Re: X/ssh by port forwarding?

From: Atro Tossavainen (Atro.Tossavainen+news_at_helsinki.finland.invalid)
Date: 04/21/04

  • Next message: Yh Chen: "Looking for good Snapshot software on RH 9.0" 
    Date: 21 Apr 2004 15:54:56 +0300

    kevincpyeung1974-usenet@yahoo.com.sg (Kevin Yeung) writes:

    > home> xhost +work
    > work> ssh -L 6001:127.0.0.1:6001 home
    > work> xterm -display :1
    > xterm Xt error: Can't open display: :1

    With "home> xhost +work", you've allowed the (presumably public) IP
    address of your work machine to start X clients on your home display,
    with no benefit of SSH protection whatsoever. You don't have to do
    it, it does not help in the case at hand at all, and you should probably
    not be using xhost for anything, ever, if you can avoid it.

    "-display :1" is trying to connect to a socket, not the TCP port 6001.
    You need to specify a display that uses the TCP transport:
    "-display 127.0.0.1:1"

    And even then, the "xclient -display 127.0.0.1:1" would be asking to
    connect to 127.0.0.1:6001 on your home machine, and the connection
    would not be coming from the work address, but from 127.0.0.1, localhost,
    which is why "xhost +work" is useless, in addition to being generally
    harmful.

    Then there's the problem that nobody is listening on :1 on your _home_
    machine (you forwarded to localhost:6001). You would have to have
    another X server running for that to be the case. You probably wanted
    to "ssh -L 6001:localhost:6000 home" at work, instead.

    All this being done, it does work, but I can't seem to find the right
    xauth spells to get it to work without "xhost +localhost" (on the
    equivalent of your home machine). If there is nobody else on your
    home machine, you can do "xhost +localhost" without exposing yourself
    to too much trouble, but if the originating machine is being used by
    more people than just yourself, you don't want to do it. 

    -- 
Atro Tossavainen (Mr.)               / The Institute of Biotechnology at
Systems Analyst, Techno-Amish &     / the University of Helsinki, Finland,
+358-9-19158939  UNIX Dinosaur     / employs me, but my opinions are my own.
< URL : http : / / www . helsinki . fi / %7E atossava / > NO FILE ATTACHMENTS
  • Next message: Yh Chen: "Looking for good Snapshot software on RH 9.0"

    Relevant Pages

    • Re: X access control
      ... I have to execute "xhost +localhost" everytime I start a ... Most X servers are started with ... "xhost +" removes all access control, ...
      (comp.os.linux.x)
    • Re: [SLE] red-carpet question
      ... > After adding localhost to the access crontrol list ... > Error importing gtk: could not open display ... Now it is "xhost +local:localhost" ... Mail has the best spam protection around ...
      (SuSE)
    • xhost working differently under Debian?!
      ... on one type 'xhost + localhost' ... I always need to enter 'xhost +' and then it works. ... # `info libc "Name Service Switch"' for information about this file. ... La violence est le dernier refuge de l'incompetence. ...
      (Debian-User)
    • Re: [SLE] 9.1 and lack of Gnome
      ... Tried installing XD2 and it won't go. ... localhost being added to access control list ... either you have no DISPLAY variable set or the root user does not ... Run 'xhost +localhost' ...
      (SuSE)
    • Re: [SLE] 9.1 and lack of Gnome
      ... brooks@84:~> xhost +localhost ... either you have no DISPLAY variable set or the root user does not ...
      (SuSE)