Unable to init server: could not connect: connection refused

From a WS2019 box, i try to open a graphic display (firewall-config) on a remote RHEL/v8.7 vm (hostname: PAxAnsible) via a SSH/bash/root session but i get …

unable to init server: could not connect: connection refused
Gtk-WARNING **: 16:06:18.402: cannot open display

So (from the same session), i tried to …

]# ssh -X root@PAxAnsible.InfraMgmt.PAx /usr/bin/firewall-config &

… and the CLI responds with …

[2] 160366
~]#
[2]+ Stopped ssh -X root@PAxAnsible /usr/bin/firewall-config

… and concludes with the same messages. -The specified path is where firewall-config resides on PAxAnsible. -I also tried targeting root@PAxAnsible and get the same results. -PAxAnsible is a member or our private SSO/vSphere domain InfraMgmt.PAx.

What am i doing wrong; what do i do to resolve this issue?

Are you using Putty as ssh client on your WS2019 or something else?

Using PowerShell > SSH …

How to enable X11 forwarding from Red Hat Enterprise Linux (RHEL)

Install X11 related packages on RHEL 8 server:

yum install xorg-x11-xauth xterm

Edit the /etc/ssh/sshd_config and make sure following config added/edited:

X11Forwarding yes

Restart the sshd service on RHEL

systemctl restart sshd

Windows10 / Server ssh X11 forwarding with PS:

At the Powershell type:

$env:DISPLAY="127.0.0.1:0.0"

Then run ssh:

ssh -Y <user-name>@<server-ip-address>
## OR try the `-x` option  ##
ssh -X <user-name>@<server-ip-address>

Now you can run X11 apps and it will display on your WS2019 box. I typically run xeyes or xterm on RHEL 8:

xterm
## OR ##
xeyes

Does this work? If not pass the debug option named -v or -vv and see what error do you get:

ssh  -v-Y <user-name>@<server-ip-address>
xterm

Note down any error you get when you pass the -v option and post back your result.

Thanks for the fast reply! I’ll get into this now …

PS C:\Windows\system32> ssh -X root@172.20.0.28
CreateProcessW failed error:2
ssh_askpass: posix_spawn: No such file or directory
Permission denied, please try again.
CreateProcessW failed error:2
ssh_askpass: posix_spawn: No such file or directory
Permission denied, please try again.
CreateProcessW failed error:2
ssh_askpass: posix_spawn: No such file or directory
root@172.20.0.28: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

(Note: I tried to paste output from -v option but as a new user i’m limited to only 2 links and i can’t determine what is a link in that output …)

While looking over the verbose debug, i found the concluding rows to be most relevant (and i’m not limited in posting them) …

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:VuNq2rGlROktEqligvcqJOtpp+vCnxNrfWwwuMnsUco
debug1: Host ‘172.20.0.28’ is known and matches the ECDSA host key.
debug1: Found key in C:\Users\Glenn/.ssh/known_hosts:15
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:YPwUAON7CfMJn5IZ4Y+NeknfOOvewr8l7FnZeJ9JaQM C:\Users\Glenn/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: C:\Users\Glenn/.ssh/id_dsa
debug1: Trying private key: C:\Users\Glenn/.ssh/id_ecdsa
debug1: Trying private key: C:\Users\Glenn/.ssh/id_ed25519
debug1: Trying private key: C:\Users\Glenn/.ssh/id_xmss
debug1: Next authentication method: password
debug1: read_passphrase: can’t open /dev/tty: No such file or directory
CreateProcessW failed error:2
ssh_askpass: posix_spawn: No such file or directory
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can’t open /dev/tty: No such file or directory
CreateProcessW failed error:2
ssh_askpass: posix_spawn: No such file or directory
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can’t open /dev/tty: No such file or directory
CreateProcessW failed error:2
ssh_askpass: posix_spawn: No such file or directory
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: No more authentication methods to try.
root@172.20.0.28: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

Can you login normally without -X or -Y option? It is possible that you are using older version of ssh client.

# are you using ecdsa or rsa key? replace with the `-t rsa`
ssh-keyscan -t ecdsa 172.20.0.28 | Out-File ~/.ssh/known_hosts -Append -Encoding ASCII;

Try again. Does that helps?

It’s native WS2019/standard …

PS C:\Windows\system32> ssh-keyscan -t ecdsa 172.20.0.28 | Out-File ~/.ssh/known_hosts -Append -Encoding ASCII;
172.20.0.28:22 SSH-2.0-OpenSSH_8.0

PS C:\Windows\system32> ssh -X root@172.20.0.28
CreateProcessW failed error:2
ssh_askpass: posix_spawn: No such file or directory
Permission denied, please try again.
CreateProcessW failed error:2
ssh_askpass: posix_spawn: No such file or directory
Permission denied, please try again.
CreateProcessW failed error:2
ssh_askpass: posix_spawn: No such file or directory
root@172.20.0.28: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

Now, i can’t ssh/login at all; prior, i was able to without the -X or -Y option.

Edit the file ~/.ssh/known_hosts file and remove line related to 172.20.0.28 and you should able to login. My next best guess is your version of ssh is older on WS2019. You need at least ssh version 8.1. Here is how to check ssh version:

 ssh -V

If you have an older version, you can try installing the latest version as described here → Home · PowerShell/Win32-OpenSSH Wiki · GitHub

OpenSSH 8.0 ! Released 2019-04-17 ! RHEL 8.7 released last year AND is still supported ! Leave it to RHEL to happily risk basic security, FFS …

good call !!! Version 7.7; i wonder how long it would have taken me to figure that out (LOL). ok - will do …

No, this thread is about the SSH client version installed on Windows server 19 with PowerShell. It is different from RHEL sshd server issues.

