Re: What does "X11UseLocalhost no" do?
- From: Randy Yates <yates@xxxxxxxx>
- Date: Mon, 05 Feb 2007 22:42:06 -0500
Neil W Rickert <phishing@xxxxxxxxxx> writes:
Randy Yates <yates@xxxxxxxx> writes:
Thank you for this explanation, Richard. However, I'm afraid I still
don't quite understand.
Let me try to explain differently.
I am currently logged into my work machine from home, and I am doing
X-forwarding.
In the shell on my work machine:
% echo $DISPLAY
localhost:10
% netstat -an | grep '60.*LISTEN'
*.6000 *.* 0 0 24576 0 LISTEN
127.0.0.1.6010 *.* 0 0 24576 0 LISTEN
The first of those output lines is because I am running an
X-server on the work machine. That line has nothing to do with X
forwarding. The second line, with the "127.0.0.1.6010" corresponds
to DISPLAY="localhost:10" with the X-forwarding.
If I were to use "X11UseLocalhost no", then the output from those
commands would instead be:
% echo $DISPLAY
host:10
% netstat -an | grep '60.*LISTEN'
*.6000 *.* 0 0 24576 0 LISTEN
*.6010 *.* 0 0 24576 0 LISTEN
Note that the "10" in $DISPLAY could be 11, 12, ... in which case
the corresponding netstat line would be for port 6011 or 6012 or ...
In that scenario I *was* running xclients on the local host, i.e., on
host.dst. The DISPLAY.dst variable was set to localhost:10.0 and
127.0.0.1:10.0 and in both cases X client connections were refused
when the X11UseLocalhost yes option was set in sshd_config.dst.
Your $DISPLAY looks okay.
When you say "connections were refused", this could mean either of
two things. It could mean that the network connection was refused,
or it could mean that authentication was refused by the X-server.
$ xterm
X11 connection rejected because of wrong authentication.
X connection to localhost:10.0 broken (explicit kill or server shutdown).
Checking "netstat" output should help. You should see a listener
on port 6010 for your DISPLAY value.
[dc_admin@uspsdata ~]$ netstat -an
netstat: kvm not available
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 200.46.204.173.6010 *.* LISTEN
If there is no listener on port 6010, then your sshd server
does not allow X-forwarding. That has to be fixed in the sshd
configuration on the server. If there is a listener, but you are
not authenticating properly to the X-server, then something is
funky about .Xauthority or whatever file xauth is using.
Do you mean .Xauthority.dst? How would I investigate/fix
such a problem? And why does placing "X11UseLocalhost no"
make it work?
I hope that helps tell you what to look for.
Thanks Neil. By the way, do you know of a good tutorial on X11
operation/security? This .Xauthority file and xhosts and xauth and
blah-blah-blah constantly confuse me and I've never really understood
it all.
--
% Randy Yates % "...the answer lies within your soul
%% Fuquay-Varina, NC % 'cause no one knows which side
%%% 919-577-9882 % the coin will fall."
%%%% <yates@xxxxxxxx> % 'Big Wheels', *Out of the Blue*, ELO
http://home.earthlink.net/~yatescr
.
- Follow-Ups:
- Re: What does "X11UseLocalhost no" do?
- From: Neil W Rickert
- Re: What does "X11UseLocalhost no" do?
- References:
- What does "X11UseLocalhost no" do?
- From: Randy Yates
- Re: What does "X11UseLocalhost no" do?
- From: Richard E. Silverman
- Re: What does "X11UseLocalhost no" do?
- From: Randy Yates
- Re: What does "X11UseLocalhost no" do?
- From: Neil W Rickert
- What does "X11UseLocalhost no" do?
- Prev by Date: Re: What does "X11UseLocalhost no" do?
- Next by Date: Re: What does "X11UseLocalhost no" do?
- Previous by thread: Re: What does "X11UseLocalhost no" do?
- Next by thread: Re: What does "X11UseLocalhost no" do?
- Index(es):
Relevant Pages
|
|
