<snip>
> to force X forwarding on; also check both the client and server config
> > files.
>
> xhost allows server in.
Ouch! "xhost" is only exceeded as a spawn-of-the-devil by Windoze!
> In the server's config (/etc/ssh/sshd_config), I
> have:
>
> X11Forwarding yes
> X11DisplayOffset 10
>
> In the client config (/etc/ssh/ssh_config), I have:
>
> Host *
> ForwardAgent no
> ForwardX11 no
> FallBackToRsh no
>
> Host server
> ForwardAgent yes
> ForwardX11 yes
Ah: this is it. the search stops on the first match, so "ForwardX11" is
taken to be "no" because "*" matches and is before "server". (RTFM ;-)
> OK, how do I find out where it is listening? /etc/services has:
>
> # xdmcp 177/tcp # X Display Mgr. Control Proto
> # xdmcp 177/udp
>
> and nothing I can detect on a simple text search ("60") in the 6000 on up
> area.
"xdmcp" is a protocol used for X terminals to get a "login" window from a
(normally) multi-user server. It's the X server (running on the terminal)
that normally listens on port 6000. It's normally "xdm" that listens on
port 177.
So, given the way "ssh" works, when it accepts a connection from a client,
*when the forwarding is turned on in the config files*, the "sshd" server
will pick the first free port starting at port number 6000 + "X11DisplayOffset"
and start listening, simulating a *local* display on "server". Any X client
programs that attempt to connect to "server:10.0" will find that port and
the data will be forwarded down the SSH tunnel to the real display.
So look at the ports listening ("netstat -an") when a SSH connection is
open and the config file has the correct order (or the "-X" is used").
> >
> > > Question: do I have to have a working X server on server for X forwarding
> > > to work?
> >
> > No. And if you don't, display 0 should work OK for a forwarded
> > connection.
>
> BINGO! I set
>
> X11DisplayOffset 0
>
> for the server, and I can run "ssh -X -f server emacs" sucessfully. But:
> "ssh -f server emacs" fails. As does "ssh server emacs". (And ssh never
> forks into the background.)
The "-X" flag overrides config file setting, so it should work. The
failures are explained by the order problem in the client config file.
Now, I suspect we have another problem because it should work with
"X11DisplayOffset" set to "10". I wonder if someting is modifying
the "DISPLAY" variable on "server" spmewhere in a login script.
> Now, with this at least partially working, I still have some questions:
>
> 1) Should I leave the "X11DisplayOffset" value alone on server. It will
> never have a X server of its own, so this is fine. Is this the
> appropriate setting for a computer with no X server? But suppose later
> on I want to use ssh on another machine which does have an X server?
> Should I set that machine's "X11DisplayOffset" to 0 also, or leave it
> at 10?
Shouldn't really matter - not if it was working properly; although not
using "0" does help imply to human users that it's *probably* not a real
X display. Having the offset does keep SSH sessions clear of any (other)
late-starting X servers or X server simulators like VNC.
> 2) Assuming we get this working, is it a candidate for the FAQ?
>
> 3) When I shut down the tunneled emacs, I get:
>
> root@charlesc # ssh -X server emacs
> root@server's password:
> channel 1: chan_shutdown_read: shutdown() failed for fd8 [i1 o128]: Transport
>endpoint is not connected
> Connection to server closed by remote host.
>
> Is this OK? It looks like a typical abrupt shutdown to my inexpert eyes.
Not normal. I'm not sure what's going on here. I've not seen it before.
> > > I do not have one on server because it is a 486, with limited
> > > RAM, which I intend to use as a firewall and I have no reason to want an X
> > > server. I intend to do all of my X displaying for server (mostly emacs and
> > > Red Hat config tools) on charlesc.
> >
> > I do *exactly* what you're trying to do with a firewall myself. Except it's
> > FreeBSD instead of Linux.
>
> Ah. And does the firewall have an X server? And what is the value of its
> "X11DisplayOffset"?
No, it doesn't. And I leave it at the default "10".
<snip>
--
David Pick