I installed OpenSSH/v9.1.0 beta on the WS2019 client, cleaned up its known_hosts, but still get the display errors (cannot connect / gtk warning), however, i can login :wink: . I noticed that the target/server SSH is v8.0; is this an issue (should it be 8.1 or higher)? I did a yum upgrade openSSH on the server but got nothing to do; as a Linux novice, i’m a bit intimidated by downloading and installing a newer OpenSSH package (will it b a parallel install) … Also, running xterm results in an error …

Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
xterm: Xt error: Can't open display: %s
xterm: DISPLAY is not set

I searched on related issues that prescribe to set Display=:0.0 and tried such but it didn’t help. Next, i’ll create another user (not root) and try such (although i really don’t want to do this bs; i’m the only guy in this dev lab and it just seems ridiculous; that is, i’d like to continue working as root).

No, do not upgrade sshd (OpenSSH server) on RHEL. It is not needed.

Did you follow these on the RHEL server side Unable to init server: could not connect: connection refused - #4 by Raj ?

And yes, many X11 apps will not run as root users for security reasons.

I previously set Display in PS, however, not quite the way u specified this time; i did such now and it seems I’ve (we’ve) made headway …

The last lines of the login are …

debug1: client_input_hostkeys: host key found matching a different name/address, skipping UserKnownHostsFile update
debug1: No xauth program.
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
Web console: https://PAxAnsible.InfraMgmt.PAx:9090/ or https://10.208.122.28:9090/

Last login: Wed Jan  4 21:13:02 2023 from 172.20.0.233
/usr/bin/xauth:  file /root/.Xauthority does not exist
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 56610
connect 127.0.0.1 port 6000: Connection refused
debug1: failure x11
[root@PAxAnsible ~]#

… but notice that it logs me in; what’s up with the no xauth? When i invoke my goal, i get …

[root@PAxAnsible ~]# firewall-config
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 36306
connect 127.0.0.1 port 6000: Connection refused
debug1: failure x11
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 36312
connect 127.0.0.1 port 6000: Connection refused
debug1: failure x11
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 36316
connect 127.0.0.1 port 6000: Connection refused
debug1: failure x11

(firewall-config:24192): Gtk-WARNING **: 23:38:33.942: cannot open display: localhost:10.0

… this is different; seems headway has been made. xauth is installed but maybe configuration is missing …

[root@PAxAnsible ~]# yum list installed | grep xauth
xorg-x11-xauth.x86_64                         1:1.0.9-12.el8                            @rhel-8-for-x86_64-appstream-rpms

Delete the ~/.Xauthority and create it:

rm -iv ~/.Xauthority 
touch ~/.Xauthority

Log out and login. Try the both -Y and -X option for the ssh. Also for the root user you need the following 3 config option enabled in the /etc/ssh/sshd_config on your RHEL box:

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

Make those changes and restart the sshd service.

Wasn’t totally sure, but doesn’t make any more excusable.

Thanks all ! I have some urgent admin work on the business side that i’ve been tied up with today. I’ll get into this later this evening and keep u posted.

I thought i’d check the .Xauthority contents first …

[root@PAxAnsible ~]# cat .Xauthority
[root@PAxAnsible ~]# x 10 MIT-MAGIC-COOKIE-1 i

… it’s jibberish to me. I deleted the file, created a new one, and then edited sshd_config; removed comments for those last two specs such that those 3 parameters are as stated (enabled). Logged out and tried it; i got errors. -I noticed that the connection was refused so i (for grins) disabled the PS/client firewall and tried again; still failed. Here’s the relative/(login and concluding) diax …

PS C:\Windows\system32> ssh -vY root@PAxAnsible
OpenSSH_for_Windows_9.1p1, LibreSSL 3.6.1
debug1: Connecting to paxansible [172.20.0.28] port 22.
debug1: Connection established.
...
Authenticated to paxansible ([172.20.0.28]:22) using "password".
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: exec
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: client_input_hostkeys: searching C:\\Users\\Glenn/.ssh/known_hosts for paxansible / (none)
debug1: client_input_hostkeys: searching C:\\Users\\Glenn/.ssh/known_hosts2 for paxansible / (none)
debug1: client_input_hostkeys: hostkeys file C:\\Users\\Glenn/.ssh/known_hosts2 does not exist
debug1: client_input_hostkeys: host key found matching a different name/address, skipping UserKnownHostsFile update
debug1: No xauth program.
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
Web console: https://PAxAnsible.InfraMgmt.PAx:9090/ or https://10.208.122.28:9090/

Last login: Thu Jan  5 20:54:08 2023 from 172.20.0.233
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 46404
connect 127.0.0.1 port 6000: Connection refused
debug1: failure x11

[root@PAxAnsible ~]# xterm
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 46410
connect 127.0.0.1 port 6000: Connection refused
debug1: failure x11
Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
xterm: Xt error: Can't open display: %s

The no xauth debug statements standout to me … I was concerned about the (none) in the debug for known_hosts so i also tried login for IP and got the same error. I looked at known_hosts contents; it has rows for both …