On Mandrake, I could be logged in to my machine, walk across the room, log in with SSH from my G4 (under the same username) and run programs from the linux machine in Apple's X11. However, with Slackware this is not the case.

I believe the problem lies with my DISPLAY variables. X forwarding is definately on, and if I set my display variable to 0:0, I can run programs on the Slackware boxes screen from the G4 (NOT very useful). If I set the DISPLAY variable to anything else, I just get a generic "can't open display" error.

How can I define new displays, perhaps two for each user (one for local and one for ssh)?

cheers
mark

When I'm at my laptop (hplt), and using ssh, I can run x programs on my desktop (matrix) after changing the DISPLAY variable to matrix:0.0 . However I also use Mandrake, but I don't think that would matter.

Have you checked that the sshd_config settings for the Slackbox are identical to those on the Mandrake box? Are the ssh_config settings the same for the users on Slack and MDK? Is the user the same for both boxes (identical on the G4)?
What are your settings for the sshd_config on the Slackbox? on the MDK?
What are your settings for ssh_config on the G4?
You shouldn't have to change DISPLAY variables at all. Are you sure that MDK isn't setting the DISPLAY env variable for you when you ssh in?
For /etc/sshd_config:
for /etc/ssh_config or ~/.ssh/ssh_config:

Maybe I should try it without changing my DISPLAY variable.

my ssh_config has

Sorry, I should clarify. The slackware and the mandrake boxes are one and the same! I uninstalled mandrake for slackware, as it was much... well.. better!

my sshd_config on the slackware machine now has:

X11Forwarding yes #this was set to no and commented out, but i changed it anyway
X11DisplayOffset 10
X11UseLocalHost

my ssh_config on the slackware machine now has:

ForwardAgent no #just to make sure, i just noticed this was set to YES!
ForwardX11 yes #for connecting to other machines

I always connect from the G4 using:

$ ssh -Xv linuxlogik

So it's not really necessary to turn on X forwarding in the G4's ssh_config.

I'll give these new settings a go and post back.
cheers
mark

I logged in and typed "gimp" as a test.

Gtk-WARNING**: cannot open display

It says the same generic-type error for any other program requiring X.

Oh to answer a previous question: The user accounts share the same username but not the same password. I use a keypair system to login.

mark

sorry for stupid question but...
is xhost set?

xhost?

It may have crossed your mind that I've never actually had to manually configure X11 before. Mandrake did it for me, and Apple's X11 was configured too.

mark

dude,
my suggestion to you would be to add the following to you X startup script (be it .xinitrc if you start X manually or .xsession if you use *dm)

xhost name_of_your_local_box #you will need to run X apps as su
xhost remote_host_1
xhost remote_host_2


etc.
this might help.

The whole point of X forwarding in ssh is not to set xhost. xhost is a security flaw (not that X forwarding under ssh is much better, but it's better).
A (potentially silly) question: Do you have X11 running on the Mac before you ssh over? ssh ignores the forward (and thus doesn't set up the DISPLAY environment variable) if you don't have X11 running when it's invoked. Is it possible that your DISPLAY env. var. on the Mac isn't being set for some reason? I know it worked on the MDK box, but that doesn't mean MDK didn't do something funky with your logins (I don't know, anyone?).

from man ssh:

Thanks a lot everyone, I will get round to trying all of your suggestions very soon.

I was actually wondering about that comment that X over ssh isn't much better....?

I use protocol 2 and the keypair system with STRONG passphrases (Horrible multi-symbol, uppercase-lowercase plus numbers). How can X forwarding through ssh be insecure? Surely it gets encrypted exactly the same as everything else? I'm not worried about speed as I have fast ethernet and the machine can only be accessed from behind the router (local network).

mark

The X11 protocol isn't secure, so if someone can crack your remote host (the one you ssh in to), it's possible that, if you are using X11 tunneling, they can crack your local system.
Security is, at best, only as strong as the weakest link in the chain. . .

Oh sorry, I'm aware of that, but surely that would be the case with any service involving logins. I know that my boxes are mostly secure, my G4 is not running ANY services at all, you can't ssh into it or anything. I am behind a very strong hardware firewall (A nice big draytek!) and I have logs printed to hardcopy. Each machine is also running a basic firewall. I run daily security scripts to check file permissions and make sure all my software is up to date. Other than unplugging the router and keeping the machines switched off in a cupboard, there's not much more I can do!

As to your questions: I almost guarantee that Mandrake was doing something with logins. X11 is always running on my machine when I log in to a Linux box because it's just more convenient that way (in case I need to run any X apps).

mark

Correct! The best thing you can do to keep your system safe it so make regular backups so that WHEN you are cracked, you can at least recover some of your system.

When you log in to the Mac, printenv DISPLAY
If that's not set (or not set correctly), this is probably the problem.
ssh in to the Slack box and printenv DISPLAY. If this isn't localhost:11.0 (it should NOT be mac.name.org:0.0), it's not forwarding X11 through the ssh tunnel.

And weekly backups of home folders!

Something VERY odd has happened... erm... it's just started working. I've been too busy lately to really play with settings but now it just works. Gimp forwarded first time!

I wonder now if it was a file permission problem, because I modified a script recently (to actually lock things down more!). Apart from that I've done nothing else..!

Ah well, thanks for the help everyone. Off to bed.
mark