[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: x-forwarding with ssh



* steve downes (steve@kingswayelec.co.uk) [020305 01:10]:
<snip>
> debug1: Requesting X11 forwarding with authentication spoofing.

that looks good.

> steve@gateway:~$ xterm   
> xterm Xt error: Can't open display: 
> steve@gateway:~$ vncviewer
> Error: Can't open display: 
> steve@gateway:~$ 

That looks bad. the DISPLAY variable should automatically get set to
something like remote:10.0 . ssh doesn't do this if the DISPLAY variable
wasn't already set on the local side before ssh was called. What that
means is this, pretty much:

local$ export DISPLAY=:0
local$ ssh -X remote
remote$ xterm &
(that should work)

local$ unset DISPLAY
local$ ssh -X remote
remote$ xterm
xterm Xt error: Can't open display:
(doesn't work)

one (big) clue that you have that the DISPLAY variable isn't being set
up is that it says "Can't open display: " instead of "Can't open
display: remote:10.0". You can also verify this with echo $DISPLAY. The
reason ssh doesn't set up the remote display if the local display is
unset is because it simply doesn't know where to tunnel it to! It's
the same as trying to run an xterm locally with DISPLAY unset; it just
doesn't know where to display it. Similarly, ssh doesn't know where the
near side of the tunnel opens up if DISPLAY isn't set on the local side
already in ssh's environment when it's run.

Also, please, please, PLEASE! DON'T do this:

local$ ssh remote
remote$ export DISPLAY=local:0 # DON'T EVER DO THIS!!!
remote$ xterm

As others have already explained. You might as well be using telnet.
This defeats the entire purpose of tunneling. What you'd be doing in
this case is telling the remote x client to connect directly to the
local x server using the unencrypted X protocol. If the local X server
even accepts it (woody and sid have been told not to, by default) all
the traffic sent over that connection is in the clear -- might as well
just be telnet.

good times,
Vineet

P.S. People, please remember to trim your quotations to the relevant
pieces you're replying to! Especially in long threads like this one.

-- 
Currently seeking opportunities in the SF Bay Area
Please see http://www.doorstop.net/resume/

Attachment: pgpVif7raFB_l.pgp
Description: PGP signature


Reply to: