Forms6i via ssh F-Keys

Similar Messages

• Remote login via ssh and public keys

  I'm not exactly a UNIX expert, but I need to be able to remote login to my PowerBook. The problem with enabling ssh is that as soon as I'm on campus, all kinds of nefarious hosts try brute force attempts to crack my password. I've heard that public/private key logins are the answer, and I've managed to get the public key in the right place on my PowerBook (the private key resides on my iPhone, from which I'll be logging in). But I have two questions:
  1) How do I disable logins via user/password?
  2) When I use my private key, I'm asked to enter the password for the key -- ssh isn't properly storing that password. I've checked permissions, but how can I get ssh to store that password, as it should?

  1) In Sharing > Remote Login, do I still need an account listed to be able to use ssh logins with a public key? I ask because currently (i.e. password authentication enabled), when no accounts are listed, login via public key doesn't work. In other words, an account has to be listed for public key logins to work.
  Yes you still need an account name to login to that computer. However you don't need to specify an account in the sharing preferences. You can lock down the security further by limiting which user accounts can login via ssh.
  by default if you don't specify a username when you login it will use the username of the device your logging in from. So to use an alternative login name you would use
  ssh [email protected]
  whereas john can be anyname or your choosing.
  Put another way: if turn off password authentication for ssh in sshd_config, how should Sharing > Remote Login be configured?
  If you turn off password authentication you still need to allow your user account to login via ssh in the sharing preferences or you can allow all.
  2) According to that MacOS X Hints article:
  "Leopard has now a built-in support for SSH authentication with public keys.
  OSX has been able to use ssh public key authentication since day 1 of the beta release of osx. It is not new to leopared it has been around for years.
  Just open Terminal and ssh to your public-key-enabled server. A Keychain window appears, proposing you to enter the pass phrase, and then remembering it in your keychain. "
  I have not used this functionality as I don't use any passwords for ssh logins.
  They're talking about the password associated with the key. But on second thought, that password is being saved on the client, not the server, right?
  I am sure this is the case.

• Accessing Disabled Accounts via ssh

  We have user accounts on our OS X Tiger Server where the user has installed a public key into their ~/.ssh/authorized_keys file.
  The problem:
  If I uncheck "access account" in Workgroup Manager for one of those users, they can still login to the server via ssh, authenticating with their private key.
  So, how can I truly disable access to an account that has a key pair installed for ssh?
    Mac OS X (10.4.5)  

  Have you tried using WGM to change their login shell to "none"?

• Neighbors Mac mini (10.3.9) was exploited via SSH

  My neighbor called me a couple of weeks ago to say she couldn't log in to her mini. It wouldn't accept her password. I fixed it but last weekend the same thing happened again. I fixed it but decided to look around. I found a couple of perl files in her home folder, a few tgz files, and some software for running a shoutcast server. I knew right away someone had gained access to her machine. All because when I set her mini up, I turned Remote connectivity via SSH on. I checked her bash history file and found that someone had downloaded those files using the curl command from some Romanian sites. The files were definitely cracker related, although I don't remember exactly what the names were. I think one of them was spoofer or something like that.
  I'm going to send an email to Apple on this in hopes that they add a security patch to 10.3.9.
  I have since reinstalled OS X and NOT turned on Remote Connectivity.

  Hi Dale,
     Are you saying that you think that Apple enables the finger daemon by default? I don't believe that to be the case. On Tiger, the /System/Library/LaunchDaemons/finger.plist file that ships with the system contains the following line:
  <key>Disabled</key>
  On Panther, the /etc/xinetd.d/finger file that ships with Panther contains the line:
  disable = yes
  Thus, on both systems, the fingerd daemon doesn't respond to finger requests from external systems. I tested that and the only thing that finger returns is the name of the remote system in square brackets.
     Also, the script kiddy attack to which I referred is nowhere near that sophisticated. I haven't actually read the script but the list of users it tries appears to always be the same. I agree with you that it might be possible to gain knowledge about the usernames on many systems, especially those running fingerd. However, excepting for finger and maybe LDAP, the methods for doing that would likely be different for different systems. This script goes for quantity instead of quality so it doesn't spend enough time on any one system to do any probing.
     As Michael says, Mac OS X ships with all services turned off, including fingerd. I don't think that Apple's firewall tool is of any use because it's "all-or-nothing". Opening a port to the world or blocking it is no different from turn the corresponding service on or off. However, I've never seen a GUI tool that did much better so I don't see that as a ding against Apple.
