You are not logged in.

#1 2010-01-08 09:33:57

peoro
Member
Registered: 2007-06-10
Posts: 67

SSH X11 Forwarding: graphics problems

Hello,
I've got some graphics problem when using a SSH client on Arch Linux to display apps ran on other machines.
In this lab I've got some Debians, an Arch Linux and a Gentoo Prefixed (installed on Centos, actually).
GTK windows look a lot slower than they should (gedit is terribly slow, totally unusable; firefox is quite slow, yet usable, but every time I open a new tab, neet to switch to that one in order for ohter tabs' page to be rendered again).
Qt windows seems instead to use a someway simpler/lighter/worse renderer: I can see graphics artifacts on the windows (look at the picture below; antialiasing is disabled and shades are very-badly rendered).
Besides if I copy something from forwarded windows, I cannot paste it on my Arch native windows (if I try to paste on a GTK local window nothing happens, if I try on a Qt local window it hangs for a while).

If I try to run a forwarded app running on Gentoo on a Debian it works just fine.

This is the output of a forwarded Qt application
$ qtcreator
X Error: BadAccess (attempt to access private resource denied) 10
  Major opcode: 2 (X_ChangeWindowAttributes)
  Resource id:  0x121
Xlib:  extension "SYNC" missing on display "localhost:10.0".
X Error: BadAccess (attempt to access private resource denied) 10
  Major opcode: 18 (X_ChangeProperty)
  Resource id:  0x121
X Error: BadAccess (attempt to access private resource denied) 10
  Major opcode: 18 (X_ChangeProperty)
  Resource id:  0x121
X Error: BadAccess (attempt to access private resource denied) 10
  Major opcode: 18 (X_ChangeProperty)
  Resource id:  0x2600015
X Error: BadWindow (invalid Window parameter) 3
  Major opcode: 25 (X_SendEvent)
  Resource id:  0x2600015

And here a screenshot of it:
forwardedqtcreator.jpg



What can be the issue? Missing Xorg extensions? Bad SSH/Xorg configuration? Incompatible SSH/Xorg versions?

Offline

#2 2010-01-08 14:25:18

eldragon
Member
From: Buenos Aires
Registered: 2008-11-18
Posts: 1,029

Re: SSH X11 Forwarding: graphics problems

how about posting the ssh server's sshd_config

Offline

#3 2010-01-08 20:05:18

peoro
Member
Registered: 2007-06-10
Posts: 67

Re: SSH X11 Forwarding: graphics problems

I guess it has nothing to do with the server:
If I use Arch as client and whatever (Debians or Centos) as server, I get problems.
If I use Debian as client and whatever (Arch or Centos) as server, it's fine.
Cannot use Centos as client: it's a server kept in the server room where I got no access. (Maybe could thru VNC, but who cares...)

Anyway:
Debian's sshd_config:

$ cat /etc/ssh/sshd_config                                                                                                                                                                  
# Package generated configuration file                                                                                                                                                                               
# See the sshd(8) manpage for details                                                                                                                                                                                
                                                                                                                                                                                                                     
# What ports, IPs and protocols we listen for                                                                                                                                                                        
Port 22                                                                                                                                                                                                              
# Use these options to restrict which interfaces/protocols sshd will bind to                                                                                                                                         
#ListenAddress ::                                                                                                                                                                                                    
#ListenAddress 0.0.0.0                                                                                                                                                                                               
Protocol 2                                                                                                                                                                                                           
# HostKeys for protocol version 2                                                                                                                                                                                    
HostKey /etc/ssh/ssh_host_rsa_key                                                                                                                                                                                    
HostKey /etc/ssh/ssh_host_dsa_key                                                                                                                                                                                    
#Privilege Separation is turned on for security                                                                                                                                                                      
UsePrivilegeSeparation yes                                                                                                                                                                                           
                                                                                                                                                                                                                     
# Lifetime and size of ephemeral version 1 server key                                                                                                                                                                
KeyRegenerationInterval 3600                                                                                                                                                                                         
ServerKeyBits 768                                                                                                                                                                                                    
                                                                                                                                                                                                                     
# Logging                                                                                                                                                                                                            
SyslogFacility AUTH                                                                                                                                                                                                  
LogLevel INFO                                                                                                                                                                                                        
                                                                                                                                                                                                                     
