Red Hat Enterprise Linux version 5.0
When using a Secure Shell client to connect to a Red Hat Enterprise Linux (RHEL) 5 host running Reflection for Secure IT UNIX Server version 7.1.x, users are unable to launch X client applications. Users receive no error, or an error such as "can't open display." This technical note explains how to potentially resolve this problem by editing the XauthPath parameter.
Note the following:
- This issue is typically not seen in RHEL 3 or 4.
- This issue is resolved in Reflection for Secure IT UNIX Server version 7.2.
When Reflection for Secure IT UNIX Server is installed, an XauthPath entry is added to the /etc/ssh2/sshd2_config file. By default, this path is set to XauthPath=/usr/bin/X11/xauth. On RHEL 5, this path setting is typically incorrect.
To resolve this problem, determine the correct path for Xauth, then locate and edit the configuration file entry accordingly.
Determine the Correct Xauth Path
Use the following command to locate Xauth and determine the correct Xauth path.
Make a note of the path returned by this command. You will use it in step 4 of Edit the Configuration File.
Locate the Configuration File
XauthPath is configured in the SSH server configuration file. Typically, the configuration file is named sshd2_config, and is located in /etc/ssh2. If the file is not in this location, use the find command to search for the file:
find / -name sshd2_config
Edit the Configuration File
After you have located the SSH server configuration file, follow the steps below to configure the XauthPath keyword.
- Login to your host as root.
- Open the SSH server configuration file, /etc/ssh2/sshd2_config, in a text editor, such as vi.
- Locate the XauthPath keyword entry.
- Change the XauthPath value so that it points to the directory where your X11 authentication services are located. Typically, /usr/bin/xauth.
Sample entry: XauthPath=/usr/bin/xauth
Note: If the line is commented out (preceded by a # symbol), remove the #.
- Save the file and exit the text editor.
Stop and Restart the SSH Daemon
After the configuration file is modified, stop and restart the SSH daemon.
Note the following:
- Stopping and restarting the SSH daemon will not terminate active Secure Shell sessions.
- You may need to be logged in as root to stop and restart the daemon.
Follow these steps to stop and restart the daemon.
- At the command prompt, enter ps -eaf | grep sshd2 to determine the ssh daemon's Process ID (PID).
Make a note of the PID.
- Enter kill -HUP <PID number> to stop and restart the ssh daemon.
Note: Replace <PID number> with the Process ID number obtained in step 1.
- Enter ps -eaf | grep sshd2 to verify that the daemon has been restarted.
The ssh daemon's PID should now be different than it was in step 1, and the updated XauthPath entry should be in use.
- Log off.
You should now be able to launch X client applications through secure shell. If you are still experiencing difficulties, see KB 7021841 for further SSH connection troubleshooting steps.