SSH and X-Forwarding on CentOS 6

I encountered this error recently when trying to X forward to another remote site.

"Warning: No xauth data; using fake authentication data for X11 forwarding."

 

and there was no and doesn’t display picture.

These are the steps I took to trouble-shoot

  1. I checked my /etc/ssh/sshd_config and noted that the I have “X11Forwarding yes”
  2. On my .ssh/config, I have the “ForwardX11 yes”
  3. But one of my parameter /etc/ssh/sshd_config  “X11Uselocalhost yes”. Apparently,I was able to X11 Forward for hosts specify in my /etc/hosts file, but those outside my host file, I was not able to display the picture.
  4. But once I modified the  “X11Uselocalhost no”, the issue was resolved.

There was this post that a user explained quite well. (http://www.authsecu.com/nntp/comp-security-ssh/19540-comp-security-ssh-what-does-%22x11uselocalhost-no%22-do.htm)

When doing X forwarding, sshd listens on a TCP socket for connections from X clients. Normally, it will accept connections addressed to the loopback address only (127.0.0.1), restricting it to clients on the local host. X11UseLocalhost no means it will accept connections from anywhere. 

Unable to open /dev/sdb with fdisk

Taken from my old blog Unable to open /dev/sdb with fdisk

Fdisk is a menu driven program for creation and manipulation of partition tables. The device is usually something like /dev/sda, /dev/sdb. A device name refers to the entire disks. /dev/sd? is the partition of the device. For example, /dev/sda1 refers to the first partition of the first device.

If you issued a command and you receive a corresponding message “unable to open /dev/sdb”

# fdisk /dev/sdb

 

Unable to open /dev/sdb

Linux is unable to locate or find the partition. One method to verify that it is so, do a listing of the

devices fdisk can see. In this example below, the partition has been created already.

# fdisk -l

 

Disk /dev/sdb: 2997.4 GB, 2997426536960 bytes
255 heads, 63 sectors/track, 364416 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1      267349  2147480811   83  Linux

WARNING: The size of this disk is 3.0 TB (2997400633344 bytes).
DOS partition table format can not be used on drives for volumes
larger than 2.2 TB (2199023255040 bytes). Use parted(1) and GUID
partition table format (GPT).

Once you have verified the presence of the device, do a fdisk /dev/sdb again

 

xrdp_mm_process_login_response: login failed on CentOS 6

This post is taken from my old blog xrdp_mm_process_login_response: login failed

If you encountered this error xrdp_mm_process_login_response: login failed when you use the remote desktop connection to connection to a vnc session.

Even if you restart xrdp, the error still remain, the issue could be due to locked  X11 session that was created by xrdp.

To solve the issue, go to the/tmp/.X11-unix/ and find your X session and delete the session.

# cd /tmp/.X11-unix

Do a listing

# ls -l

Look at the session owned by you which you wished to delete

.....
.....
srwxrwxrwx 1 root      root  0 Jul  9  2012 X0
srwxrwxrwx 1 user1  users 0 Jan 25 09:13 X1
srwxrwxrwx 1 user2      users 0 Jul 10  2012 X10
srwxrwxrwx 1 user3     users 0 Feb 19 13:31 X11
srwxrwxrwx 1 user4  users 0 Nov 20 15:10 X12
srwxrwxrwx 1 user5     users 0 Jul 10  2012 X13
.....
.....

Delete the session……

If xrdp still fails, it seems that it is due to orphaned X–. Once xrdp hits an orphaned X– which may or may not be from other users, the error will still remain.

To see the orphaned X11 session, you can do a vncserver, which you will see something like that

# vncserver

 

Warning: Head-Node:1 is taken because of /tmp/.X11-unix/X1
Remove this file if there is no X server Head-Node:1

Delete all the orphaned X–
Restart the xrdp service and try the remote connection.

# service xrdp restart

If you are still having the issue, do look at alternative solution

  1. X Server — no display in range is available. xrdp_mm_process_login_response: login failed

 

Fixing Authentication is required to set the network proxy used for download packages on CentOS 6

This was an old post from my dated blogger Fixing Authentication is requried to set the network proxy used for download packages for CentOS 6

I encountered this pop-up error today when I was xrdp into my CentOS 6. The error was something like this

authentication is required to set the network proxy used for downloading packages.  
An application is attempting to perform an action that requires privileges.  
Authentication as the super user is required to perform this action" and asking  
for the root password



Non-root users

Step 1: Launch a Terminal Console and type

# gnome-session-properties

Step 2: Uncheck PackageKit Update Applet .

