DISPLAY variables on X with SSH
On Mandrake, I could be logged in to my machine, walk across the room, log in with SSH from my G4 (under the same username) and run programs from the linux machine in Apple's X11. However, with Slackware this is not the case.
I believe the problem lies with my DISPLAY variables. X forwarding is definately on, and if I set my display variable to 0:0, I can run programs on the Slackware boxes screen from the G4 (NOT very useful). If I set the DISPLAY variable to anything else, I just get a generic "can't open display" error. How can I define new displays, perhaps two for each user (one for local and one for ssh)? cheers mark |
When I'm at my laptop (hplt), and using ssh, I can run x programs on my desktop (matrix) after changing the DISPLAY variable to matrix:0.0 . However I also use Mandrake, but I don't think that would matter.
|
Have you checked that the sshd_config settings for the Slackbox are identical to those on the Mandrake box? Are the ssh_config settings the same for the users on Slack and MDK? Is the user the same for both boxes (identical on the G4)?
What are your settings for the sshd_config on the Slackbox? on the MDK? What are your settings for ssh_config on the G4? You shouldn't have to change DISPLAY variables at all. Are you sure that MDK isn't setting the DISPLAY env variable for you when you ssh in? For /etc/sshd_config: Code:
X11Forwarding yes Code:
ForwardX11 yes |
Maybe I should try it without changing my DISPLAY variable.
my ssh_config has Code:
X11Forwarding yes |
Sorry, I should clarify. The slackware and the mandrake boxes are one and the same! I uninstalled mandrake for slackware, as it was much... well.. better!
my sshd_config on the slackware machine now has: X11Forwarding yes #this was set to no and commented out, but i changed it anyway X11DisplayOffset 10 X11UseLocalHost my ssh_config on the slackware machine now has: ForwardAgent no #just to make sure, i just noticed this was set to YES! ForwardX11 yes #for connecting to other machines I always connect from the G4 using: $ ssh -Xv linuxlogik So it's not really necessary to turn on X forwarding in the G4's ssh_config. I'll give these new settings a go and post back. cheers mark |
I logged in and typed "gimp" as a test.
Gtk-WARNING**: cannot open display It says the same generic-type error for any other program requiring X. :( Oh to answer a previous question: The user accounts share the same username but not the same password. I use a keypair system to login. mark |
sorry for stupid question but...
is xhost set? |
xhost?
It may have crossed your mind that I've never actually had to manually configure X11 before. Mandrake did it for me, and Apple's X11 was configured too. mark |
dude,
my suggestion to you would be to add the following to you X startup script (be it .xinitrc if you start X manually or .xsession if you use *dm) xhost name_of_your_local_box #you will need to run X apps as su xhost remote_host_1 xhost remote_host_2 etc. this might help. |
The whole point of X forwarding in ssh is not to set xhost. xhost is a security flaw (not that X forwarding under ssh is much better, but it's better).
A (potentially silly) question: Do you have X11 running on the Mac before you ssh over? ssh ignores the forward (and thus doesn't set up the DISPLAY environment variable) if you don't have X11 running when it's invoked. Is it possible that your DISPLAY env. var. on the Mac isn't being set for some reason? I know it worked on the MDK box, but that doesn't mean MDK didn't do something funky with your logins (I don't know, anyone?). from man ssh: Quote:
|
Thanks a lot everyone, I will get round to trying all of your suggestions very soon.
I was actually wondering about that comment that X over ssh isn't much better....? I use protocol 2 and the keypair system with STRONG passphrases (Horrible multi-symbol, uppercase-lowercase plus numbers). How can X forwarding through ssh be insecure? Surely it gets encrypted exactly the same as everything else? I'm not worried about speed as I have fast ethernet and the machine can only be accessed from behind the router (local network). mark |
The X11 protocol isn't secure, so if someone can crack your remote host (the one you ssh in to), it's possible that, if you are using X11 tunneling, they can crack your local system.
Quote:
|
Oh sorry, I'm aware of that, but surely that would be the case with any service involving logins. I know that my boxes are mostly secure, my G4 is not running ANY services at all, you can't ssh into it or anything. I am behind a very strong hardware firewall (A nice big draytek!) and I have logs printed to hardcopy. Each machine is also running a basic firewall. I run daily security scripts to check file permissions and make sure all my software is up to date. Other than unplugging the router and keeping the machines switched off in a cupboard, there's not much more I can do!
As to your questions: I almost guarantee that Mandrake was doing something with logins. X11 is always running on my machine when I log in to a Linux box because it's just more convenient that way (in case I need to run any X apps). mark |
Quote:
Quote:
If that's not set (or not set correctly), this is probably the problem. ssh in to the Slack box and printenv DISPLAY. If this isn't localhost:11.0 (it should NOT be mac.name.org:0.0), it's not forwarding X11 through the ssh tunnel. |
Quote:
Something VERY odd has happened... erm... it's just started working. I've been too busy lately to really play with settings but now it just works. Gimp forwarded first time! I wonder now if it was a file permission problem, because I modified a script recently (to actually lock things down more!). Apart from that I've done nothing else..! Ah well, thanks for the help everyone. Off to bed. mark |
All times are GMT -5. The time now is 11:56 PM. |