     I've read too many of your extremely knowledgeable posts to think that you rant arbitrarily. Of course people with such excellent reputations are allotted 5 random rants per calendar year here so you're allowed. If you post the details about the problems you're having, perhaps we could help. You should be able to solve almost any issues about services with a solid firewall.
  Gary
  ~~~~
     Am I ranting? I hope so. My ranting gets raves.

• TACACS auth working via SSH, but not HTTP (ACS 5.1 / 3560)

  Experts,
  My switches are able to successfully authenticate user access against ACS 5.1 via SSH with TACACS+, but I am not able to authenticate via HTTPS with TACACS+.  I don't even get a log in ACS when attempting to authenticate via HTTPS.
  Here is my AAA config, followed by a debug:
  aaa new-model
  aaa authentication login ACCESS group tacacs+ local
  aaa authorization console
  aaa authorization config-commands
  aaa authorization exec ACCESS group tacacs+
  aaa authorization commands 1 Priv1 group tacacs+ none
  aaa authorization commands 15 Priv15 group tacacs+ none
  aaa authorization network ACCESS group tacacs+
  aaa accounting exec ACCESS start-stop group tacacs+
  aaa accounting commands 0 ACCESS start-stop group tacacs+
  aaa accounting commands 1 ACCESS start-stop group tacacs+
  aaa accounting commands 15 ACCESS start-stop group tacacs+
  aaa session-id common
  ip http authentication aaa login-authentication ACCESS
  ip http authentication aaa exec-authorization ACCESS
  ip http authentication aaa command-authorization 1 Priv1
  ip http authentication aaa command-authorization 15 Priv15
  ip http secure-server
  no ip http server
  tacacs-server host X.X.X.X key 7
  tacacs-server timeout 3
  tacacs-server directed-request
  Debug:
  47w4d: HTTP AAA Login-Authentication List name: ACCESS
  47w4d: HTTP AAA Exec-Authorization List name: ACCESS
  47w4d: HTTP: Authentication failed for level 15
  Shell authorization profiles are working in ACS when SSHing to devices (Priv1 and Priv15), and I can't figure out why its not working for HTTPS.
  Any ideas?

  Thank you for your response, here is the debug from the 3560:
  BC-3560-48-6-1-1#
  48w0d: HTTP AAA Login-Authentication List name: ACCESS
  48w0d: HTTP AAA Exec-Authorization List name: ACCESS
  48w0d: TPLUS: Queuing AAA Authentication request 0 for processing
  48w0d: TPLUS: processing authentication start request id 0
  48w0d: TPLUS: Authentication start packet created for 0(varnumd)
  48w0d: TPLUS: Using server 10.10.0.16
  48w0d: TPLUS(00000000)/0/NB_WAIT/458EDA8: Started 3 sec timeout
  48w0d: TPLUS(00000000)/0/NB_WAIT: socket event 2
  48w0d: TPLUS(00000000)/0/NB_WAIT: wrote entire 27 bytes request
  48w0d: TPLUS(00000000)/0/READ: socket event 1
  48w0d: TPLUS(00000000)/0/READ: Would block while reading
  48w0d: TPLUS(00000000)/0/READ: socket event 1
  48w0d: TPLUS(00000000)/0/READ: read entire 12 header bytes (expect 16 bytes data)
  48w0d: TPLUS(00000000)/0/READ: socket event 1
  48w0d: TPLUS(00000000)/0/READ: read entire 28 bytes response
  48w0d: TPLUS(00000000)/0/458EDA8: Processing the reply packet
  48w0d: TPLUS: Received authen response status GET_PASSWORD (8)
  48w0d: TPLUS: Queuing AAA Authentication request 0 for processing
  48w0d: TPLUS: processing authentication continue request id 0
  48w0d: TPLUS: Authentication continue packet generated for 0
  48w0d: TPLUS(00000000)/0/WRITE/4332F88: Started 3 sec timeout
  48w0d: TPLUS(00000000)/0/WRITE: wrote entire 30 bytes request
  48w0d: TPLUS(00000000)/0/READ: socket event 1
  48w0d: TPLUS(00000000)/0/READ: read entire 12 header bytes (expect 6 bytes data)
  48w0d: TPLUS(00000000)/0/READ: socket event 1
  48w0d: TPLUS(00000000)/0/READ: read entire 18 bytes response
  48w0d: TPLUS(00000000)/0/4332F88: Processing the reply packet
  48w0d: TPLUS: Received authen response status PASS (2)
  48w0d: TPLUS: Queuing AAA Authorization request 0 for processing
  48w0d: TPLUS: processing authorization request id 0
  48w0d: TPLUS: Inappropriate protocol: 25