# Authentication:                                                                                                                                                                                                    
LoginGraceTime 120                                                                                                                                                                                                   
PermitRootLogin yes                                                                                                                                                                                                  
StrictModes yes                                                                                                                                                                                                      
                                                                                                                                                                                                                     
RSAAuthentication yes                                                                                                                                                                                                
PubkeyAuthentication yes                                                                                                                                                                                             
#AuthorizedKeysFile     %h/.ssh/authorized_keys                                                                                                                                                                      
                                                                                                                                                                                                                     
# Don't read the user's ~/.rhosts and ~/.shosts files                                                                                                                                                                
IgnoreRhosts yes                                                                                                                                                                                                     
# For this to work you will also need host keys in /etc/ssh_known_hosts                                                                                                                                              
RhostsRSAAuthentication no                                                                                                                                                                                           
# similar for protocol version 2                                                                                                                                                                                     
HostbasedAuthentication no                                                                                                                                                                                           
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication                                                                                                                                        
#IgnoreUserKnownHosts yes                                                                                                                                                                                            
                                                                                                                                                                                                                     
# To enable empty passwords, change to yes (NOT RECOMMENDED)                                                                                                                                                         
PermitEmptyPasswords no                                                                                                                                                                                              
                                                                                                                                                                                                                     
# Change to yes to enable challenge-response passwords (beware issues with                                                                                                                                           
# some PAM modules and threads)                                                                                                                                                                                      
ChallengeResponseAuthentication no                                                                                                                                                                                   
                                                                                                                                                                                                                     
# Change to no to disable tunnelled clear text passwords                                                                                                                                                             
#PasswordAuthentication yes                                                                                                                                                                                          
                                                                                                                                                                                                                     
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

Haven't got permissions to read Centos' sshd_config

Arch's sshd_config:

$ cat /etc/ssh/sshd_config                                                                                                                                
#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $                                                                                                      

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.                        

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where         
# possible, but leave them commented.  Uncommented options change a    
# default value.                                                       

#Port 22
#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::    

# Disable legacy (protocol version 1) support in the server for new                                                                                                                                                  
# installations. In future the default will change to require explicit                                                                                                                                               
# activation of protocol 1                                                                                                                                                                                           
Protocol 2                                                                                                                                                                                                           
                                                                                                                                                                                                                     
# HostKey for protocol version 1                                                                                                                                                                                     
#HostKey /etc/ssh/ssh_host_key                                                                                                                                                                                       
# HostKeys for protocol version 2                                                                                                                                                                                    
#HostKey /etc/ssh/ssh_host_rsa_key                                                                                                                                                                                   
#HostKey /etc/ssh/ssh_host_dsa_key                                                                                                                                                                                   
                                                                                                                                                                                                                     
# Lifetime and size of ephemeral version 1 server key                                                                                                                                                                
#KeyRegenerationInterval 1h                                                                                                                                                                                          
#ServerKeyBits 1024                                                                                                                                                                                                  
                                                                                                                                                                                                                     
# Logging                                                                                                                                                                                                            
# obsoletes QuietMode and FascistLogging                                                                                                                                                                             
#SyslogFacility AUTH                                                                                                                                                                                                 
#LogLevel INFO                                                                                                                                                                                                       
                                                                                                                                                                                                                     
# Authentication:                                                                                                                                                                                                    
                                                                                                                                                                                                                     
#LoginGraceTime 2m                                                                                                                                                                                                   
#PermitRootLogin yes                                                                                                                                                                                                 
#StrictModes yes                                                                                                                                                                                                     
#MaxAuthTries 6                                                                                                                                                                                                      
#MaxSessions 10                                                                                                                                                                                                      
                                                                                                                                                                                                                     
#RSAAuthentication yes                                                                                                                                                                                               
#PubkeyAuthentication yes                                                                                                                                                                                            
#AuthorizedKeysFile     .ssh/authorized_keys                                                                                                                                                                         
                                                                                                                                                                                                                     
