Setup VB & S11 to accept inbound X11 client

Discussions related to using VirtualBox on Solaris hosts.
Kilted
Posts: 20
Joined: 8. May 2012, 01:02

Setup VB & S11 to accept inbound X11 client

Post by Kilted »

Hello all,

Well my first exposure to Oracle Virtual Box (4.1.8 ) was at a OTN SysAdmin day. Having never seen the product before I was impressed how well it worked for the class.

After getting back from the class I had to load up a Solaris 11 11/11 distribution and was really impressed how well it ran on my work Laptop PC. I have been able to solve most problems except one.

How do I setup to allow a remote host to 'export DISPLAY=myVBGuest:0.0' ? I initially tried with the VB set to " NAT " did not work could not find host. Next I tried " Bridged Adapter " with a fixed ipaddress that has a DNS entry. Host was now visible but connection is refused.

I want to use use the VB & S11 as a fully functional Unix system as a replacement for Opentext Exceed. Maestro and Secure Shell.

We search yields only how to use the VB-RDP which I'm not really interested in at this time.

Thank you for any help,
--Brandy
Ramshankar
Oracle Corporation
Posts: 793
Joined: 7. Jan 2008, 16:17

Re: Setup VB & S11 to accept inbound X11 client

Post by Ramshankar »

If you want to SSH into the guest you'll need to use bridged networking (or NAT with port forwarding).

Regarding X11 redirection, have you tried using "ssh -X <user>@<remotehost>" before messing with the DISPLAY env. var.? Make sure in your S11 guest that ssh service is running (svcs -a | grep ssh)
Oracle Corp.
Kilted
Posts: 20
Joined: 8. May 2012, 01:02

Re: Setup VB & S11 to accept inbound X11 client

Post by Kilted »

Frustration I have not been able to provide a detailed reply, I tried the suggestion and still get the same error can not open display.
Ramshankar
Oracle Corporation
Posts: 793
Joined: 7. Jan 2008, 16:17

Re: Setup VB & S11 to accept inbound X11 client

Post by Ramshankar »

Are you sure the guest is otherwise reachable (like ping)?
Oracle Corp.
Kilted
Posts: 20
Joined: 8. May 2012, 01:02

Re: Setup VB & S11 to accept inbound X11 client

Post by Kilted »

Ramshankar wrote:Are you sure the guest is otherwise reachable (like ping)?
##### gandalf is the VB-Guest, suvispare1 is the remote host ##
[brandy@suvispare1][~]> ssh -X brandy@gandalf

### is this error the cause?
Warning: No xauth data; using fake authentication data for X11 forwarding.

Last login: Wed May 9 08:20:01 2012 from suvispare1.atc.
Oracle Corporation SunOS 5.11 11.0 November 2011
brandy@gandalf:~$
[brandy@suvispare1][~]> ping gandalf
gandalf is alive
[brandy@suvispare1][~]> ssh gandalf
Last login: Wed May 9 08:16:56 2012
Oracle Corporation SunOS 5.11 11.0 November 2011
brandy@gandalf:~$ exit
logout
Connection to gandalf closed.
#####
[brandy@suvispare1][~]> ping gandalf
gandalf is alive
[brandy@suvispare1][~]> ssh gandalf
Last login: Wed May 9 08:16:56 2012
Oracle Corporation SunOS 5.11 11.0 November 2011
brandy@gandalf:~$ exit
logout
Connection to gandalf closed.
#######
brandy@gandalf:~$ xhost +
access control disabled, clients can connect from any host
brandy@gandalf:~$
############
[brandy@suvispare1][~]> setenv DISPLAY gandalf:0.0
[brandy@suvispare1][~]> echo $DISPLAY
gandalf:0.0
[brandy@suvispare1][~]> ping gandalf
gandalf is alive
[brandy@suvispare1][~]> which xclock
/usr/openwin/bin/xclock
[brandy@suvispare1][~]> xclock
Error: Can't open display: gandalf:0.0
[brandy@suvispare1][~]>
Kilted
Posts: 20
Joined: 8. May 2012, 01:02

Re: Setup VB & S11 to accept inbound X11 client

Post by Kilted »

### is this error the cause?
Warning: No xauth data; using fake authentication data for X11 forwarding.

I found the answer to this and no it is not the problem.

