Re: embarrassing X question
Lo, on Thursday, July 19, Joost Kooij did write: The xfree86 packages have been changed to not accept tcp connections at all by default. Check out the -nolisten option in your xserver manual page. I don't think this holds for potato. I'm pretty certain I never explicity re-enabled it on this machine, as it's only network connection is a DSL line to the outside world, and I certainly don't want to allow random people to open X connections. However: [minbar:/etc/X11]$ netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State SNIP tcp0 0 0.0.0.0:60000.0.0.0:* LISTEN SNIP minbar:~# lsof -i :6000 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME XF86_SVGA 517 root0u IPv4374 TCP *:6000 (LISTEN) If you want to turn it back on, change /etc/X11/xdm/Xservers or /etc/X11/xinit/xserverrc, depending on how you start your xserver. I don't have kdm installed, so I normally use startx. On my machine, /etc/X11/xinit/xserverrc doesn't exist. A quick check at http://www.debian.org/Packages showed only one (potato) package which contains an xserverrc file, xbase-clients, which I installed way back when. Checked it out, and this package contains /usr/X11R6/lib/X11/xinit/xserverrc, which is a symlink to /etc/X11/xinit/xserverrc. Where should I add the `-nolisten' switch? Can I do this on the startx command line? (I already use a shell function to start x, as I switch between two different color depths, so this wouldn't be too hard.) Or is there a config file I can add this to? Richard
Re: embarrassing X question
On Thu, Jul 19, 2001 at 04:04:09PM -0400, Mike wrote: [snip] | This might be a kinda dumb question, but does X need to be running on the | remote machine? I've tried having X running on the remote machine, but it | hasn't seemed to make a difference. X must be running on the local side, obviously. It doesn't need to be running on the remote side because you aren't trying to connect to it. If the remote side is, for example, a headless system then you will have lots of trouble trying to run X on it :-). I don't know what your problem is since you seem to have the config set properly. Hmm, maybe a firewall issue? Hopefully someone with more knowledge will provide some suggestions. -D
Re: embarrassing X question (PARTIAL FIX)
Joost Kooij wrote: On Thu, Jul 19, 2001 at 08:27:49AM -0400, Richard Black wrote: > For some reason, I can no longer remote login to another terminal and > display stuff on mine! This started happening last week (with, > possibly, the changes to gdm...) > > I have tried many different things. Typical is something like: > > [local machine] > xhost + > rlogin remote > > [remote machine] > export DISPLAY=local:0.0 > nedit > > But all I get is: NEdit: Can't open display The xfree86 packages have been changed to not accept tcp connections at all by default. Check out the "-nolisten" option in your xserver manual page. If you want to turn it back on, change /etc/X11/xdm/Xservers or /etc/X11/xinit/xserverrc, depending on how you start your xserver. Generally, don't use xhost, it is not safe. Instead use xauth. Cheers, Joost Okay as I can't get xauth to work (help on this would still appreciated--see the rest of the thread for what has been tried), so I thought I would try to get rid of the -nolisten option. This was fine...I am using gdm, so if you start gdmconfig and select the expert mode, you can change this in the X-server setup tab. thanks everyone for you help. Iam still keen to get xauth working (on principal...) so if you have anyother suggestions, Iwould be happy to try them cheers Richard
Re: embarrassing X question
Lo, on Thursday, July 19, Richard Black did write: Joost Kooij wrote: Generally, don't use xhost, it is not safe. Instead use xauth. But...how do I use xauth? I have tried doing what what suggested in the man page ie variants of xauth extract - $DISPLAY | rsh otherhost xauth merge - but there still seems to be a problem. One thing I was wondering is if this works when dhcpd is used. In particular, the machine in my DISPLAY variable on the remote machine is different from the machine in the .Xauthority file (on the remote machine) Odd; this should work. What happens when you try this? The different DISPLAY settings that you describe shouldn't be a problem. The .Xauthority file can contain a list of several authentication keys, each associated with a different display. If the current display is already in the file, the associated authentication key will be overwritten; otherwise, it will be added. Use `xauth list' to see a list of what's going on here. Richard