See pix below.

Root User

Step 1: Disabled /etc/yum/pluginconf.d

# vim /etc/yum/pluginconf.d/refresh-packagekit.conf
[main]
enabled=0

 

Making HTTP Server less vulnerable DOS Attack

**These steps were done on CentOS 6 Server

Step 1: Upgrade Apache HTTP to the latest version

# yum update httpd

Step 2: Edit the httpd.conf.

# vim /etc/httpd/conf/httpd.conf

Inside httpd.conf. Scroll all the way to LoadModule………. section and add the line

LoadModule reqtimeout_module modules/mod_reqtimeout.so

Step 3: Create a /etc/httpd/conf.d/reqtimeout.conf and put in the informationbelow

<ifmodule reqtimeout_module>
RequestReadTimeout header=10-20,minrate=500
RequestReadTimeout body=10,minrate=500
</ifmodule>

Step 4: To check whether the apache module is loaded, do

# apachectl -M

Or

apache2ctl -M

References:

  1. Mitigating WAS QID 150085 Slow HTTP POST Vulnerability on Apache

 

xRDP Connection Errors on CentOS 6

After yum install xrdp and starting the service, I encountered the error during remote desktop to the Linux Box.

connecting to sesman ip 127.0.0.1 port 3350
sesman connect ok
sending login info to session manager, please wait...
xrdp_mm_process_login_reponse: login successful for display
started connecting
connecting to 127.0.0.1 5910
error - problem connecting

At the /var/log/xrdp-sesman.log

......
[20141118-23:53:40] [ERROR] X server for display 10 startup timeout
[20141118-23:53:40] [INFO ] starting xrdp-sessvc - xpid=2998 - wmpid=2997
[20141118-23:53:40] [ERROR] X server for display 10 startup timeout
[20141118-23:53:40] [ERROR] another Xserver is already active on display 10
[20141118-23:53:40] [DEBUG] aborting connection...
[20141118-23:53:40] [INFO ] ++ terminated session:  username root, display :10.0
.....

I have installed the necessary GNOME Desktop packages. Installing GNOME Desktop on CentOS 6 on a console before installing xrdp.

But the solution is quite simple. You need to install the tigervnc-server package and just the tigervnc only.

# yum install tigervnc-server

Restart the xrdp again.

# service xrdp restart

 

Trying to allocate 1005 pages for VMLINUZ error when booting with RHEL or CentOS 6.5 disks

VMLINUZ2

I was booting the RHEL 6.5 or CentOS 6.5 on a IBM PureFlex System and I have this error. This occurs when When installing Red Hat Enterprise Linux 6 from DVD media the installation will default to native Extensible Firmware Interface (EFI) mode boot. I do not have

According to IBM Website,

The workaround is simply to install the operating system in the traditional legacy mode, since there is generally no reason to install in other than Legacy mode. The workaround is only necessary if the media you are booting defaults to EFI mode (DVD or EFI Preboot eXecution Environment (PXE)) otherwise a legacy installation (e.g. – traditional PXE) is the default and is unaffected by this issue.

To force a legacy installation of the operating system from the EFI bootable DVD media the user should:

Press F12 key when the IBM splash screen is shown during system boot.
Select Legacy Only option and press Enter.
The operating system will boot and install in traditional legacy boot mode.

And the issue was resolved.

References:

  1. Red Hat Enterprise Linux 6 (RHEL6) native Extensible Firmware Interface (EFI) install is not supported with greater than 512 GB memory – IBM System x and BladeCenter
  2. Bug 691860 – UEFI version of ISO fails to boot when &gt;4gig (since f14)

Limiting Users on PBS Professional

Scenario 1: How do we restrict the users to a certain maximum job size within a maximum concurrent number of jobs?

For example, if you would like to restrict users using this queue to a maximum of 4 cores per jobs. But his or her concurrent jobs cannot exceed 16?

qmgr -c "set queue workq max_run_res.ncpus = [u:PBS_GENERIC=16]"
qmgr -c "set queue workq resources_max.ncpus = 4"

The first limit sets max of 16 cores per user for the workq queue (for all jobs)
The second limit sets max of 4 cores per job for workq queue

 

Scenario 2: How do we ensure that users only run a minimum number of cores in the queue?

For example, if you would like to restrict the users to a minimum 32 cores per job.

qmgr -c " s q workq resources_min.ncpus=32"

Test:

qsub -l select=1:ncpus=16 -q workq -- /bin/sleep 100
qsub: Job violates queue and/or server resource limits