--Brandy
Guyver
Posts: 104
Joined: 11. Feb 2012, 06:19
Primary OS: Solaris
VBox Version: PUEL
Guest OSses: Windows 7
Location: Central United States

Re: Setup VB & S11 to accept inbound X11 client

Post by Guyver »

If you are trying to access an x-based application on the laptop from another server that is running x-server software, then using ssh with X-forwarding enabled is the proper method.

make sure you've set the solaris 11 laptop to allow any client to access via the following command as noted in previous responses...

ssh -X sol11host

xhost +

make sure your login profile has not clobbered the DISPLAY variable set by ssh when you logged in - it should read something like
DISPLAY=localhost:10.0

make sure you haven't used su to switch to another user, nor used sudo -i to switch to another user, as this would cause the DISPLAY variable and x-auth keys to be disassociated from the new shell.
(there's a method for doing this, but it's a bit involved)

------ method for forwarding xauth for usera to be used by userb ------
modify sudoers file to keep "XAUTH" variable when sudoing to another userid..
set Defaults env_keep += "XAUTH"

Add the following to each user's .profile (.bash_profile) file

[ "${XAUTH}" ] && {
/usr/openwin/bin/xauth add ${XAUTH}
unset XAUTH
} || {
XAUTH=`/usr/openwin/bin/xauth list | grep $( echo $DISPLAY | cut -d: -f2 | cut -d. -f1 )`
}
[ "${XAUTH}" ] && export XAUTH

--------------------------------------------------

Usually you would just use the following
sudo xcalc, which would use your xauth file

If you aren't running from a local x-server that you can forward from, then you probably need something like XVNC - which there are several good walkthroughs for enabling xvnc on Solaris 11.
Kilted
Posts: 20
Joined: 8. May 2012, 01:02

Re: Setup VB & S11 to accept inbound X11 client

Post by Kilted »

Guyver,

Not sure we are barking up the right tree here. This Solaris 11 running in a VirtuaBox, the S11 disk I used to load the VB-S11 is the same disk I used to build a S11 system on a real hardware pc as the only system, no dual boot, VB, etc. This system on real hardware does not have any of these connection problems.

The only and Biggest difference is running in VB on a hosted Win7 OS. What are the requirements in configuration of:

* Windows 7 host to allow the X11 redirected windows to display.
* What are the requirements of the VirtualBox configuration to allow X11 redirected windows display.

Going after X11 configuration on Solaris 10 and the guest Solaris 11 other than basic ipaddress, ssh setup, etc seems to be counter productive.

Thank you for all your help so far, I did find an correct some problems in my ssh_authorize file.

But so far I am unable to display a X11 redirected display from another system.

--Brandy
Guyver
Posts: 104
Joined: 11. Feb 2012, 06:19
Primary OS: Solaris
VBox Version: PUEL
Guest OSses: Windows 7
Location: Central United States

Re: Setup VB & S11 to accept inbound X11 client

Post by Guyver »

Whether the Solaris 11 install is virtual or real shouldn't matter.
As long as the same services are installed and configured, you should be able to do tunneled X11.

ie - logged into the *real* solaris 11 box, ssh to the virtual one, spawn an xterm or xcalc - as long as forwarding is enabled (via the -X parameter when you run the ssh command).

Validate that the virtual solaris 11 /etc/ssh/sshd_config is set to allow X11 forwarding...
X11Forwarding yes

if you don't want to have to use the "-X" from the ssh command line, modify /etc/ssh/ssh_config
ForwardX11 yes

Restart the ssh service after modifying the sshd_config file.
svcadm restart ssh

Check your user's .ssh/config file to make sure there isn't an entry in there to disable X11Forwarding... (This would be on the box that you run the ssh command from).

Hope this helps.
Kilted
Posts: 20
Joined: 8. May 2012, 01:02

Re: Setup VB & S11 to accept inbound X11 client

Post by Kilted »

YEA!!! YES finally success. I have to check all my log in accounts for a setenv DISPLAY xxxxx:0.0 this was clobbering the ssh -X tunnel.

