The reason why it doesn't work is because there is authentication on the pseudo display on the ssh tunnel'd display, so only systems with the correct X authentication (usually a MIT-MAGIC-COOKIE or the like) can connect to it.
$ xhost +
$ bsub ...
If they are local to the lsf farm (ie on the same network) then you probably shouldn't be messing around with tunneled displays. You should do this:
myhost$ xhost +
myhost$ ssh launchhost
launchhost$ export DISPLAY=myhost:0.0
launchhost$ bsub ...
...and have the job display direct back to the user's computer rather than displaying unencrypted to the launch host, then tunnelling that back to the user.
If you really need to do it (ie the user is ssh'd in from a system firewalled from the internet, and the lsf node can't get directly back to it) then you need to get the xauth information into the environment, then write a "launcher" that extracts the xauth information from the shell environment, performs the xauth operation, THEN runs your xterm or whatever.
On your local machine do
xauth list $DISPLAY
and you get a reply:
mymachine.mydomain.com:0 MIT-MAGIC-COOKIE-1 37cb47264b485cd2e24ef9421def2a83
Then, on your remote machine do:
xauth add mymachine.mydomain.com:0 MIT-MAGIC-COOKIE-1 37cb47264b485cd2e24ef9421def2a83
That's all. Now you can set the display on your remote system, and processes started from that shell can display back to your originating machine. Unencrypted, of course, but it means that arbitrary people on the remote system can't interact with your display (the downside of xhost +).
Your key shouldn't change that often, but when it does, just issue on the
xauth remove mymachine.mydomain.com:0
before you add the new key.
The above is, in a nutshell, what your bsub wrapper has to do.
Last edited by mackdav; 01-09-2008 at 07:15 PM.