* Ashish Gulhati (hash@netropolis.org) [020701 16:17]: > > > Okay, having X11 listening for TCP connections with xhost + > > enabled didn't help. > > > > I'm open to other suggestions. :) > > Having X listening on the remote host isn't necessary for X11 > forwarding, nor is it necessary to do xhost + > > Just use -X and make sure the host mentioned in the DISPLAY variable > in the remote shell does resolve to the host you're ssh-ing from. Or > change DISPLAY to use the IP address instead. No, that's not right, either. If you have DISPLAY set in the environment of the ssh client when it connects, and the remote sshd and local ssh are instructed to allow it, ssh forwarding takes place. It gets set up by creating a virtual X server on the remote machine and setting DISPLAY there to that (something like remote:10.0). X clients run remotely connect to that virtual X server, which simply acts as a sort of proxy to send the X data through the ssh tunnel to the X server on the local machine. So DISPLAY won't be set to the local ssh client machine. If it is, the X clients will be sending their data straight to the local client over the network, in the clear! (If the local X server is set to listen for it, which it shouldn't be, and isn't by default on recent debian systems.) Once it's working, you shouldn't have to touch DISPLAY. (Except possibly to make sure it's set to the right thing on the LOCAL side, before the connection is ever attempted. That should only happen if your environment is whacked for some other reason, though.) good times, Vineet -- http://www.doorstop.net/ -- "Computer Science is no more about computers than astronomy is about telescopes." -E.W. Dijkstra
Attachment:
pgp6koDXDBpO5.pgp
Description: PGP signature