X11 Forwarding working with Cygwin, Failing under Linux
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
X11 Forwarding working with Cygwin, Failing under Linux
Hi,
I have a problem with X11 forwarding. The thing is that when I'm connecting to a remote network via VPN, connect, using the VPN tunnel, to a machine in the remote network using SSH. This fare everything is fine. The problem begins when exporting the display it fails when making the connection from my Linux machine. However, when trying the same thing using cygwin under Windows XP, and setting xhost+ everything works fine, including exporting the display.
I have checked that the display is setup correctly on the remote machine and also successfully exported the display from other remote machines (not through the VPN tunnel) to my local Linux station. So I'm very confused, why is it working with cygwin when it fails under in Linux?
I get the same results with SUSE 10.0, 10.1, and 10.2. I have tried both 64 and 32 versions. I have connected my machine to two different network , one that I know is free from any filtering on my side.
Please, if anyone have any suggestions it would be really helpful.
I'm actually using xhost+<hostName> so its not that bad. Anyway, I tried using the debug flag in SSH as you suggested. I compared it to the debugg information from cygwin and noticed the following differenes:
LINUX (SUSE 10.1):
debug2: callback start
debug2: x11_get_proto: /usr/X11R6/bin/xauth list :0.0 . 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 0
debug2: client_session2_setup: id 0
Cygwin:
debug2: callback start
debug2: x11_get_proto: /usr/X11R6/bin/xauth list 127.0.0.1:0.0 2>/dev/null
Warning: No xauth data; using fake authentification data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 0
debug2: client_session2_setup: id 0
The second line seam to contain a reference to local host in the cygwin case while it is blank in the Linux case, could this be the source to my problems? How can I change this setting?
Quote:
Originally Posted by nx5000
There is no need for xhost + Doing "xhost +" opens your screen to everybody!!
Try to get more info by using this:
ssh -vvv -X user@server
Now when you log on using the linux client (with ssh -Xvvv ..), can you try several checks:
* echo $DISPLAY
* netstat -lapute | egrep ":60..\ "
* Open an xterm and look at the debug messages.
If you get $DISPLAY=server_name:10.0 then you should have a port 6010 openened when looking at the netstat.
If it's for example server_name:14.0 then port 6014 should be opened.
ps:
NO xhost at all is needed. Even under cygwin, it should work without it. I don't understand this.
Ok, I tried it and got the following results. Zoe is the name of my machine, its in the host tabel of the remote machine.
echo $DISPLAY
zoe:0.0
netstat -lapute | egrep ":60..\ "
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 <remoteMachine>:6011 *:* LISTEN <userX> 378015182 -
tcp 0 0 <remoteMachine>:6012 *:* LISTEN <myUserName> 378444281 -
tcp 0 0 <remoteMachine>:6013 *:* LISTEN <myUserName> 377993118 -
udp 0 0 *:609 *:* root 2631564 -
Ok I think I understand why you needed to do a xhost + to work.
Currently, your X connection is not forwarded by ssh so your traffic is not encrypted.
What you want to do is this:
xterm displays to server:6010.
server:6010 gets tunneled in ssh through client:6000
What you are now doing is this:
xterm displays to client:6000
As xterm is run by another user that the user that has started the Xserver on client, you need to allow him to connect by doing xhost+
You are sure that you do:
ssh -X
or
ssh -Y
If yes, you have to recheck with
ssh -vvv the lines for forwarding
Quote:
I tried setting the display to zoe:12.0 and zoe:13.0 as well but there was no change :-(
No, it's supposed to be server:12.0 (reread my comments before about the tunnel)
Then server:12.0 will connect to serverip:6012 (which is in fact 127.0.0.1:6012). This stream will get tunnelled by ssh server back to ssh client. When ssh client receives X traffic, it forwards it to zoe:0.0
Hum, hope you got at least half of what I explained
After carefully reading your excellent advice i noticed that the display variable on my server was set to the client machine for some reason wheres according to you should be the server. Changing this solved everything!
Thank you so much for your help nx5000, this has really helped me a lot!
Quote:
Originally Posted by nx5000
I made the test myself, this is what I get:
And it works.
Now when you log on using the linux client (with ssh -Xvvv ..), can you try several checks:
* echo $DISPLAY
* netstat -lapute | egrep ":60..\ "
* Open an xterm and look at the debug messages.
If you get $DISPLAY=server_name:10.0 then you should have a port 6010 openened when looking at the netstat.
If it's for example server_name:14.0 then port 6014 should be opened.
ps:
NO xhost at all is needed. Even under cygwin, it should work without it. I don't understand this.
Ok, carefully reading your previous answer got me on the right track and I think that I can follow your explanation. When changing the display settings I did not need the xhost+ anymore either, so now its not only working, ist secure as well :-)
Once again, I'm extremely grateful! I would not have figured this out myself...
Quote:
Originally Posted by nx5000
Ok I think I understand why you needed to do a xhost + to work.
Currently, your X connection is not forwarded by ssh so your traffic is not encrypted.
What you want to do is this:
xterm displays to server:6010.
server:6010 gets tunneled in ssh through client:6000
What you are now doing is this:
xterm displays to client:6000
As xterm is run by another user that the user that has started the Xserver on client, you need to allow him to connect by doing xhost+
You are sure that you do:
ssh -X
or
ssh -Y
If yes, you have to recheck with
ssh -vvv the lines for forwarding
No, it's supposed to be server:12.0 (reread my comments before about the tunnel)
Then server:12.0 will connect to serverip:6012 (which is in fact 127.0.0.1:6012). This stream will get tunnelled by ssh server back to ssh client. When ssh client receives X traffic, it forwards it to zoe:0.0
Hum, hope you got at least half of what I explained
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.