OK, first half of the problem solved. Second half of the problem; since remote root log in is disabled, I often need to log into root for installation of software and some installations require a X11 installation GUI by default. So the answer has been xhost + on the local machine and on the remote target export the display back to my local machine, via 'setenv DISPLAY localworkstation:0.0'. I just checked this on the S11 virtual system and a S11 hardware system and both do not allow the route back.

I see the sshd_config files between S10 and S11 are different enough that cannot tell were the config problem is at.

Thank you, so far I'm really like the VB-S11 combination. It's an incredible useful tool.
--Brandy
Guyver
Posts: 104
Joined: 11. Feb 2012, 06:19
Primary OS: Solaris
VBox Version: PUEL
Guest OSses: Windows 7
Location: Central United States

Re: Setup VB & S11 to accept inbound X11 client

Post by Guyver »

Just use the X11 forwarding as normal and run
sudo -s

that will work just fine.

If you need to set it up as though you logged into root, see my above example and use
sudo -i

instead.
Guyver
Posts: 104
Joined: 11. Feb 2012, 06:19
Primary OS: Solaris
VBox Version: PUEL
Guest OSses: Windows 7
Location: Central United States

Re: Setup VB & S11 to accept inbound X11 client

Post by Guyver »

------ method for forwarding xauth for usera to be used by userb ------
modify sudoers file to keep "XAUTH" variable when sudoing to another userid..
set Defaults env_keep += "XAUTH"

Add the following to each user's .profile (.bash_profile) file

[ "${XAUTH}" ] && {
/usr/openwin/bin/xauth add ${XAUTH}
unset XAUTH
} || {
XAUTH=`/usr/openwin/bin/xauth list | grep $( echo $DISPLAY | cut -d: -f2 | cut -d. -f1 )`
}
[ "${XAUTH}" ] && export XAUTH

--------------------------------------------------

This code essentially places your XAUTH keys onto a key-ring and hands them over to the user you are becoming when you run the sudo -i command....

It keeps them in session only, and doesn't store them on the disk for someone else to read, so only you can use them while you are connected.
Kilted
Posts: 20
Joined: 8. May 2012, 01:02

Re: Setup VB & S11 to accept inbound X11 client

Post by Kilted »

OK, thank you all. I think I have it now. For my use the ssh -X and sudo -s, sudo -i seem to be working. I've found the version of sudo I have for S10 does not carry over the DISPLAY setting using sudo -i. S11 works just fine.

Thanks -- Brandy
Guyver
Posts: 104
Joined: 11. Feb 2012, 06:19
Primary OS: Solaris
VBox Version: PUEL
Guest OSses: Windows 7
Location: Central United States

Re: Setup VB & S11 to accept inbound X11 client

Post by Guyver »

On your solaris 10 install, you can modify that behavior - use visudo to bring up the sudoers file, look for the env_keep line, add "DISPLAY" into the mix...

On my Solaris 11 laptop, the line reads

Defaults env_keep = "PATH DISPLAY PS1 HOME XAUTH"

XAUTH being the variable defined in my code listed in a previous post...
Kilted
Posts: 20
Joined: 8. May 2012, 01:02

Re: Setup VB & S11 to accept inbound X11 client

Post by Kilted »

Guyver wrote:On your solaris 10 install, you can modify that behavior - use visudo to bring up the sudoers file, look for the env_keep line, add "DISPLAY" into the mix...

On my Solaris 11 laptop, the line reads

Defaults env_keep = "PATH DISPLAY PS1 HOME XAUTH"

XAUTH being the variable defined in my code listed in a previous post...
Guyver, What shell is your script suppose to run under? I seem to be have trouble I tried it under bash and tcsh neither seem to pass the XAUTH I also get; ' /usr/openwin/bin/xauth: (argv):1: bad "add" command line ' from root in bash mode on S10.

The sudo -s and sudo -i otherwise appear to be working.

Thank you

Brandy
Post Reply