hello all,
this question has been asked before, but after doing numerous searches here and on google i'm still coming up short on an answer.

i'd like to establish a vnc connection in order to run some X applications (file sharing agents). i'm connecting from within an internal network (10.x.x.x) to my network, which runs a firewall (IP MASQ) and forwards ports to specified machines. my workstation in the office is a winxp system (putty ssh client), and i'm attempting to connect to a slack8.1 box. btw, this all needs to be done remotely, as my network is some 3 hours away and i only go back there once every 10 days.

thus far, what i've done is this:
connect with putty. specified port 5901 in the ssh tunnel source, and my.network.com:5955 as the destination.
got the vnc binaries, and started vncserver (i've started it with and without X running in the background).
started up the windows vncviewer binary, and attempted to connect to "localhost:1".

i've tried different variations... but this seems the most promising. when i attempt to connect with the configuration above, the vncviewer process on my windows system hangs up and the process will eventually die.

so at this point i'm rather confused and stuck. i'd appreciate any advice offered. :-)

Try localhost:5901 - to reference the ssh tunnel, you need to use the whole port value, not just the display value. Another tack you could take with this is using cygwin's port of ssh and XFree86 and do it via X11Forwarding, rather than using VNC.

thanx. i decided to try the cygwin approach, as it seemed to be a little more of what i was looking for.

i got cygwin installed on my workstation, and can open up xterm to ssh into my network at home. i have enabled x11 forwarding in my /etc/ssh/sshd_config file. however, i still can't open up x applications from my home network.

is there something i'm missing?

What you have done is authorize X Forwarding on the server side.

You will have to edit the client conf file ssh_config ( on the cygwin side ) or use ssh -X -l<you> <yourserver> for it to work.

i've done that... however, when i log into my networking, using:

ssh -X -l root blah.com

i get the following error after i authenticate:

Warning: No xauth data; using fake authentication data for X11 forwarding.

ideas? :-)

That's just a warning. It comes up because the cygwin environment doesn't have a true xauth setup. The X11 Forwarding will still work. Have you tried running any X apps anyway?

Also, make sure you are actually using an X server so it has somewhere to display to. you should be running /usr/X11R6/bin/startxwin.sh or startxwin.bat to accomplish that.

One more thing, those scripts just run XWin.exe with a couple other items. try changing the XWin.exe line to include the -rootless option. It will start the X server without the root window. I guarantee you will think it's REALLY cool ;-)

unfortunately, it's still not working. i had tried to start an x app (like emacs) but without any success.

i was executing the .bat file:

:STARTUP


REM
REM Startup the programs
REM

REM Startup the X Server.

start XWin -rootless

REM Startup an xterm, using bash as the shell.
run xterm -sl 1000 -sb -rightbar -ms red -fg yellow -bg black -e /usr/bin/bash

REM Startup the twm window manager.

run twm

REM Set a background color.

run xsetroot -solid aquamarine4



should or shouldn't i have X running on the machine before i ssh into it from cygwin? login would suggest i not have it running, but you never know.

and you're right, i really do like the -rootless option much better. much easier to work with. :-)

First of all, you should NEVER allow a direct remote login as root. The first thing would be to disable root login on the server side by saying PermitRootLogin no. You should also stick to pubkeyauth and disable passwd auth if you haven't already done so. Login as a regular user and 'su -' whenever you want to become root. It may also cause problems if you login as root, since root's Xauthority data is usually not stored in ~/.Xauthority.

You should have an X server running on the ssh client side before you attempt running an x client program on the ssh server side. Have a look at the following URL for the underlying concepts.
http://www.manualy.sk/seminar/Papers96/ssh/x11.html
http://csociety.ecn.purdue.edu/~sigo...sh/forwarding/

yeah, i've heard the whole "never log in as root" argument a hundred times. i'm very paranoid about security, but am also very confident in my network security. port 22 forwards to a "gateway" box which doesn't have any sensitve information. any servers which do have info on them i want to protect use separate passwds. i'm not a newbie to *nix systems by any means, but most everything i do is from console or ssh. i'm just interested in this so i can use X applications like file sharing agents which don't really exist for console.

anyway, onward with the problem. i created a normal user and ssh'ed in as that user. when i attempted to type "xhost +" it would not work. same with xterm or any other x app.

After running startxwin.bat, you should be getting an xterm. Try running ssh -v -X user@machine (user@ is an alternate for -l user)
This will run ssh in verbose mode and will give you a LOT more information about what is going on. If it's not obvious what is wrong at that point, post the results for the rest of us to look at it.

Well, I told you because I'm paranoid about security issues too. If you are an experienced *nix user, you may understand that there is no such thing as absolute network security apart from physical disconnection to the network. And the possiblity of a direct root login is something that every script kiddie out there would consider a golden opportunity. The odds that they can spawn a root shell somehow is so much higher than otherwise. And a million network admins would swear by it. Your call.

After you logon as the normal ssh user with X forwarding enabled, type xauth list at the prompt. And post what the DISPLAY env variable holds.

try a simple xclient such as xeyes. And post the literal error message. Like rockdw suggested, increasing the verbosity of the ssh connection will also help if something isnt right.

well, you said it yourself... i'm not worried at all about script kiddies. the fact is that the best security is good password management, tight firewalling (i only allow ssh connections from trusted hosts), and minimizing your services which send plain text passwords across open networks (ftp, imap, pop3, apache auth w/o ssl). though i appreciate the advice, it's something i've heard a thousand times. in fact, many of the people who gave me the advice have since been hacked. :-)

anyway, back to the problem. :-) i decided to take one variable out of the equation and booted my laptop into slack so i could have a true x11 running. i logged into my network from aterm like so:

ssh -X -v -l jeff my.network.com

and this was the most interesting portion of the messages:

jeff@my.network.com's password:
debug1: ssh-userauth2 successful: method password
debug1: channel 0: new [client-session]
debug1: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: channel request 0: shell
debug1: channel 0: open confirm rwindow 0 rmax 16384

this was the output of xauth (before cmd prompt):

Using authority file /home/jeff/.Xauthority

but .Xauthority is an empty file. my DISPLAY variable is still "" . and when i attempt to start up some sort of X app, i get this error message:

jeff@aya:~$ xeyes
Error: Can't open display:

so i'd say the problem definitely lies on the server end, since i'm running a real x11 environment now. hmmmmmm

Sorry to hear that you have had to hear it a thousand times and you *still* havent understood. You've been lucky, because no one really wanted to break into your machine so bad Let us leave it at that.

Regarding your problem:

I have ssh-ed from my redhat desktop and even remotely to my Laptop on Slack, running sshd at port 22 . And I have configured kernels with make xconfig using X11forwarding. So believe me, if I can do it and you cant, I'm sure it is in the basics somewhere.

Boot up your laptop, logon as jeff. startx.
From within your aterm, do

and post what you see.

Also make sure that sshd is listening at 22.
by running now try ssh -X localhost and see if you can run xeyes from within the new shell.

I just ran through similar troubles and figured out that I needed to set ForwardX11 yes in my client .ssh/config

Once I did that I was golden.
Hope it helps.