On Thu, 18 Sep 2003 17:30:11 -0600 (MDT), "Jacob Anawalt" <[EMAIL PROTECTED]> wrote in message <[EMAIL PROTECTED]>:
> > Arnt Karlsen said: > > On Thu, 18 Sep 2003 14:16:59 +0100, > > Colin Watson <[EMAIL PROTECTED]> wrote in message > > <[EMAIL PROTECTED]>: > > > >> On Thu, Sep 18, 2003 at 03:06:54PM +0200, Arnt Karlsen wrote: > >> > On Thu, 18 Sep 2003 11:42:32 +0100, > >> > Colin Watson <[EMAIL PROTECTED]> wrote in message > >> > <[EMAIL PROTECTED]>: > >> > > On Thu, Sep 18, 2003 at 12:20:37PM +0200, Arnt Karlsen wrote: > >> > > > ..."=yes", and it can be overridden with -X, is how it works > >> > > > here. ;-) > >> > > > >> > > If the server has 'X11Forwarding no', which is the default, > >> > > then nothing you do to the client, -X or no -X, will let you > >> > > forward X11 traffic. You need to configure the server with > >> > > 'X11Forwarding yes'. > >> > > >> > ..then something is wrong here, because I ssh -X all I like from > >> > my X11Forwarding=no boxes. ;-) > >> > >> *From* your 'X11Forwarding no' boxes? The client makes no > >> difference, it's the sshd_config on the server, the box you're > >> connecting *to*, that matters. > > > > ..yep, I own all but 2 boxes in my lab, and have root access > > on all, and I see no X11Forwarding here. > > no X11Forwarding as in the line isn't in the file, or as in: > X11Forwarding no ..the latter, I found one of my boxes having "yes". > > > >> Also, you'd only notice a problem when you tried to open an X > >> client over the ssh connection. > > > > ..yeah, I was half way back to RH before I picked up the "-X" > > here in DU, does not neccesarily mean I got it right, though. > > > > Wow, something must be wrong > > ..unless > > you're not looking at /etc/ssh/sshd_config, but instead looking at > /etc/ssh/ssh_config and mixing X11Forwarding up with ForwardX11. ..nope, and the same boxes have ForwardX11 no, except the one with "X11Forwarding yes" in sshd_config. > I doubt that, but it's the only non-code-issue I could think of short > of some non-standard /etc/init.d/ssh file with say "ssh -o > 'X11Forwarding yes'". If the X11Forwarding line isn't even in the > file, then maybe sshd has been recompiled with X11Forwarding as the > default? (Woody defaults to 'no' as far as I can tell) ..correct, but the other boxes are clusterKnoppix'es, the "yes" one has cooked clustering, I screwed up the update job. > (Sorry, I just had to use '..' ;) ) .. ;-) > > When I set /etc/ssh/sshd_config > X11Forwarding no > > and restart the sshd service, the next time I connect with ssh -X (or > without that and ~/.ssh/config ForwardX11=yes or that set in the > /etc/ssh/ssh_config) I see that $DISPLAY isn't set. xclock of course > says"Error: Can't open display". I set $DISPLAY to localhost:10.0 (the > first offset set in my sshd_config file and no one else is sshing to > the machine) and xclock says "Error: Can't open display: > localhost:10.0". I change the setting back to X11Forwarding yes, > restart sshd. Disconnect, reconnect with forwarding requested by my > client ssh session and $DISPLAY is auto-set to localhost:10.0 and > xclock works. ..correct, this is what nearly had me drop Debian for RH, and I still get this when su'ing another user, I set up several users so I could "su - arnt" etc for the various stuff I do, and have several differing setups for each task, I can do this with "ssh -X [EMAIL PROTECTED] app &", but I prefer "su - user" on the localhosts, less typing. > This is ssh'ing to a (OpenBSD Secure Shell server) Debian stable > 'Woody' system with the ssh 3.4p1-1.woody.2 update. It worked this way > before the update as well. I don't have a 'Sid' system nearby to test > on. > -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