  48w0d: TPLUS: Sending AV service=shell
  48w0d: TPLUS: Sending AV cmd*
  48w0d: TPLUS: Authorization request created for 0(varnumd)
  48w0d: TPLUS: Using server 10.10.0.16
  48w0d: TPLUS(00000000)/0/NB_WAIT/4332E18: Started 3 sec timeout
  48w0d: TPLUS(00000000)/0/NB_WAIT: socket event 2
  48w0d: TPLUS(00000000)/0/NB_WAIT: wrote entire 46 bytes request
  48w0d: TPLUS(00000000)/0/READ: socket event 1
  48w0d: TPLUS(00000000)/0/READ: Would block while reading
  48w0d: TPLUS(00000000)/0/READ: socket event 1
  48w0d: TPLUS(00000000)/0/READ: read 0 bytes
  48w0d: TPLUS(00000000)/0/READ/4332E18: timed out
  48w0d: TPLUS: Inappropriate protocol: 25
  48w0d: TPLUS: Sending AV service=shell
  48w0d: TPLUS: Sending AV cmd*
  48w0d: TPLUS: Authorization request created for 0(varnumd)
  48w0d: TPLUS(00000000)/0/READ/4332E18: timed out, clean up
  48w0d: TPLUS(00000000)/0/4332E18: Processing the reply packet
  48w0d: HTTP: Authentication failed for level 15

• Disable Non-Root Connections to WindowServer via SSH

  I recall that in previous versions of Mac OS, one could not start an application in another user's workspace via SSH unless they were root, e.g. by running /Applications/Safari.app/Contents/MacOS/Safari at the prompt. The error given was something about being unable to make a connection to the windowserver. Root privileges were required to do so.
  However, I note that now in Mountain Lion I can run, for example, the previous command and my Safari will pop up in the session of the currently logged in user, neither of us being root or even administators.
  Is there a way to revert to the old behaviour (without disabling Remote Login, obviously)? I note some potential for evil, e.g. "/Applications/Utilities/Vine\ Server.app/Contents/MacOS/Vine\ Server &" to start a VNC server and, violá! surreptitious monitoring/control of active session...

  This was previously not possible.
  It has always been possible via the open(1) command. In any case, that doesn't matter. SSH access is unlimited access, unless you allow only public-key logins and specify a command to be executed in the authorized_hosts file. There is no security issue here.

• Error connecting from Mac to Linux via SSH (Permission denied (publickey...

  Hello together,
  I have a perfectly working setup with my XP machine, Putty and my Suse Linux server that allow for remote login via SSH. I use Public Key authentication.
  However, when I try to login from my Mac, all I get from the Mac side is a
  "Permission denied (publickey,keyboard-interactive)."
  And I can't establish the connection. On the server in 'messages' I get:
  "sshd{6046}: Accepted publickey for {userName} from {myHomeIP} port 38335 ssh2"
  What could be wrong here?
  I would like to use the same keys on my PC and my Mac so I just copied the key files into the .ssh directory on the Mac, did a chmod 600 on them and then tried to remote log-on with the follwoing from the terminal:
  "ssh -l {userName} {host} -i {keyFile}"
  My questions are:
  1) How am I sure that the Mac uses the right key files? (or uses them at all)
  2) How come my server says "accept publickey" and no connection is established?
  3) Do you have any other idea on how I might get this to work? What I need is a method to copy files (not via FTP) to my server and let the process run without supervision / user interaction.
  Thanks a lot for all your help!
  Cheers
  Message was edited by: Sebastian_R (some typos)

  If you copied your files from Windows, I would check to make sure your lines are <LF> terminated. I have not played with Putty so I do not know the way it line terminates its ssh key files, but Windows has a long tradition of using <CR><LF> to terminate its lines.
  cat -v ~/.ssh/id_rsa # or whatever your file names are
  If there are <CR> characters in the file, they will show up as ^M
  Next get more diagnostic information from ssh using an *ssh -v -v -v*
  If you know how to tell Putty to do the same thing, do it from Putty as well.
