[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More SSH Fun (X11 forwarding)



* Ashish Gulhati (hash@netropolis.org) [020701 16:17]:
> 
> > Okay, having X11 listening for TCP connections with xhost +
> > enabled didn't help.
> > 
> > I'm open to other suggestions. :)
> 
> Having X listening on the remote host isn't necessary for X11
> forwarding, nor is it necessary to do xhost +
> 
> Just use -X and make sure the host mentioned in the DISPLAY variable
> in the remote shell does resolve to the host you're ssh-ing from. Or
> change DISPLAY to use the IP address instead.

No, that's not right, either. If you have DISPLAY set in the environment
of the ssh client when it connects, and the remote sshd and local ssh
are instructed to allow it, ssh forwarding takes place. It gets set up
by creating a virtual X server on the remote machine and setting DISPLAY
there to that (something like remote:10.0). X clients run remotely
connect to that virtual X server, which simply acts as a sort of proxy
to send the X data through the ssh tunnel to the X server on the local
machine.

So DISPLAY won't be set to the local ssh client machine. If it is, the X
clients will be sending their data straight to the local client over the
network, in the clear! (If the local X server is set to listen for it,
which it shouldn't be, and isn't by default on recent debian systems.)

Once it's working, you shouldn't have to touch DISPLAY. (Except possibly
to make sure it's set to the right thing on the LOCAL side, before the
connection is ever attempted. That should only happen if your
environment is whacked for some other reason, though.)

good times,
Vineet
-- 
http://www.doorstop.net/
-- 
"Computer Science is no more about computers
than astronomy is about telescopes." -E.W. Dijkstra

Attachment: pgpG278kjg3Sf.pgp
Description: PGP signature


Reply to: