Re: problem with X forwarding

From: Ranjeet Shetye (ranjeet.shetye2_at_zultys.com)
Date: 08/25/03

  • Next message: Rio Martin: "OpenSSH 3.6.1 with PAM" 
    To: secureshell@securityfocus.com
Date: 25 Aug 2003 11:40:31 -0700

    On Mon, 2003-08-25 at 08:58, Rajeev Kumar wrote:
    > Make sure ssh was able to setup X11 tunnel. ssh usually have some entry
    > in /etc/sshd_config file.
    >
    > X11DisplayOffset 10
    >
    > which says how it is going to listen for X11 connection like in above
    > case it is going to listen at port 6010 (offset 10 from std X11 port
    > 6000). SO after you ssh to server then at server try one of this.
    >
    > telnet localhost 6011
    > (Looks like in your case it offset is 11)
    > see if this gives something like this.
    >
    > Trying 127.0.0.1...
    > Connected to localhost.
    > Escape character is '^]'.
    > ^]
    >
    > if not than there is a problem in binding this port, try some other
    > offset value, other than 6000. Also on machine A try
    > xhost + (I don't think if this is a problem as ssh X11 is little different)
    >
    > hope this helps to start debugging.
    >
    > Rajeev
    >
    >
    > Pupeno wrote:
    > > I don't know if this is the right list to post about this problem, but I'm
    > > reaching the desperate state.
    > > I'm ssh from computer A to computer B, running a X application in B expecting
    > > to be shown in A's X server.
    > > X forwarding is enabled in both computers, A and B in both,
    > > /etc/ssh/ssh_config and /etc/ssh/sshd_config.
    > > But when I run the application a get this error:
    > > _X11TransSocketOpen: socket() failed for tcp
    > > _X11TransSocketOpenCOTSClient: Unable to open socket for tcp
    > > _X11TransOpen: transport open failed for tcp/localhost:11
    > > Error: Can't open display: localhost:11.0
    > > Do you have any idea of what may happen ?
    > > In A, I was able to connect when I was running Ark Linux, the problem appeared
    > > when I installed Gentoo so, I may say, the problem is in A since B didn't
    > > suffer any deep change.
    > > Any clue would be nice.
    > > Thanks.
    > > --
    > > Pupeno: pupeno@pupeno.com
    > > http://www.pupeno.com
    > > ---
    > > Help the hungry children of Argentina,
    > > please go to (and make it your homepage):
    > > http://www.porloschicos.com/servlet/PorLosChicos?comando=donar

    Actually I dont think that's the problem.

    His error is: "Error: Can't open display: localhost:11.0"

    Pupeno:

    All X clients use the DISPLAY variable. Your DISPLAY variable is
    currently set to "localhost:11.0", which is typical for an automatically
    set DISPLAY var, and which means that your client will try to connect to
    an X server which is on the same host as the client. You dont want this.
    What you want is for your X Client to connect to a remote X Server.

    You will need to pass the DISPLAY var along with the rest of the
    environment when you initiate the SSH connection e.g. xterm takes a
    "-display displayname"

    in Csh/Tcsh
    setenv DISPLAY "<X-Server-IP-Address>:0.0"
    should work

    For Bash/Ksh/sh
    DISPLAY="<X-Server-IP-Address>:0.0"; export DISPLAY
    should work

    The way you setup the DISPLAY var will depend on how you are creating
    the client-server SSH link.

    Also, use "ssh -X" will ensure that X11 forwarding will take place (as
    long as the server allows it? - not sure on this count). I know you've
    set your sshd_config and ssh_config, but use -X until testing is
    complete.

    Now, on the server side too, you'll need to do a little more work.

    Look into using "xhost" on the X server side, using "xhost +" or "xhost
    + <X-Client-IP-Address>" (more secure). This is needed to let an X
    Client connect to your X Server. Running just "xhost" will tell you wht
    the current settings are.

    HTH 

    -- 
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.
  • Next message: Rio Martin: "OpenSSH 3.6.1 with PAM"

    Relevant Pages

    • Re: Explanation of SSH
      ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
      (comp.security.ssh)
    • Re: ssh security question
      ... In my case - the client is a windows client and the ssh is embedded into the windows nx client. ... Is there any reason I can't run ssh-keygen on the server and copy the private key to the client - and the public key to the "authorised" directory? ... sniffer can catch your passwords, and it would make it trivial to log in ...
      (SSH)
    • Re: Trouble with X11 over SSH on Mandriva 2010.0
      ... If next clean install/update causes ssh to break, ... installed the sshd daemon/service package (OpenSSH Server) on the server. ... correct values for client and server. ...
      (comp.os.linux.networking)
    • Re: Publishing a SSH Server
      ... Your unix box cannot reply to SSH request, ... Create a client address set for your unix box (ip address from to are the ... Jim Harrison [ISA SE] ... In that case the server is a SecureNET client but still it doesn't work.... ...
      (microsoft.public.isa.publishing)
    • Re: FC6 VPN
      ... Then you can run any application you would like off the server by simply running it, or if you want to run a whole session, use gnomesession. ... ssh client that supports X forwarding, which is want you want to be looking at. ... SSH allows you to forward any local port to any remote port. ... If you need to connect to, say a windows share, you would forward your local port to the linux server through the ssh tunnel. ...
      (Fedora)