  Now compare the debug output from the working vs the non-working ssh commands. The differences will tell you a lot.
  If you look at *man ssh* and search for permissions it will tell you what files need restrictive permissions. You can get a permissions denied error if your home directory allows Group or Other write access. The $HOME/.ssh directory needs to be set so ONLY the Owner is allowed to access it. And some of the files in $HOME/.ssh require specific permissions. The ssh man page details this.

• Using a CVS repository via ssh from a Windows Machine

  I'm trying to set up a connection
  via ssh to a CVS repository (on Linux) with JDev 9.0.5.1
  (build 1605) on Windows. I'd like to use password to
  authenticate myself to CVS repository.
  Shay Shmeltzer pointed me to
  http://helponline.oracle.com/jdeveloper/help/state?navSetId=jdeveloper&navId=4&vtTopicId=&vtTopicFile=jdeveloper/using_support_for_tbd/scm_p_settingupcvs.html
  The solution explained there need access to the remote
  server in order to insert the key in authorized_keys,
  and we don't have this kind of access (the CVS repository
  is not mantained by our company).
  Do you think JDev will support password authentication
  for CVS/ssh in some future release?
  We're currently using WinCVS Client to access that
  repository, and each time we connect to the
  repository, a DOS windows appears asking us the password.
  I guess that this could be a solution.
  Thanks
  --luca

  We used to try to support popuping up the console, but that never worked too well from Java.
  Here's some thoughts on the matter from an article at http://www.devguy.com/fp/cfgmgmt/cvs/cvs_ssh.htm
  Hiding Your Password without Public Keys
  If you want to avoid typing your password at the command line for each operation and don't have the ability to put your public key on the SSH server...
  1. Create the following one-line Perl script and save it as my_ssh_cvs.pl
  system("plink.exe", "-ssh", "-pw", "YOURPASSWORD", @ARGV);
  2. Use PERL2EXE or ActiveState's perldevkit (perlapp -f my_ssh_cvs.pl) to create an executable from the script, e.g., my_ssh_cvs.exe
  3. Delete my_ssh_cvs.pl
  4. Run WinCVS
  5. Select Admin/Preferences...
  6. Click Settings... (for the ssh protocol)
  7. Click "If ssh is not in the PATH" and enter my_ssh_cvs.exe
  8. For "additional SSH options", leave it blank
  (however use the external locator in the connection wizard in JDeveloper to locate the my_ssh_cvs.exe)
  (note: this isn't officially suppported nor endorsed)
  Rob
  Team JDev

• Not able to login to FWSM via SSH client

  When i am trying to login to FWSM via SSH client and it is throwing an error that "SSH server rejected your password Try again"

  Hello,
  Not sure how you want me to help. The error says it all! The password is wrong.
  Do you have any other username/password that you could use to connect and change yours as it looks you forgot it. Otherwise try to access it via console and change it.
  Regards.
  Jcarvaja
  Senior Network Security and Core Specialist
  CCIE #42930, 2-CCNP, JNCIS-SEC
  For inmediate assistance hire us at http://inetworks.cr/our-rates/

• SFTP Issue in OSB invocation resulted in an error: com.maverick.ssh.SshException: ssh-dss Key Not Found for host hostname,ip

  I created a Proxy Service to do pull file and push it to sftp server
  known_hosts file is present on OSB server.
  It has abcserverhostname,IP ssh-rsa AA................. ==
  I created a business service to do SFTP push to sftp server (remote) - Its not working.
  <Error> <SFTPTransport> <BEA-381826> <Key Not Found for host hostname,10.124....>
  com.maverick.ssh.SshException: ssh-dss Key Not Found for host hostname,10.124.....
    at com.bea.wli.sb.transports.sftp.client.KnownHostVerifier.onUnknownHost(KnownHostVerifier.java:37)
  My Business Service
  End Point URI : sftp://sftpserverhostname:22/directorypath
  Authetication Mode : user name, password.I have created a Service Account for sftpserver and imported in Business Service.
  Do I need to give anything else in known_hosts file ?
  and hostname can be any random name?
