LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   sshd not talking to X-server? (http://www.linuxquestions.org/questions/linux-software-2/sshd-not-talking-to-x-server-522915/)

umichLinux 01-26-2007 01:47 AM

sshd not talking to X-server?
 
Hi all,

When I ssh into my home server from my laptop, it doesn't seem to handle X11-forwarding anymore. If I run a command like "xclock" I don't see any errors on my terminal and it acts like its running (no new command prompt), but I get no GUI. I think I've narrowed it down a little bit, but now I'm at a sticking point.

I'm running my server headless, but I know that the X11-server is running and working. I can establish a VNC desktop on the machine (X11 display :1.0), log into that and see all the graphics that I want. I also know that my laptop's ssh X11-forwarding is working because it works fine when I connect to a different server.

This used to work, so I don't understand why it won't now. I haven't made any changes that should affect it. My /etc/ssh/sshd_config still contains "AllowTcpForwarding yes" and "X11Forwarding yes" and "X11DisplayOffset 10" the command I use to connect should be correct as well "ssh -X 192.168.0.105" I have tried -Y, but that didn't fix anything.

It seems that there is some sort of a disconnect between sshd and X11 on my server, but I don't know how to get any relevant debugging output. Any thoughts or suggestions?

Thanks,

umichLinux

Brian1 01-26-2007 06:22 PM

Searching the forum here I found this one. http://www.linuxquestions.org/questi...d.php?t=451697
Check all settings and see if that works.

Brian

Hangdog42 01-27-2007 06:58 AM

Quote:

I'm running my server headless, but I know that the X11-server is running and working.
I'm going to guess that this is the problem. For X forwarding, you don't need X running on your remote machine, but you do need X running on your local machine. In other words, X must be running on the machine originating the SSH connection. X running on the SSH server is irrelevant.

umichLinux 01-28-2007 08:26 PM

Brian1: I worked through that thread, adding lines to my sshd_config and ssh_config as necessary (mine mostly matched), and it still doesn't work. "echo $DISPLAY" returns "localhost:10.0" but when I run something like xclock, it does nothing. No errors, no window, but I still have to <ctrl>-c to kill the app and get the command line back. If it would help, I can post all the relevant config files. I haven't been able to find anything wrong with them yet, though.

Hangdog42: There is an X11-server running on both client and server. Both should be working; I know that X11 is working on my laptop (originating the ssh connection). If it isn't than I don't know how all these windows are here... :P

From my laptop, I can ssh to machine Z or machine Y and get an X11 program to run. Also, if I ssh into my server from machine Z, I still can't get an X11 window. As well, if I ssh from my laptop to my server, then ssh from server to machine Z (X11 should be forwarded through the two machines back to laptop), X11 doesn't work. If I ssh directly to machine Z, or from laptop to machine Z through machine Y, X11 works.

let me paraphrase:
laptop->server BAD
laptop->Z OK
Z->server BAD
laptop->server->Z BAD
laptop->Y->Z OK

I take back what I said before, I did just get an error. (I guess Ive been too impatient until now) If I wait long enough after entering "xclock" I get a general "Error: Can't open display: localhost:10.0" Which "localhost" is that referring to? server localhost, or laptop localhost?

thanks,

umichLinux

umichLinux 01-28-2007 09:06 PM

AHA!

I tinkered some more, and I found that when I disabled the firewall around my server, it suddenly worked! My firewall rules even blocked network traffic from localhost, including, I assume, X11 connections. Now X11 connections work with the firewall up as long as I have a rule allowing all packets from localhost.

Thanks everyone!

umichLinux

(I don't remember having trouble since I put up the firewall...I guess I just haven't tried since then.)

Hangdog42 01-29-2007 06:32 AM

Depending on what you did to your firewall, this might not be a good thing. If you are really forwarding X through an SSH tunnel, you should only need to have the SSH port open on the server. The problem is that if you opened the ports that X uses, you may have significantly weakened your server's security.


All times are GMT -5. The time now is 08:49 PM.