) and try such (although i really don’t want to do this bs; i’m the only guy in this dev lab and it just seems ridiculous; that is, i’d like to continue working as root).
I previously set Display in PS, however, not quite the way u specified this time; i did such now and it seems I’ve (we’ve) made headway …
The last lines of the login are …
debug1: client_input_hostkeys: host key found matching a different name/address, skipping UserKnownHostsFile update
debug1: No xauth program.
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
Web console: https://PAxAnsible.InfraMgmt.PAx:9090/ or https://10.208.122.28:9090/
Last login: Wed Jan 4 21:13:02 2023 from 172.20.0.233
/usr/bin/xauth: file /root/.Xauthority does not exist
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 56610
connect 127.0.0.1 port 6000: Connection refused
debug1: failure x11
[root@PAxAnsible ~]#
… but notice that it logs me in; what’s up with the no xauth? When i invoke my goal, i get …
[root@PAxAnsible ~]# firewall-config
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 36306
connect 127.0.0.1 port 6000: Connection refused
debug1: failure x11
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 36312
connect 127.0.0.1 port 6000: Connection refused
debug1: failure x11
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 36316
connect 127.0.0.1 port 6000: Connection refused
debug1: failure x11
(firewall-config:24192): Gtk-WARNING **: 23:38:33.942: cannot open display: localhost:10.0
… this is different; seems headway has been made. xauth is installed but maybe configuration is missing …
Log out and login. Try the both -Y and -X option for the ssh. Also for the root user you need the following 3 config option enabled in the /etc/ssh/sshd_config on your RHEL box:
Thanks all ! I have some urgent admin work on the business side that i’ve been tied up with today. I’ll get into this later this evening and keep u posted.
I thought i’d check the .Xauthority contents first …
[root@PAxAnsible ~]# cat .Xauthority
[root@PAxAnsible ~]# x 10 MIT-MAGIC-COOKIE-1 i
… it’s jibberish to me. I deleted the file, created a new one, and then edited sshd_config; removed comments for those last two specs such that those 3 parameters are as stated (enabled). Logged out and tried it; i got errors. -I noticed that the connection was refused so i (for grins) disabled the PS/client firewall and tried again; still failed. Here’s the relative/(login and concluding) diax …
PS C:\Windows\system32> ssh -vY root@PAxAnsible
OpenSSH_for_Windows_9.1p1, LibreSSL 3.6.1
debug1: Connecting to paxansible [172.20.0.28] port 22.
debug1: Connection established.
...
Authenticated to paxansible ([172.20.0.28]:22) using "password".
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: exec
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: client_input_hostkeys: searching C:\\Users\\Glenn/.ssh/known_hosts for paxansible / (none)
debug1: client_input_hostkeys: searching C:\\Users\\Glenn/.ssh/known_hosts2 for paxansible / (none)
debug1: client_input_hostkeys: hostkeys file C:\\Users\\Glenn/.ssh/known_hosts2 does not exist
debug1: client_input_hostkeys: host key found matching a different name/address, skipping UserKnownHostsFile update
debug1: No xauth program.
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
Web console: https://PAxAnsible.InfraMgmt.PAx:9090/ or https://10.208.122.28:9090/
Last login: Thu Jan 5 20:54:08 2023 from 172.20.0.233
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 46404
connect 127.0.0.1 port 6000: Connection refused
debug1: failure x11
[root@PAxAnsible ~]# xterm
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 46410
connect 127.0.0.1 port 6000: Connection refused
debug1: failure x11
Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
xterm: Xt error: Can't open display: %s
The no xauth debug statements standout to me … I was concerned about the (none) in the debug for known_hosts so i also tried login for IP and got the same error. I looked at known_hosts contents; it has rows for both …
. I noticed that the target/server SSH is v8.0; is this an issue (should it be 8.1 or higher)? I did a yum upgrade openSSH on the server but got nothing to do; as a Linux novice, i’m a bit intimidated by downloading and installing a newer OpenSSH package (will it b a parallel install) … Also, running xterm results in an error …