  <Dec 11, 2013 1:45:37 PM GMT+08:00> <Error> <SFTPTransport> <BEA-381801> <Error occured for endpoint com.bea.wli.sb.transports.TransportException: com.maverick.ssh.SshException: ssh-dss Key Not Found for host hostname,10.124....
  com.bea.wli.sb.transports.TransportException: com.maverick.ssh.SshException: ssh-dss Key Not Found for host
    at com.bea.wli.sb.transports.sftp.connector.SFTPTransportProvider.sendMessage(SFTPTransportProvider.java:161)
    at com.bea.wli.sb.transports.sftp.connector.SFTPTransportProvider.sendMessageAsync(SFTPTransportProvider.java:111)
    at sun.reflect.GeneratedMethodAccessor566.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    Truncated. see log file for complete stacktrace
  Caused By: com.maverick.ssh.SshException: ssh-dss Key Not Found for host eirnode2,10.124.10.16
    at com.bea.wli.sb.transports.sftp.client.KnownHostVerifier.onUnknownHost(KnownHostVerifier.java:37)
    at com.sshtools.publickey.AbstractKnownHostsKeyVerification.A(Unknown Source)
    at com.sshtools.publickey.AbstractKnownHostsKeyVerification.verifyHost(Unknown Source)
    at com.maverick.ssh2.TransportProtocol.C(Unknown Source)
    at com.maverick.ssh2.TransportProtocol.processMessage(Unknown Source)
    Truncated. see log file for complete stacktrace

  BEA-381826 suggest that there is any issue with your public key in known_host file, can you cross verify it again. Also can you check if known_host file has appropriate permissions and I am assuming it is in /OSB_DOMAIN/osb/transports/sftp folder.
  Hostname,IP algorithm publickey are the hostname, ip, and public key of SFTP server.
  As per troubleshooting guidelines
  The Key not found for IP, host error message indicates that the known_hosts file does not contain an entry that corresponds to the specified IP-host combination. If the entry exists, then try with another algorithm key; for example, if the earlier attempt was with an RSA key, try again with a DSA key.
  Cheers,
  Sahil

• SSH public key issue?

  Hi all,
  I've been trying to set up public key authentication for SSH recently, and have come across a problem which has left me stumped. I want to be able to SSH into computer A (iBook G4, 10.5.1) from computer B (iMac G4, 10.5.0), and vice versa. At the moment, both these machines are on the same LAN, and SSH-ing to their respective local addresses works fine - A can connect to B, and B can connect to A (e.g. ssh -l username computerA.local). So far so good.
  The end goal is to allow SSH access between my two machines over the web, using No-ip.com's dynamic DNS app. Both machines have this daemon installed and running. When SSh-ing to the machines using their no-ip DNS names (e.g. ssh -l username computerA.no-ip.org) for some reason connecting from B to A works fine, but from A to B throws up a "Permission denied (publickey)" error.
  As far as I'm aware, I've set up all the ssh_config and sshd_config files on both machines correctly, specifying the correct protocols and key files, and neither machine is firewalled. Both are running OpenSSH 4.5p1.
  Can anyone think of a reason why this is happening?
  Thanks in advance,
  Pete

  Are both A and B behind the same home router? If so, it is likely that both the computerA.no-ip.org IP address is the same as the computerB.no-ip.org IP address, and you have only configured your home router to forward ssh connections to computerA.no-ip.org.
  You home router would typically only have 1 internet WAN IP address. The no-ip client is going to figure out the router's WAN IP address and give that address to computerA.no-ip.org and computerB.no-ip.org DNS names.
  If my guess is correct, then when telling A to connect to B, the name lookup for B gives an IP address which is your router, and your router then forwards port 22 traffic to back to A, and since you most likely have not put A's ssh .pub key into A's .ssh/authorized_key2 file, it fails to connect.
  One way to verify my guess is to ask http://whatismyip.com from both A and B. If you get the same IP address, then computerA.no-ip.org and computerB.no-ip.org DNS names will have the same IP address and thus from the DNS name level there is no way to tell the difference between computerA.no-ip.org and computerB.no-ip.org.
  Again, if I am correct, then what you want to do is configure your router to
  forward port 22100 to A port 22
  forward port 22101 to B port 22
  Then when you want to make an ssh connection use
  ssh -p 22100 [email protected]
  ssh -p 22101 [email protected]

• Connection hange while trying to connect via ssh.

  Hi all,
  I have this problem and i fixed it, just wanted to understand the logic behiend it.
