Re: ssh -X shop problem...

Gene Heskett wrote:

Tonight I thought I'd play with emc2 a bit, but since updateing this machine to FC6, somethings gone fubar in the X11 forwarding. Here is whats been executed to get to the failure:

---------
[root@coyote amanda]# xhost +192.168.71.4
192.168.71.4 being added to access control list
[root@coyote amanda]# su gene
[gene@coyote amanda]$ ssh -X shop
gene@shop's password:
Warning: No xauth data; using fake authentication data for X11 forwarding.

This is the key error... When you "su" to gene on the X terminal, you've become a user who doesn't have access to the session's X credentials. "gene" can't run X applications on the local system at that point, and neither can he forward X over ssh.

Since you've used xhost to add permission to something other than localhost, you probably misunderstand how X forwarding works. Under classic conditions, you'd use xhost to allow access from a remote host, such as you've done. Then you'd telnet to that system and set the DISPLAY variable to your X terminal and run your application. When forwarding X, you don't need to do either of those things. ssh uses your .Xauthority file on the local system, creates an .Xauthority file on the remote system, and sets the DISPLAY variable automatically. When you run an X application, it uses the .Xauthority file that ssh created to authenticate itself to ssh, ssh forwards its traffic to your X terminal over the ssh connection, and uses your original .Xauthority file to authenticate to your X server. Since the application connects from localhost, through ssh, your xhost command doesn't accomplish anything.

You have two options. First, and most simple, just run ssh as the user that you're logged in as:

ssh -X gene@shop

You'll then be able to run applications on shop, and display them locally.

If you have some reason to do otherwise, you'll have to use xhost to allow connections from anyone on localhost:

xhost +localhost
su gene
ssh -X shop


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: ssh -X shop problem...
    ... somethings gone fubar in the X11 forwarding. ... When you "su" to gene on the X terminal, ... neither can he forward X over ssh. ... classic conditions, you'd use xhost to allow access from a remote host, ...
    (Fedora)
  • Re: ssh -X shop problem...
    ... Ok, but today, I logged in as gene (init=5 or whatever the gui login ... the forwarding worked well when I ssh -X gene$shop as root here. ... just fine without that xhost bit. ... Copyright 2006 by Maurice Eugene Heskett, ...
    (Fedora)
  • X11 Forwarding with OpenSSH
    ... We are able to do the X11 forwarding and it works as the user ... go into the environment as their ssh IDs. ... functional accounts with no direct access into the account). ... another way to set your Display or gettaround this limitation? ...
    (SunManagers)
  • Re: X server not reponding
    ... ssh doesn't need it in order to do X11 forwarding, ... /etc/ssh/sshd_config on your remote systems. ... the client requested X11 forwarding. ...
    (Fedora)
  • Re: Piping println() through an external pager program (more, less)
    ... (but only ssh as a whole). ... you can't forward the necessary ports". ... PuTTY is a commonly used Windows client that won't accept X11 forwarding because it is text only. ... checked, and the Cygwin X11 server running on my laptop, if I type e.g. ...
    (comp.lang.java.programmer)