Thanks Miles, Will implement solution for #2 ASAP.. For #1, the settings are the defaults obtained when installing from DVD (x86) -- enforcing, I think. Or is there a more specific setting I should search for? (can only access machine on working day, earliest.)
William. --- On Sat, 12/5/09, Miles O'Neal <roadkills.r...@gmail.com> wrote: From: Miles O'Neal <roadkills.r...@gmail.com> Subject: Re: one-sided ssh connection, restricted access to X. To: "William Shu" <ws...@yahoo.com> Cc: scientific-linux-us...@fnal.gov Date: Saturday, December 5, 2009, 7:22 PM For #1, what are your SELinux settings> For #2, that also applies, but... you should NOT by default be able to have other users access your X display. That's the way it is supposed to work. If you want local users to be able to access your display, type in a terminal window: xhost +localhost Then as long as the DISPLAY is :0 they should work (if SELinux isn't in the way). If you wnat DISPLAY to be set to $HOST:0 you need to type xhost +$HOST On Sat, Dec 5, 2009 at 8:58 AM, William Shu <ws...@yahoo.com> wrote: Hi, Please for help on two [related] problems (I'm probably missing something glaring!): 1) On my newly installed SL54 on a machine *not* connected to the internet, I tried to connect to a remote machine (Redhat 9) via ssh and it does not allow me. I am lost, as sshd is activated on both machines, and I had used a laptop to make the connection to the remote machine before. I can ssh connect from the Redhat 9 machine. QUESTION: What could I be doing wrong? (script of my attempts below). I can;t pick up what to do from man pages. 2) I tried to open emacs as root, but was not allowed. I was only allowed connection after I executed $ xhost + to allow everybody access. QUESTION: Is there no more secure way of enabling users on local machine to use X without having to enumerate them, or allow all to access? In the past, I've always been able to open a terminal window as root or 3rd party and use without probs. Regards, William. [...@csc101a ~]$ uname -a Linux csc101A 2.6.18-164.2.1.el5PAE #1 SMP Tue Sep 29 19:14:47 EDT 2009 i686 i686 i386 GNU/Linux [...@csc101a ~]$ [...@csc101a ~]$ ssh -XY 192.168.10.1 ssh: connect to host 192.168.10.1 port 22: Connection refused [...@csc101a ~]$ xhost access control enabled, only authorized clients can connect SI:localuser:wss [...@csc101a ~]$ xhost + access control disabled, clients can connect from any host [...@csc101a ~]$ ssh -XY w...@192.168.10.1 ssh: connect to host 192.168.10.1 port 22: Connection refused [...@csc101a ~]$ ssh -XY w...@192.168.10.1 ssh: connect to host 192.168.10.1 port 22: Connection refused [...@csc101a ~]$ ssh -XY w...@192.168.10.1 ssh: connect to host 192.168.10.1 port 22: Connection refused [...@csc101a ~]$ man xhost [...@csc101a ~]$ ssh -v -XY 192.168.10.1 OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.10.1 [192.168.10.1] port 22. debug1: connect to address 192.168.10.1 port 22: Connection refused ssh: connect to host 192.168.10.1 port 22: Connection refused [...@csc101a ~]$ ssh -vv -XY 192.168.10.1 OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.10.1 [192.168.10.1] port 22. debug1: connect to address 192.168.10.1 port 22: Connection refused ssh: connect to host 192.168.10.1 port 22: Connection refused [...@csc101a ~]$ ssh -vvv -XY 192.168.10.1 OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.10.1 [192.168.10.1] port 22. debug1: connect to address 192.168.10.1 port 22: Connection refused ssh: connect to host 192.168.10.1 port 22: Connection refused [...@csc101a ~]$ ---------- [r...@csc101a wss]# emacs & [1] 4833 [r...@csc101a wss]# Xlib: connection to ":0.0" refused by server Xlib: No protocol specified emacs: Cannot connect to X server :0.0. Check the DISPLAY environment variable or use `-d'. Also use the `xhost' program to verify that it is set to permit connections from your machine.