[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: x-forwarding with ssh

On Fri, 1 Mar 2002, Tom Cook wrote:

>> Currently when I try to run X apps via an ssh login I get the error message
>>   xterm Xt error: Can't open display:

>desk.host: # xhost +remove.host.domain.com
>desk.host: # ssh -X remote.host.domain.com -l myaccount
>myaccount@remote.host.domain.com's password: ********
>remote.host: # export DISPLAY=desk.host:0.0
>remote.host: # xterm &

This is wrong. You don't need to do anything with xhost _at_all_ on a
properly setup box. I will call xauth for you. If the DISPLAY variable is
not set, it is because the client/server is not setting it, and something
want to use it on the server side.

Make sure that you're client is asking for X-Forwarding. You can do this
manually using -X to enable it, or doing it in /etc/ssh/ssh_config. This
is best done on a server-by-server basis, since it can lessen your
security to allow all servers to interact with your X server is not a good
idea on untrusted hosts.

You also need to make sure that X Forwarding is set on the server, by
editing /etc/ssh/sshd_config, and setting these lines as so

X11Forwarding yes
X11DisplayOffset 10

Also note that if you're using private/public keys to authenticate, then
features such as X-Forwarding can be disabled for various keys.

To test it (if by now it doesn't work), start ssh with the -v flag. This
will print out verbose messages (debugging really, however, there is a
more detailed mode called debugging also). On the server, if you
'/etc/init.d/ssh stop' the server, then run the server as 'sshd -Dd', you
will get a one-time debugging run of the server. This will very likely
give you the information you need to solve the problem.

I suggest having a read of 'SSH: The Definitive Guide', published by
O'Rielly. I found it very enlightening reading.

Hope this helps.

Cameron Kerr

Reply to: