Re: ssh + X11
On Thu, 18 Sep 2003 17:30:11 -0600 (MDT),
"Jacob Anawalt" <jacob@cachevalley.com> wrote in message
<[🔎] 1262.192.168.1.4.1063927811.squirrel@scsi-burn.office>:
>
> Arnt Karlsen said:
> > On Thu, 18 Sep 2003 14:16:59 +0100,
> > Colin Watson <cjwatson@debian.org> wrote in message
> > <[🔎] 20030918131659.GB24193@riva.ucam.org>:
> >
> >> On Thu, Sep 18, 2003 at 03:06:54PM +0200, Arnt Karlsen wrote:
> >> > On Thu, 18 Sep 2003 11:42:32 +0100,
> >> > Colin Watson <cjwatson@debian.org> wrote in message
> >> > <[🔎] 20030918104232.GB23033@riva.ucam.org>:
> >> > > On Thu, Sep 18, 2003 at 12:20:37PM +0200, Arnt Karlsen wrote:
> >> > > > ..."=yes", and it can be overridden with -X, is how it works
> >> > > > here. ;-)
> >> > >
> >> > > If the server has 'X11Forwarding no', which is the default,
> >> > > then nothing you do to the client, -X or no -X, will let you
> >> > > forward X11 traffic. You need to configure the server with
> >> > > 'X11Forwarding yes'.
> >> >
> >> > ..then something is wrong here, because I ssh -X all I like from
> >> > my X11Forwarding=no boxes. ;-)
> >>
> >> *From* your 'X11Forwarding no' boxes? The client makes no
> >> difference, it's the sshd_config on the server, the box you're
> >> connecting *to*, that matters.
> >
> > ..yep, I own all but 2 boxes in my lab, and have root access
> > on all, and I see no X11Forwarding here.
>
> no X11Forwarding as in the line isn't in the file, or as in:
> X11Forwarding no
..the latter, I found one of my boxes having "yes".
> >
> >> Also, you'd only notice a problem when you tried to open an X
> >> client over the ssh connection.
> >
> > ..yeah, I was half way back to RH before I picked up the "-X"
> > here in DU, does not neccesarily mean I got it right, though.
> >
>
> Wow, something must be wrong
>
> ..unless
>
> you're not looking at /etc/ssh/sshd_config, but instead looking at
> /etc/ssh/ssh_config and mixing X11Forwarding up with ForwardX11.
..nope, and the same boxes have ForwardX11 no, except the one with
"X11Forwarding yes" in sshd_config.
> I doubt that, but it's the only non-code-issue I could think of short
> of some non-standard /etc/init.d/ssh file with say "ssh -o
> 'X11Forwarding yes'". If the X11Forwarding line isn't even in the
> file, then maybe sshd has been recompiled with X11Forwarding as the
> default? (Woody defaults to 'no' as far as I can tell)
..correct, but the other boxes are clusterKnoppix'es, the "yes" one
has cooked clustering, I screwed up the update job.
> (Sorry, I just had to use '..' ;) )
.. ;-)
>
> When I set /etc/ssh/sshd_config
> X11Forwarding no
>
> and restart the sshd service, the next time I connect with ssh -X (or
> without that and ~/.ssh/config ForwardX11=yes or that set in the
> /etc/ssh/ssh_config) I see that $DISPLAY isn't set. xclock of course
> says"Error: Can't open display". I set $DISPLAY to localhost:10.0 (the
> first offset set in my sshd_config file and no one else is sshing to
> the machine) and xclock says "Error: Can't open display:
> localhost:10.0". I change the setting back to X11Forwarding yes,
> restart sshd. Disconnect, reconnect with forwarding requested by my
> client ssh session and $DISPLAY is auto-set to localhost:10.0 and
> xclock works.
..correct, this is what nearly had me drop Debian for RH, and I still
get this when su'ing another user, I set up several users so I could
"su - arnt" etc for the various stuff I do, and have several differing
setups for each task, I can do this with "ssh -X user@box.ip app &",
but I prefer "su - user" on the localhosts, less typing.
> This is ssh'ing to a (OpenBSD Secure Shell server) Debian stable
> 'Woody' system with the ssh 3.4p1-1.woody.2 update. It worked this way
> before the update as well. I don't have a 'Sid' system nearby to test
> on.
>
--
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Reply to: