No, don't use xhost + The entire point of using ssh for X11 forwarding is that the ssh connection comes from a local process - you don't have to accept outside X11 connections.
xhost + is used specifically for accepting X11 connections that _don't_ come from a local process (e.g not over your SSH session). If for some reason the X11 connections are failing to be forwarded over the SSH tunnel, xhost + will fix X11 functionally, but it will do it by bypassing the entire SSH tunnel. Mark On 4/18/06, Jason Mitchell <[EMAIL PROTECTED]> wrote: > Hi Nader, > > on the host you're ssh'ing from try issuing "xhost +" prior to ssh'ing, eg: > > yourdesktop # xhost + > yourdesktop # ssh -X [EMAIL PROTECTED] > > Regards, > > Jason > > Nader Amadeu wrote: > > >Hi all, I've googled for more than a week trying to > >fix this SSH X11 tuneling problem. > >I appreciate some help and thank you in advance. > > > >I have a remote Solaris 9 with the following options in /etc/ssh/sshd_config: > >X11Forwarding yes > >X11DisplayOffset 10 > >ForwardX11Trusted yes > > > >Then I ssh it from my local desktop: (only most important lines here) > > > >[localdesktop]% ssh -vvv -XY [EMAIL PROTECTED] > >OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004 > >debug1: Reading configuration data /etc/ssh/ssh_config > >debug2: ssh_connect: needpriv 0 > >debug1: Connecting to remoteserver [ip.address.here] port 22. > >debug1: Connection established. > >debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2 > >debug1: match: OpenSSH_4.2 pat OpenSSH* > >debug1: Enabling compatibility mode for protocol 2.0 > >debug1: Local version string SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903 > >debug2: fd 3 setting O_NONBLOCK > >debug1: Authentication succeeded (publickey). > >debug1: channel 0: new [client-session] > >debug3: ssh_session2_open: channel_new: 0 > >debug2: channel 0: send open > >debug1: Entering interactive session. > >debug2: callback start > >debug2: x11_get_proto: /usr/X11R6/bin/xauth list :0.0 . 2>/dev/null > >debug1: Requesting X11 forwarding with authentication spoofing. > >debug2: channel 0: request x11-req confirm 0 > >debug2: client_session2_setup: id 0 > >debug2: channel 0: request pty-req confirm 0 > >debug2: channel 0: request shell confirm 0 > >debug2: fd 3 setting TCP_NODELAY > >debug2: callback done > >debug2: channel 0: open confirm rwindow 0 rmax 32768 > >debug2: channel 0: rcvd adjust 131072 > > > >Now in the remoteserver: > > > >[EMAIL PROTECTED] % echo $DISPLAY > > DISPLAY: Undefined variable > >[EMAIL PROTECTED] % netstat -a > > remoteserver.ssh localdesktop.51899 66608 47 66608 0 > > ESTABLISHED > > > >Even if i setenv DISPLAY to localhost:10, 11, 12 ... it does not work. > >And from this netstat output I cannot find the X11 tuneling channel. > >In another attempt below I have the following different debug messages: > > > > > >[localdesktop]% ssh -vvv -o "ForwardX11Trusted no" [EMAIL PROTECTED] > >debug2: x11_get_proto: /usr/X11R6/bin/xauth -f /tmp/ssh-9xszkw26hB/xauthfile > >generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null > >debug2: x11_get_proto: /usr/X11R6/bin/xauth -f /tmp/ssh-9xszkw26hB/xauthfile > >list :0.0 . 2>/dev/null > >debug1: Requesting X11 forwarding with authentication spoofing. > >debug2: channel 0: request x11-req confirm 0 > > > > > >and again DISPLAY is an undefined variable. > >Could anyone help me to get this X11 tunelling work? > >Thanks all very much, > >nader > > > > > > > > > > > >