  I tried to login to a machine via ssh.
  After providing the username and password, the connection hang until you press CTRL -C.
  I checked DNS configuration, and some other stuff.
  The problem was a NFS entry in the vfstab that was unreachable.
  When i removed it, the connection went smoothlly.
  My question is, why that entry caused that problem ?
  Thanks!

  At login, the shell runs 'quota -v' to display any over-quota conditions that might exist.
  If the NFS mount was not mounted with "noquta", then it will send an RPC request to the server. If the server is down, that request will take 60 seconds to time out. If you have multiple mounts to the server, they might run sequentially.
  The login should complete after a minute or so, but most users won't wait that long.
  Darren

• ORA Connect via SSH Tunnel on Windows failed! LINUX works ...

  Hello again,
  i tried to establish a Oracle Client Connection via SSH Tunnel on WinXP Pro.
  1. Opened SSH-Tunnel Connection with plink (putty)
  TUNNEL: 10.5.1.111:1521 => localhost:1521
  (plink works fine with telnet, MySQL Client and other stuff)
  2. Connected with Oracle Client on Tunnel END => Localhost, Port 1521
  3. WIth ORA8i i got: Paket Error, With ORA10g i get: TNS: no listener
  plink works fine, so i dont think the problem is located there.
  i tried, tnsnames.ora, easyconnect and TNS-Less. So i guess, its not related to the connection method.
  i tried the same on LINUX ... ssh tunnel and sqlplus connect ... IT WORKS !
  Does Oracle need an aditional Port?
  Does it have Problems with WIN2UNIX Connections? (ORA DB is on UNIX)
  tnx

  Hi,
  Hum..., I guess this not work!
  Looking for this schema below, you need put the 1521 port
  If you desire, access the www.ssh.com site and download other ssh program
             Secure Connection
     +---->-------[SSH]-------->-----+
     |                               |
     |                               |
     ^                               |
     |       Insecure Connection     v
  CLIENTE--->--------------------> ORACLE
  ssh2 -l oracle -L 1521:192.148.1.251:1521 200.10.11.12
                      |          |                |
                      |          |                |
                 A  LOCAL        |                |
                 B       INTERNAL IP ORACLE       |
                 C                       EXTERNAL IP (GATEWAY)
                                                       C                             B
        | Firewall| . . . . .|INTERNET| . . . . . . |Firewall| . . . . . . . . . . |ORACLE|
        | Gateway |                                 |Gateway |                 192.148.1.251:1521
             .                                     200.10.11.12                                  
       A     .
     |Oracle Client|
     (TNSNAMES.ORA)
       <SERVICO> =
         (DESCRIPTION =
           (ADDRESS_LIST =                     
             (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
           (CONNECT_DATA =
             (SID = <ORCL>)
         )Cheers

• Power ran fully out on my MacBook Pro and is currently recharging. However, cannot get it to restart. Totally dark and have tried to deactivate via power button, keys and track pad but get no response

  Power ran fully out on my MacBook Pro and is currently recharging. However, cannot get it to restart. Totally dark and have tried to deactivate via power button, keys and track pad but get no response

  Sulapeace,
  for how long has your MacBook Pro been recharging? Has the light on your MagSafe connector changed color since you’d started recharging it? What do your battery level indicator lights show when you press the button next to them?

• Bug between JRockit and X11 forwarding via ssh

  I have encountered what appears to be a bug in the interaction of JRockit with X11 ssh forwarding.
  When running any Java GUI application on a remote machine using X11 forwarding via ssh, a variety of problems occur. For example:
  --- cut here ---
  % mitrion-ide
  The program '' received an X Window System error.
  This probably reflects a bug in the program.
  The error was 'BadAtom (invalid Atom parameter)'.
    (Details: serial 189 error_code 5 request_code 20 minor_code 0)
    (Note to programmers: normally, X errors are reported asynchronously;
     that is, you will receive the error a while after causing it.
     To debug your program, run it with the --sync command line
     option to change this behavior. You can then get a meaningful
     backtrace from your debugger if you break on the gdk_x_error() function.)
  --- cut here ---That's the good case. When running the rmmlite application (available at https://rmml.dev.java.net/servlets/ProjectDocumentList?folderID=437&expandFolder=437&folderID=438 ), I experience what appears to be a near-lockup of my local workstation.
