Ignite-UX fails to start a remote make net recovery using SSH and returns X11 Forwarding error

From Wiki-UX.info
Jump to: navigation, search


The following article explains and correct a SSH X11 forwarding error that occurs when performing a remote make_net_recovery initiated from a Ignite-UX using a X based session.

Warning: untrusted X11 forwarding setup failed: xauth key data not
generatedwarning: no xauth data: using fake authentication data for
X11 forwarding.mnr_UI Couldn't bring the initial window. This may
occur when you specify an incorrect display.ERROR:   The interactive
UI failed to start. Check your terminal type.

This problem will not occur if the make_net_recovery is started directly on the Ignite-UX client.

The root cause of the error is that current version of the SecureShell (OpenSSH) bundle handles X11 Forwarding in a different way and with a different default configuration files than older ones.

An example of a configuration that fails is an Ignite-UX Server running SecureShell A.05.20.015 or above against a Ignite-UX Client using SecureShell A.05.10.026.

The default configuration files for each version of SecureShell are different, so installing matching version of the SecureShell bundle is sometimes not enough. It is necessary to replace the SecureShell client and daemon configuration files with their corresponding default files.

Determine the SecureShell product version installed on the system[edit]

# swlist | grep -i secureshell
  SecureShell                           A.05.10.047    HP-UX Secure Shell

Obtain a matching version of SecureShell product for both system[edit]

Current versions of SecureShell product are available at the latest HP-UX Installation Media, on customer built network depots created from that same media or available for downlad directly from http://software.hp.com (HP-UX Secure Shell).

At the time of writing this article, the latest versions of the SecureShell product are A.5.30.x for their corresponding HP-UX 11i releases.

Remove older SecureShell product[edit]

The following procedure will ensure that the SecureShell product uses the default configuration files. After installation of the newest SecureShell version, the security keys may change. This change will require to remove the older key from other HP-UX clients $HOME/.ssh/known_hosts file or remove that file and accept the new keys.

1. Login to the server establishing a non SecureShell session, for example telnet or rlogin.

2. Stop SecureShell.

/sbin/init.d/secsh stop
HP-UX Secure Shell stopped

3. Request all SecureShell connections to be closed or close them manually.

# ps -ef | grep [s]sh
    root  3898     1  0 12:07:44 ?         0:02 sshd: root@pts/5
    root  4642     1  0 12:49:16 ?         0:01 sshd: root@pts/2
    root 16415     1  0  Mar 23  ?         0:03 sshd: root@pts/1
    root 10646     1  0 17:57:53 ?         0:00 sshd: root@pts/3
    root  1463     1  0 08:42:22 ?         0:02 sshd: root@pts/0
    root  2572     1  0 10:22:53 ?         0:02 sshd: root@pts/4

for proc in $(ps -ef | grep [s]sh | awk '{print $2}')
kill -9 $proc

# ps -ef | grep [s]sh

4. Remove SecureShell. Add the -x enforce_dependencies=false option to bypass two minor dependencies.

# swremove -x enforce_dependencies=false SecureShell

=======  03/24/10 18:32:32 CDT  BEGIN swremove SESSION
         (non-interactive) (jobid=delta-1430)

       * Session started for user "root@delta".

       * Beginning Selection
       * Target connection succeeded for "delta:/".
       * Software selections:
       * Selection succeeded.

       * Beginning Analysis
       * Session selections have been saved in the file
WARNING: "delta:/":  The software dependencies for 2 products or
         filesets cannot be resolved.
       * Analysis succeeded.

       * Beginning Execution
       * The execution phase succeeded for "delta:/".
       * Execution succeeded.

NOTE:    More information may be found in the agent logfile using the
         command "swjob -a log delta-1430 @ delta:/".

=======  03/24/10 18:32:51 CDT  END swremove SESSION (non-interactive)

if [[ -d /etc/opt/ssh ]]; then
   rm -rf /etc/opt/ssh

Install current SecureShell product[edit]

1. Install the product from the corresponding bundle.

# swinstall -s /var/tmp/SecureShell_A.05.30.009_HP-UX_B.11.31_IA_PA.depot SecureShell

=======  03/24/10 18:34:30 CDT  BEGIN swinstall SESSION
         (non-interactive) (jobid=delta-1431)

       * Session started for user "root@delta".

       * Beginning Selection
       * Target connection succeeded for "delta:/".
       * Source:
       * Targets:                delta:/
       * Software selections:
       * Selection succeeded.

       * Beginning Analysis and Execution
       * Session selections have been saved in the file
       * The analysis phase succeeded for "delta:/".
       * The execution phase succeeded for "delta:/".
       * Analysis and Execution succeeded.

NOTE:    More information may be found in the agent logfile using the
         command "swjob -a log delta-1431 @ delta:/".

=======  03/24/10 18:34:42 CDT  END swinstall SESSION (non-interactive)

2. Verify that SecureShell daemon started correctly after product installation.

# ps -ef | grep [s]sh
    root 11848     1  0 18:34:40 ?         0:01 /opt/ssh/sbin/sshd