Re: embarrassing X question
On Thu, 19 Jul 2001, Richard Black wrote: The xfree86 packages have been changed to not accept tcp connections at all by default. Check out the -nolisten option in your xserver manual page. Okay thanks! But...how do I use xauth? I have tried doing what what suggested in the man page ie variants of The both moset secure and most convenient way is to use ssh. Enable X tunnelling in the /etc/ssh/ssh_config file (set ForwardX11 to yes) and everything will be done for you---no need to set DISPLAY or use xauth or have the server listen on any tcp port. Just log in with ssh [EMAIL PROTECTED]. Walter
embarrassing X question
For some reason, I can no longer remote login to another terminal and display stuff on mine! This started happening last week (with, possibly, the changes to gdm...) I have tried many different things. Typical is something like: [local machine] xhost + rlogin remote [remote machine] export DISPLAY=local:0.0 nedit But all I get is: NEdit: Can't open display Any ideas? Help would be greatly appreciated! cheers Richard
Re: embarrassing X question
On Thu, 19 Jul 2001, Richard Black wrote: For some reason, I can no longer remote login to another terminal and display stuff on mine! This started happening last week (with, possibly, the changes to gdm...) I have tried many different things. Typical is something like: [local machine] xhost + rlogin remote [remote machine] export DISPLAY=local:0.0 nedit But all I get is: NEdit: Can't open display Any ideas? Help would be greatly appreciated! I also noticed that i lost the ability to remotely server xwindows I noticed that the /etc/X11/xinit$ xinitrc file had changed and that the nolisten command was no longer present. (which should be of concern since it now means all xsevers will serve automatically, when they should be turned off by default) I wonder if this has anythign to do with it. G
Re: embarrassing X question
On Thu, Jul 19, 2001 at 08:27:49AM -0400, Richard Black wrote: For some reason, I can no longer remote login to another terminal and display stuff on mine! This started happening last week (with, possibly, the changes to gdm...) I have tried many different things. Typical is something like: [local machine] xhost + rlogin remote [remote machine] export DISPLAY=local:0.0 nedit But all I get is: NEdit: Can't open display The xfree86 packages have been changed to not accept tcp connections at all by default. Check out the -nolisten option in your xserver manual page. If you want to turn it back on, change /etc/X11/xdm/Xservers or /etc/X11/xinit/xserverrc, depending on how you start your xserver. Generally, don't use xhost, it is not safe. Instead use xauth. Cheers, Joost
Re: embarrassing X question
On Thu, Jul 19, 2001 at 08:27:49AM -0400, Richard Black wrote: | For some reason, I can no longer remote login to another terminal and | display stuff on mine! This started happening last week (with, | possibly, the changes to gdm...) | | I have tried many different things. Typical is something like: | | [local machine] | xhost + | rlogin remote | | [remote machine] | export DISPLAY=local:0.0 | nedit | | But all I get is: NEdit: Can't open display I would use ssh instead of rlogin if you can. Also, enable the ForwardX11 option in ssh. If you do this then the display will be setup for you and it will be encrypted as well. This is also the easiest (only?) way to display stuff back on a masq'd box. -D
Re: embarrassing X question
