I have two Ubuntu 6.0.6 (Dapper) clients.
Both allow me to ssh -X to a Fedora Core 4 server.

However, only one of them allows me to display X programs on the client's display (i.e.. using the client as an X server).

I would like to make the second one work like the first one (allow X) but I have no idea how to start comparing/troubleshooting this - or where to look.

Back then, in the telnet & export DISPLAY= days, xhost+ would explain/solve such problems. Today however, I am lost.

Any clue/tip/direction on what to look for?

Thanks,
Alex

Can you open xterm on the bad client all by itself? (That is to say when you are at a command line prompt on the ubuntu client NOT after the ssh.) You'd first want to verify the client was capable of opening X sessions before troubleshooting the other end. It may be something as simple as not running X on the client in the first place.

When you DO ssh -X from the two clients what does "echo $DISPLAY" show for each of them?

Have you verified nothing in the login (bashrc, profile etc...) sets DISPLAY and overrides the tunnel DISPLAY you're trying to use?

Have you compared firewall (iptables usually) configuration of the two clients to see if there are differences?

Is either client running with SELinux enabled? Is the other?

Is there an internal router/firewall that needs to be configured?

jlightner, thank you very much for your answer.

Of course. I do that all the time. In fact, I first open an xterm, then type ssh -X user@server.


From the bad client: localhost:10.0
From the good client: localhost:11.0

(I ssh-ed from the good client, shortly I ssh-ed from the bad one and both have ssh sessions running concurrently. Could that explain the different numbers?)

Huh??? The login is the same for both (after all it's the same exact server).

Where do I check iptables configuration on Ubuntu? One of the beauties of Ubuntu is that it allows its users to be clueless about its inneworkings. I am currently in such state in certain areas. When I posted this same question on the Ubuntu forums, I got 0 responses, which may suggest that I am not alone...

As far as I know, none of the clients is running with SELinux enabled (how do I verify that?)

No.

Interestingly enough, after going through all these steps (not changing anything in the systems - just checking, of course), ssh -X now seems to be working identically on both clients! This is crazy. I have no idea what happened since I last posted my request for help. Could it be that I only have this problem if I "su" on the server? No - I just did "su" on the server (after ssh-ing from the "bad" client) and it let me invoke Emacs in X (running on the server but displayed on the client). This is crazy. I don't understand what's happening. I can swear that I did not imagine the problem.

Thanks,
Alex

If you "su -" rather than just "su" it invokes the environment of root. "su" by itself keeps your original environment including the all important DISPLAY variable.

It isn't unusual to have things in $HOME/.profile or $HOME/.bash_profile or $HOME/.bashrc etc... that tries to set DISPLAY . However it does that based on your source IP address (or hostname assuming it has a way to determine the latter). This will override the DISPLAY that is created by the tunnel which as you see is actually "localhost" (127.0.0.1). Since this default type of DISPLAY isn't the one the tunnel opened it won't work.

Sometimes files will have lines that do something like:
if [ `tty -eq /dev/pts/0 ]
then export DISPLAY=myhost:0.0
fi

If so it would have overridden your DISPLAY even though you were the same user both times if you came in on /dev/pts/0 on the "bad" system but as /dev/pts/1 on the "good" system. However I don't think that happened to you - just explaining why I asked that question.

At command line if you have iptables you can run "iptables -L" to see its config. (The GUI for this is called Firestarter.)

SELinux isn't an issue since it works now.

I suspect your issue was the "su" vs "su -" thing above.

P.S. For most commands you can do "man <command>" or "info <command>" to get a lot of detail. On Linux info typically provides at least the man page and sometimes more detail. In UNIX only man is available.

So to get more information about iptables:
man iptables
-OR-
info iptables