DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 16th May 2010
Mr-Biscuit Mr-Biscuit is offline
Banned
 
Join Date: May 2008
Posts: 272
Default How do I start Xorg from within a jail?

Jail sshd_config uncommented lines
Code:
Port 8822
Protocol 2
AddressFamily any
ListenAddress 0.0.0.0
X11Forwarding yes
X11UseLocalhost no


Host sshd_config uncommented lines
Code:
Port 8822
ListenAddress 0.0.0.0
AllowTcpForwarding yes
X11Forwarding yes

I'm going to assume that my problem is here somewhere.
Reply With Quote
  #2   (View Single Post)  
Old 16th May 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

You forgot to tell us what commands exactly you issued and which errors you received.j
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #3   (View Single Post)  
Old 16th May 2010
Mr-Biscuit Mr-Biscuit is offline
Banned
 
Join Date: May 2008
Posts: 272
Default

My apologies. Sleepy posting.
Anyway, here's the output from the jail.
Code:
testjail# /usr/local/bin/twm
/usr/local/bin/twm:  unable to open display ":0.0"
testjail# /usr/local/bin/startx /usr/local/bin/twm
xauth:  creating new authority file /root/.serverauth.76481
xauth: (argv):1:  bad display name "testjail:0" in "list" command
xauth: (stdin):1:  bad display name "testjail:0" in "add" command

_XSERVTransSocketOpenCOTSServer: Unable to open socket for inet6
_XSERVTransOpen: transport open failed for inet6/testjail:0
_XSERVTransMakeAllCOTSServerListeners: failed to open listener for inet6

X.Org X Server 1.6.1
Release Date: 2009-4-14
X Protocol Version 11, Revision 0
Build Operating System: FreeBSD 8.0-RELEASE i386 
Current Operating System: FreeBSD testjail 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009     root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
Build Date: 15 May 2010  09:30:59PM
 
	Before reporting problems, check http://wiki.x.org
	to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
	(++) from command line, (!!) notice, (II) informational,
	(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Sun May 16 20:12:33 2010

Fatal server error:
xf86OpenConsole: No console driver found
	Supported drivers: pccons (with X support), syscons, pcvt
	Check your kernel's console driver configuration and /dev entries

Please consult the The X.Org Foundation support 
	 at http://wiki.x.org
 for help. 
Please also check the log file at "/var/log/Xorg.0.log" for additional information.

giving up.
xinit:  No such file or directory (errno 2):  unable to connect to X server
xinit:  No such process (errno 3):  Server error.
xauth: (argv):1:  bad display name "testjail:0" in "remove" command
testjail#
Reply With Quote
  #4   (View Single Post)  
Old 16th May 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

It's been a while since I last used jails, but from what I can remember sockets are disabled be default, you can enable them by setting the sysctl security.jail.allow_raw_sockets.

In addition, starting X by executing /usr/local/bin/twm won't work inside or outside of a jail, use xinit(1) and add exec /usr/local/bin/twm to your ~/.xinitrc
You can also use startx(1) which is a wrapper around xinit to provide xauth(1) support.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #5   (View Single Post)  
Old 17th May 2010
Mr-Biscuit Mr-Biscuit is offline
Banned
 
Join Date: May 2008
Posts: 272
Default

I've set rawsockets to 1 and also copied the keys from host to jail.

Code:
exec ssh-agent sh -c 'ssh-add </dev/null && exec /usr/local/bin/twm'
~
This is the .xinitrc from the jail/root directory.
If I ssh to the host by name, It will hang. Am I missing a command?
If I ssh to host by IP, it will be refused.

I'd like to be able to run jail on X at :1 and use it as a vnc server for the G3 but to have it in the background.
Apologies for the run on sentence.


I think my first problem now is here at ssh and then at xorg.
Reply With Quote
  #6   (View Single Post)  
Old 17th May 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Quote:
If I ssh to the host by name, It will hang. Am I missing a command?
If I ssh to host by IP, it will be refused.
Try to set up a simple ssh connection without X first: See if that works. Then move on to X. Set up one thing at a time: Start as simple as possible and add more complexity with steps.

Hint:
You can use the -v switch to display information about what SSH is doing, for example:
# ssh -v carpetsmoker@192.168.1.1

From ssh(1):
Code:
     -v      Verbose mode.  Causes ssh to print debugging messages about its
	     progress.	This is helpful in debugging connection, authentica-
	     tion, and configuration problems.	Multiple -v options increase
	     the verbosity.  The maximum is 3.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #7   (View Single Post)  
Old 17th May 2010
Mr-Biscuit Mr-Biscuit is offline
Banned
 
Join Date: May 2008
Posts: 272
Default

Ok.
There is success followed by failure.

Code:
testjail# ssh -v root@192.168.1.2 -p 8822
OpenSSH_5.2p1 FreeBSD-20090522, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.2 [192.168.1.2] port 8822.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2p1 FreeBSD-20090522
debug1: match: OpenSSH_5.2p1 FreeBSD-20090522 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2p1 FreeBSD-20090522
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: checking without port identifier
debug1: read_passphrase: can't open /dev/tty: No such file or directory
debug1: permanently_drop_suid: 0
ssh_askpass: exec(/usr/local/bin/ssh-askpass): No such file or directory
Host key verification failed.
testjail#
Reply With Quote
  #8   (View Single Post)  
Old 17th May 2010
Mr-Biscuit Mr-Biscuit is offline
Banned
 
Join Date: May 2008
Posts: 272
Default

I'm going to reset all of the keys. That seems to be one problem.
The other seems to be my setup of sshd_config. Let me try that first and then I'll post back here when I'm stumped.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DI-604; jail does not see network redshirt FreeBSD General 8 6th May 2010 02:09 PM
Set time in Jail tanked FreeBSD General 5 22nd August 2008 01:51 PM
Getting around Jail IP Adresses starbuck FreeBSD Security 8 9th August 2008 01:15 AM
Internet access within jail Weaseal FreeBSD General 5 26th June 2008 02:45 PM
Network not working in my jail. krreagan FreeBSD Security 7 5th May 2008 11:43 PM


All times are GMT. The time now is 01:31 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick