Re: remote x via ssh question

Tue, 02 Jan 2001 02:47:19 -0600 

on Mon, Jan 01, 2001 at 07:50:13PM -0600, Richard Cobbe ([EMAIL PROTECTED]) 
wrote:
> Lo, on , January 1, Forrest English did write:
> 
> > 
> > sorry about that, i should have been more specific.
> > 
> > i have my sshd_config file set up on both machines to allow X11Forwarding.
> > i am trying to connect from my desktop (thneed) to my server 
> > (truffula.net).   
> > 
> > [EMAIL PROTECTED]:~$ ssh -X truffula.net
> > [EMAIL PROTECTED]'s password: 
> > Last login: Mon Jan  1 14:41:42 2001 from 192.168.1.10
> > [EMAIL PROTECTED] forrest]$ bluefish
> > channel 0: istate 4 != open
> > channel 0: ostate 64 != open
> > Gdk-ERROR **: X connection to truffula.net:10.0 broken (explicit kill or 
> > server
> > shutdown).
> 
> Hm.  From that error, it looks like the X connection was established, then
> broken.  It's obvious that your login shell on truffula has the right
> DISPLAY setting, so I'm not entirely sure what's going on here.
> 
> > i can do it just fine if i export the DISPLAY to my ip, however i've
> > talked to several people who have told me there is no need fo this if ssh
> > is configured to forward x.
> 
> You're right, you shouldn't have to do that.
> 
> Moreover, if you *do* set DISPLAY manually (presumably to something like
> `thneed:0.0', the X messages will NOT be tunneled over ssh and will
> therefore NOT be encrypted.
> 
> Bad idea.

Good point.  I'd forgotten that.

If your networks are in direct proximate contact, then exporting your
DISPLAY variable means that X sessions are being exported over a direct
link -- not through your SSH tunnel.

I'd look at two things.

  1. If ssh is setting up the tunnel properly, it should be creating, on
     the *remote* side, an X socket under /tmp/.X11-unix, usually with a
     high number, say X64, or so.  If this doesn't exist, your X11
     forwarding is *not* being properly initialized.

  2. Run ssh with the following arguments:

         $ ssh -X -v remotehost

     ...the '-v' flag specifies verbose output.  Look to see what
     happens to your X11 forward request.  I suspect it's being denied.

Cheers.

-- 
Karsten M. Self <kmself@ix.netcom.com>    http://kmself.home.netcom.com/
 Evangelist, Zelerate, Inc.                      http://www.zelerate.org
  What part of "Gestalt" don't you understand?      There is no K5 cabal
   http://gestalt-system.sourceforge.net/        http://www.kuro5hin.org

Attachment: pgpsj57fFwkbl.pgp
Description: PGP signature

Reply via email to