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts                                                                                                                                          
#RhostsRSAAuthentication no                                                                                                                                                                                          
# similar for protocol version 2                                                                                                                                                                                     
#HostbasedAuthentication no                                                                                                                                                                                          
# Change to yes if you don't trust ~/.ssh/known_hosts for                                                                                                                                                            
# RhostsRSAAuthentication and HostbasedAuthentication                                                                                                                                                                
#IgnoreUserKnownHosts no                                                                                                                                                                                             
# Don't read the user's ~/.rhosts and ~/.shosts files                                                                                                                                                                
#IgnoreRhosts yes                                                                                                                                                                                                    
                                                                                                                                                                                                                     
# To disable tunneled clear text passwords, change to no here!                                                                                                                                                       
#PasswordAuthentication yes                                                                                                                                                                                          
#PermitEmptyPasswords no                                                                                                                                                                                             
                                                                                                                                                                                                                     
# Change to no to disable s/key passwords                                                                                                                                                                            
ChallengeResponseAuthentication no                                                                                                                                                                                   
                                                                                                                                                                                                                     
# Kerberos options                                                                                                                                                                                                   
#KerberosAuthentication no                                                                                                                                                                                           
#KerberosOrLocalPasswd yes                                                                                                                                                                                           
#KerberosTicketCleanup yes                                                                                                                                                                                           
#KerberosGetAFSToken no                                                                                                                                                                                              
                                                                                                                                                                                                                     
# GSSAPI options                                                                                                                                                                                                     
#GSSAPIAuthentication no                                                                                                                                                                                             
#GSSAPICleanupCredentials yes                                                                                                                                                                                        
                                                                                                                                                                                                                     
# Set this to 'yes' to enable PAM authentication, account processing,                                                                                                                                                
# and session processing. If this is enabled, PAM authentication will                                                                                                                                                
# be allowed through the ChallengeResponseAuthentication and                                                                                                                                                         
# PasswordAuthentication.  Depending on your PAM configuration,                                                                                                                                                      
# PAM authentication via ChallengeResponseAuthentication may bypass                                                                                                                                                  
# the setting of "PermitRootLogin without-password".                                                                                                                                                                 
# If you just want the PAM account and session checks to run without                                                                                                                                                 
# PAM authentication, then enable this but set PasswordAuthentication                                                                                                                                                
# and ChallengeResponseAuthentication to 'no'.                                                                                                                                                                       
UsePAM yes                                                                                                                                                                                                           
                                                                                                                                                                                                                     
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/lib/ssh/sftp-server

Arch's ssh_config:

$ cat /etc/ssh/ssh_config                                                                                                                                                                              
#       $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $                                                                                                                                                    
                                                                                                                                                                                                                     
# This is the ssh client system-wide configuration file.  See                                                                                                                                                        
# ssh_config(5) for more information.  This file provides defaults for                                                                                                                                               
# users, and the values can be changed in per-user configuration files                                                                                                                                               
# or on the command line.                                                                                                                                                                                            
                                                                                                                                                                                                                     
# Configuration data is parsed as follows:                                                                                                                                                                           
#  1. command line options                                                                                                                                                                                           
#  2. user-specific file                                                                                                                                                                                             
#  3. system-wide file                                                                                                                                                                                               
# Any configuration value is only changed the first time it is set.                                                                                                                                                  
# Thus, host-specific definitions should be at the beginning of the                                                                                                                                                  
# configuration file, and defaults at the end.                                                                                                                                                                       
                                                                                                                                                                                                                     
# Site-wide defaults for some commonly used options.  For a comprehensive                                                                                                                                            
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
HashKnownHosts yes
StrictHostKeyChecking ask

My users's ssh config (it's the same on all the machines: they're using NFS here):

$ cat .ssh/config
Host *
        ForwardX11 yes

Offline

#4 2010-01-11 22:27:39

nordog
Member
From: Iceland
Registered: 2009-02-22
Posts: 38

Re: SSH X11 Forwarding: graphics problems

Yeah, I also have this problem if I log into a Suse box with ssh -X (slow but normal looking GTK applications and horribly looking Qt applications). However, if I log in with ssh -Y everything looks pretty normal.

On the other hand, when I log into an Arch box with ssh -X I get the slow and ugly behavior.

Offline

#5 2010-01-14 17:26:40

nordog
Member
From: Iceland
Registered: 2009-02-22
Posts: 38

Re: SSH X11 Forwarding: graphics problems

Try adding

ForwardX11Trusted yes

to your /etc/ssh/ssh_config

That fixed the problem for me.

Offline

Board footer

Powered by FluxBB