  Neither of these problems occur if I set my DISPLAY to not use ssh X11 forwarding. Likewise, non-Java applications work just fine with ssh X11 forwarding. Therefore the problem seems to be limited to the Java + ssh X11 forwarding combination.
  I have a suitable workaround (i.e. setting the DISPLAY variable to avoid ssh X11 forwarding), but I thought this was worth bringing to BEA's attention. I'd also be curious to know if others have run into similar difficulties.
  Here are the configuration details:
  Remote X11 client (where applications are hosted)
  =================================================
  % java -version
  java version "1.4.2_12"
  Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_12-b03)
  BEA JRockit(R) (build R27.1.0-109-73164-1.4.2_12-20061129-1418-linux-ia32, compiled mode)
  % uname -a
  Linux earthling 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 athlon i386 GNU/Linux
  % rpm -qa | grep openssh-server
  openssh-server-3.9p1-8.RHEL4.12
  This is a vanilla RedHat Linux RHEL 4 Update 3 system, with all other versions of Java removed.
  Local workstation (i.e. X11 server)
  ===================================
  % uname -a
  FreeBSD somewhere.sgi.com 6.2-RELEASE FreeBSD 6.2-RELEASE #5: Mon Jan 15 08:41:01 CST 2007 [email protected]:/usr/obj/usr/src/sys/somewhere i386
  % ssh -v
  OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
  % pkg_info -Ix xorg-server
  xorg-server-6.9.0_3 X.Org X server and related programs
  Thank you,
  Brent Casavant

  Brent,
  it would be nice to know if this problem is specific to the JRockit JDK or
  if you also can reproduce it using the corresponding Sun JDK 1.4.2. Please
  do also try with a later version such as latest JRockit JDK 5.0.
  Thanks
  /Robert
  <Brent Casavant> wrote in message news:[email protected]...
  I have encountered what appears to be a bug in the interaction of JRockit
  with X11 ssh forwarding.
  When running any Java GUI application on a remote machine using X11
  forwarding via ssh, a variety of problems occur. For example:
  --- cut here ---
  % mitrion-ide
  The program '' received an X Window System error.
  This probably reflects a bug in the program.
  The error was 'BadAtom (invalid Atom parameter)'.
    (Details: serial 189 error_code 5 request_code 20 minor_code 0)
    (Note to programmers: normally, X errors are reported asynchronously;
     that is, you will receive the error a while after causing it.
     To debug your program, run it with the --sync command line
     option to change this behavior. You can then get a meaningful
     backtrace from your debugger if you break on the gdk_x_error() function.)
  --- cut here ---That's the good case. When running the rmmlite application (available at
  https://rmml.dev.java.net/servlets/ProjectDocumentList?folderID=437&expandFolder=437&folderID=438 )
  , I experience what appears to be a near-lockup of my local workstation.
  Neither of these problems occur if I set my DISPLAY to not use ssh X11
  forwarding. Likewise, non-Java applications work just fine with ssh X11
  forwarding. Therefore the problem seems to be limited to the Java + ssh X11
  forwarding combination.
  I have a suitable workaround (i.e. setting the DISPLAY variable to avoid ssh
  X11 forwarding), but I thought this was worth bringing to BEA's attention.
  I'd also be curious to know if others have run into similar difficulties.
  Here are the configuration details:
  Remote X11 client (where applications are hosted)
  =================================================
  % java -version
  java version "1.4.2_12"
  Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_12-b03)
  BEA JRockit(R) (build R27.1.0-109-73164-1.4.2_12-20061129-1418-linux-ia32,
  compiled mode)
  % uname -a
  Linux earthling 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686
  athlon i386 GNU/Linux
  % rpm -qa | grep openssh-server
  openssh-server-3.9p1-8.RHEL4.12
  This is a vanilla RedHat Linux RHEL 4 Update 3 system, with all other
  versions of Java removed.
  Local workstation (i.e. X11 server)
  ===================================
  % uname -a
  FreeBSD somewhere.sgi.com 6.2-RELEASE FreeBSD 6.2-RELEASE #5: Mon Jan 15
  08:41:01 CST 2007
  [email protected]:/usr/obj/usr/src/sys/somewhere i386
  % ssh -v
  OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
  % pkg_info -Ix xorg-server
  xorg-server-6.9.0_3 X.Org X server and related programs
  Thank you,
  Brent Casavant