Ignite-UX fails to start a remote make net recovery using SSH and returns X11 Forwarding error
Contents
Abstract
The following article explains and correct a SSH X11 forwarding error that occurs when performing a remote make_net_recovery initiated from a Ignite-UX using a X based session.
Warning: untrusted X11 forwarding setup failed: xauth key data not generatedwarning: no xauth data: using fake authentication data for X11 forwarding.mnr_UI Couldn't bring the initial window. This may occur when you specify an incorrect display.ERROR: The interactive UI failed to start. Check your terminal type.
This problem will not occur if the make_net_recovery is started directly on the Ignite-UX client.
The root cause of the error is that current version of the SecureShell (OpenSSH) bundle handles X11 Forwarding in a different way and with a different default configuration files than older ones.
An example of a configuration that fails is an Ignite-UX Server running SecureShell A.05.20.015 or above against a Ignite-UX Client using SecureShell A.05.10.026.
The default configuration files for each version of SecureShell are different, so installing matching version of the SecureShell bundle is sometimes not enough. It is necessary to replace the SecureShell client and daemon configuration files with their corresponding default files.
Determine the SecureShell product version installed on the system
# swlist | grep -i secureshell SecureShell A.05.10.047 HP-UX Secure Shell
Obtain a matching version of SecureShell product for both system
Current versions of SecureShell product are available at the latest HP-UX Installation Media, on customer built network depots created from that same media or available for downlad directly from http://software.hp.com (HP-UX Secure Shell).
At the time of writing this article, the latest versions of the SecureShell product are A.5.30.x for their corresponding HP-UX 11i releases.
Remove older SecureShell product
The following procedure will ensure that the SecureShell product uses the default configuration files. After installation of the newest SecureShell version, the security keys may change. This change will require to remove the older key from other HP-UX clients $HOME/.ssh/known_hosts file or remove that file and accept the new keys.
1. Login to the server establishing a non SecureShell session, for example telnet or rlogin.
2. Stop SecureShell.
/sbin/init.d/secsh stop HP-UX Secure Shell stopped
3. Request all SecureShell connections to be closed or close them manually.
# ps -ef | grep [s]sh root 3898 1 0 12:07:44 ? 0:02 sshd: root@pts/5 root 4642 1 0 12:49:16 ? 0:01 sshd: root@pts/2 root 16415 1 0 Mar 23 ? 0:03 sshd: root@pts/1 root 10646 1 0 17:57:53 ? 0:00 sshd: root@pts/3 root 1463 1 0 08:42:22 ? 0:02 sshd: root@pts/0 root 2572 1 0 10:22:53 ? 0:02 sshd: root@pts/4
for proc in $(ps -ef | grep [s]sh | awk '{print $2}') do kill -9 $proc done
# ps -ef | grep [s]sh
4. Remove SecureShell. Add the -x enforce_dependencies=false option to bypass two minor dependencies.
# swremove -x enforce_dependencies=false SecureShell ======= 03/24/10 18:32:32 CDT BEGIN swremove SESSION (non-interactive) (jobid=delta-1430) * Session started for user "root@delta". * Beginning Selection * Target connection succeeded for "delta:/". * Software selections: SecureShell,r=A.05.10.047,a=HP-UX_B.11.31_IA/PA,v=HP Secure_Shell.SECSH-CMN,l=/opt/ssh,r=A.05.10.047,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.05.10.047,fa=HP-UX_B.11.31_IA/PA Secure_Shell.SECURE_SHELL,l=/opt/ssh,r=A.05.10.047,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.05.10.047,fa=HP-UX_B.11.31_PA * Selection succeeded. * Beginning Analysis * Session selections have been saved in the file "/root/.sw/sessions/swremove.last". WARNING: "delta:/": The software dependencies for 2 products or filesets cannot be resolved. * Analysis succeeded. * Beginning Execution * The execution phase succeeded for "delta:/". * Execution succeeded. NOTE: More information may be found in the agent logfile using the command "swjob -a log delta-1430 @ delta:/". ======= 03/24/10 18:32:51 CDT END swremove SESSION (non-interactive) (jobid=delta-1430)
if [[ -d /etc/opt/ssh ]]; then rm -rf /etc/opt/ssh fi
Install current SecureShell product
1. Install the product from the corresponding bundle.
# swinstall -s /var/tmp/SecureShell_A.05.30.009_HP-UX_B.11.31_IA_PA.depot SecureShell ======= 03/24/10 18:34:30 CDT BEGIN swinstall SESSION (non-interactive) (jobid=delta-1431) * Session started for user "root@delta". * Beginning Selection * Target connection succeeded for "delta:/". * Source: /var/tmp/SecureShell_A.05.30.009_HP-UX_B.11.31_IA_PA.depot * Targets: delta:/ * Software selections: SecureShell,r=A.05.30.009,a=HP-UX_B.11.31_IA/PA,v=HP Secure_Shell.SECSH-CMN,l=/opt/ssh,r=A.05.30.009,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.05.30.009,fa=HP-UX_B.11.31_IA/PA Secure_Shell.SECURE_SHELL,l=/opt/ssh,r=A.05.30.009,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.05.30.009,fa=HP-UX_B.11.31_PA * Selection succeeded. * Beginning Analysis and Execution * Session selections have been saved in the file "/root/.sw/sessions/swinstall.last". * The analysis phase succeeded for "delta:/". * The execution phase succeeded for "delta:/". * Analysis and Execution succeeded. NOTE: More information may be found in the agent logfile using the command "swjob -a log delta-1431 @ delta:/". ======= 03/24/10 18:34:42 CDT END swinstall SESSION (non-interactive) (jobid=delta-1431)
2. Verify that SecureShell daemon started correctly after product installation.
# ps -ef | grep [s]sh root 11848 1 0 18:34:40 ? 0:01 /opt/ssh/sbin/sshd
Reference
- HP-UX Secure Shell
- HP-UX Secure Shell A.05.10.045, A.05.10.046, and A.05.10.047 Release Notes - HP-UX 11i v1, 11i v2, and 11i v3