Joost Kooij wrote: On Thu, Jul 19, 2001 at 08:27:49AM -0400, Richard Black wrote: For some reason, I can no longer remote login to another terminal and display stuff on mine! This started happening last week (with, possibly, the changes to gdm...) I have tried many different things. Typical is something like: [local machine] xhost + rlogin remote [remote machine] export DISPLAY=local:0.0 nedit But all I get is: NEdit: Can't open display The xfree86 packages have been changed to not accept tcp connections at all by default. Check out the -nolisten option in your xserver manual page. If you want to turn it back on, change /etc/X11/xdm/Xservers or /etc/X11/xinit/xserverrc, depending on how you start your xserver. Generally, don't use xhost, it is not safe. Instead use xauth. Cheers, Joost Okay thanks! But...how do I use xauth? I have tried doing what what suggested in the man page ie variants of xauth extract - $DISPLAY | rsh otherhost xauth merge - but there still seems to be a problem. One thing I was wondering is if this works when dhcpd is used. In particular, the machine in my DISPLAY variable on the remote machine is different from the machine in the .Xauthority file (on the remote machine) Is there a way to deal with this do you know? Richard
Re: embarrassing X question
D-Man wrote: I would use ssh instead of rlogin if you can. Also, enable the ForwardX11 option in ssh. If you do this then the display will be setup for you and it will be encrypted as well. This is also the easiest (only?) way to display stuff back on a masq'd box. How do you do this? I've been trying to do this for some time now with no success. Every time I get: [EMAIL PROTECTED]:~$ ssh -f hal9000 xterm [EMAIL PROTECTED]'s password: [EMAIL PROTECTED]:~$ xterm Xt error: Can't open display: hal9000:10.0 hobbiton is the local machine here, and hal9000 is the remote system I'm trying to connect to while wanting the xterm (in this case, anyway) to display here on hobbiton. I've got the ForwardX11 option set to true on both machines, both in the sshd_config and the ssh_config Is there anything else I need to do? -- Mike Werner KA8YSD | He that is slow to believe anything and | everything is of great understanding, '91 GS500E| for belief in one false principle is the Morgantown WV | beginning of all unwisdom. pgpa0yFDIxzHI.pgp Description: PGP signature
Re: embarrassing X question
Richard Black wrote: Joost Kooij wrote: On Thu, Jul 19, 2001 at 08:27:49AM -0400, Richard Black wrote: For some reason, I can no longer remote login to another terminal and display stuff on mine! This started happening last week (with, possibly, the changes to gdm...) I have tried many different things. Typical is something like: [local machine] xhost + rlogin remote [remote machine] export DISPLAY=local:0.0 nedit But all I get is: NEdit: Can't open display The xfree86 packages have been changed to not accept tcp connections at all by default. Check out the -nolisten option in your xserver manual page. If you want to turn it back on, change /etc/X11/xdm/Xservers or /etc/X11/xinit/xserverrc, depending on how you start your xserver. Generally, don't use xhost, it is not safe. Instead use xauth. Cheers, Joost On Thu, Jul 19, 2001 at 10:40:40AM -0400, Richard Black wrote: Joost Kooij wrote: Generally, don't use xhost, it is not safe. Instead use xauth. But...how do I use xauth? I have tried doing what what suggested in the man page ie variants of xauth extract - $DISPLAY | rsh otherhost xauth merge - On the machine where you are running the xserver, retrieve the auth cookie like this: xauth list | grep `hostname -f` | awk '/COOKIE/ {print $2 $3}' It should print one line. Copy that line. Then login to the remote machine and set the DISPLAY variable. Then type xauth add $DISPLAY and don't press enter, but paste the line retrieved above on the remainder of the command line to xauth and press enter. Now if you run xauth list, it should show a line for the remote display. Try xterm to see if it really works. but there still seems to be a problem. One thing I was wondering is if this works when dhcpd is used. In particular, the machine in my DISPLAY variable on the remote machine is different from the machine in the .Xauthority file (on the remote machine) As long as the remote machine knows to find the machine listed in $DISPLAY set on the remote host and it knows what the corresponding xauth cookie is for that remote display, it should work fine. The hostname in the cookie may be different on the local and the remote machine. That is not a vital part of the actual cookie. Is there a way to deal with this do you know? What are your problems still? Cheers, Joost Okay, I followed the above and now I get: [local] $xauth list torrblack1/unix:0 MIT-MAGIC-COOKIE-1 c118dfcf59431dd0b7ef738d5ea8f1df torrblack1:0 MIT-MAGIC-COOKIE-1 c118dfcf59431dd0b7ef738d5ea8f1df [remote] $xauth list tor-dhcp234:0 MIT-MAGIC-COOKIE-1 c118dfcf59431dd0b7ef738d5ea8f1df $echo $DISPLAY tor-dhcp234:0.0 $xterm xterm Xt error: Can't open display: tor-dhcp234:0.0 Is there anything I need to set on the local side to allow any remote access? thanks for you help Richard
