HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
pass in quick proto tcp from any to any port = 22 flags S keep state keep frags
6. Block any incoming connections which were not explicitly allowed.
block in log quick all
How to allow the SecureShell daemon to forward X11 traffic
First, change the SecureShell /etc/opt/ssh/sshd_config configuration file:
• Set X11Forwarding to yes,
• Set X11UseLocalhost to no.
Earlier versions of ssh don’t recognize the second entry. If it’s not there, you don’t
need to add it.
Then send a HUP signal to the sshd so that it will reread the sshd_config file.
How to display System Manager after SecureShell login as root and su to ids
Problem: You use ssh to log in to a host as root, then switch to user ids and get a
display error when opening an X window or starting idsgui. Here is the terminal
output:
# su ids
$ echo $DISPLAY
xxxx:10.0
NOTE: x.x.x.x stands for the IP address of the host.
:10.0 is an automatic result of X11 forwarding being enabled in ssh. You should not
manually set DISPLAY to :10.0.
$ ./idsgui
Unable to display the GUI on x.x.x.x:10.0
Please check the value of the environment variable
DISPLAY and verify that this machine is authorized
to connect to that display.
If you started your ssh session with the verbose mode, -v, you will see debug messages
similar to the following. Notice the statement “X11 connection uses different
authentication protocol: ‘MIT-MAGIC-COOKIE-1’ vs. ‘’.”
xsvr3: Received X11 open request.
xsvr3: Sending open confirmation to the remote host.
xsvr3: X11 connection uses different authentication protocol:
‘MIT- MAGIC-COOKIE-1’ vs. ‘’.
X11 connection rejected because of wrong authentication at
Tue Dec 31 15:11:30 2002.
Rejected connection at Tue Dec 31 15:11:30 2002: X11 connection
from ::ffff:15.27.232.106 port 56861
xsvr3: Channel 0 closes incoming data stream.
xsvr3: Channel 0 closes outgoing data stream.
xsvr3: Channel 0 sends oclosed.
280 Troubleshooting