Re: embarrassing X question
On Thu, Jul 19, 2001 at 01:25:58PM -0400, Mike wrote: | D-Man wrote: | | I would use ssh instead of rlogin if you can. Also, enable the | ForwardX11 option in ssh. If you do this then the display will be | setup for you and it will be encrypted as well. This is also the | easiest (only?) way to display stuff back on a masq'd box. | | How do you do this? I've been trying to do this for some time now with no | success. Every time I get: | | [EMAIL PROTECTED]:~$ ssh -f hal9000 xterm | [EMAIL PROTECTED]'s password: | [EMAIL PROTECTED]:~$ xterm Xt error: Can't open display: hal9000:10.0 | | hobbiton is the local machine here, and hal9000 is the remote system I'm | trying to connect to while wanting the xterm (in this case, anyway) to | display here on hobbiton. I've got the ForwardX11 option set to true on | both machines, both in the sshd_config and the ssh_config Is there anything | else I need to do? Other than enabling ForwardX11 in both the server and client (sshd and ssh) I don't think you need to do anything. What happens if you login and get a shell, then run xterm? The error message shows that DISPLAY was set properly (sshd creates a display on the server, 10.0, which it reads from, encrypts, and sends to the client who passes it on the local DISPLAY) but that display couldn't be opened. I'm wondering if maybe ssh is closing the connection too soon. On the Solaris box at school /etc/sshd_config has X11Forwarding yes X11DisplayOffset 10 On my Debian box in ~/.ssh/ssh_config I have in the section for the remote machine ForwardX11 yes On the client side you can use the -X option instead of the config file. I like the config file because my options become persistant. HTH, -D
Re: embarrassing X question
D-Man wrote: On Thu, Jul 19, 2001 at 01:25:58PM -0400, Mike wrote: | D-Man wrote: | | I would use ssh instead of rlogin if you can. Also, enable the | ForwardX11 option in ssh. If you do this then the display will be | setup for you and it will be encrypted as well. This is also the | easiest (only?) way to display stuff back on a masq'd box. | | How do you do this? I've been trying to do this for some time now with no | success. Every time I get: | | [EMAIL PROTECTED]:~$ ssh -f hal9000 xterm | [EMAIL PROTECTED]'s password: | [EMAIL PROTECTED]:~$ xterm Xt error: Can't open display: hal9000:10.0 | | hobbiton is the local machine here, and hal9000 is the remote system I'm | trying to connect to while wanting the xterm (in this case, anyway) to | display here on hobbiton. I've got the ForwardX11 option set to true on | both machines, both in the sshd_config and the ssh_config Is there anything | else I need to do? Other than enabling ForwardX11 in both the server and client (sshd and ssh) I don't think you need to do anything. What happens if you login and get a shell, then run xterm? I get the exact same error as when I try and run xterm as part of the ssh command. The error message shows that DISPLAY was set properly (sshd creates a display on the server, 10.0, which it reads from, encrypts, and sends to the client who passes it on the local DISPLAY) but that display couldn't be opened. I'm wondering if maybe ssh is closing the connection too soon. Is that something that I can fix by tweaking something somewhere? On the Solaris box at school /etc/sshd_config has X11Forwarding yes X11DisplayOffset 10 On my Debian box in ~/.ssh/ssh_config I have in the section for the remote machine ForwardX11 yes I've got the same settings on both remote and local systems, respectively. On the client side you can use the -X option instead of the config file. I like the config file because my options become persistant. This might be a kinda dumb question, but does X need to be running on the remote machine? I've tried having X running on the remote machine, but it hasn't seemed to make a difference. -- Mike Werner KA8YSD | He that is slow to believe anything and | everything is of great understanding, '91 GS500E| for belief in one false principle is the Morgantown WV | beginning of all unwisdom. pgptZzK3b5XdM.pgp Description: PGP signature