On Sun, Oct 29, 2000 at 10:48:06PM +0000, David Pick wrote:
>
> <snip>
>
> > to force X forwarding on; also check both the client and server config
> > > files.
> >
> > xhost allows server in.
>
> Ouch! "xhost" is only exceeded as a spawn-of-the-devil by Windoze!
Ok, that's another reason I'd like to get ssh working. :-)
>
> > In the server's config (/etc/ssh/sshd_config), I
> > have:
> >
> > X11Forwarding yes
> > X11DisplayOffset 10
> >
> > In the client config (/etc/ssh/ssh_config), I have:
> >
> > Host *
> > ForwardAgent no
> > ForwardX11 no
> > FallBackToRsh no
> >
> > Host server
> > ForwardAgent yes
> > ForwardX11 yes
>
> Ah: this is it. the search stops on the first match, so "ForwardX11" is
> taken to be "no" because "*" matches and is before "server". (RTFM ;-)
Got that fixed. Oddly enough, it did not work until I restarted sshd on
"server".
>
> > OK, how do I find out where it is listening? /etc/services has:
> >
> > # xdmcp 177/tcp # X Display Mgr. Control Proto
> > # xdmcp 177/udp
> >
> > and nothing I can detect on a simple text search ("60") in the 6000 on up
> > area.
>
> "xdmcp" is a protocol used for X terminals to get a "login" window from a
> (normally) multi-user server. It's the X server (running on the terminal)
> that normally listens on port 6000. It's normally "xdm" that listens on
> port 177.
So it is irrelevant for ssh?
>
> So, given the way "ssh" works, when it accepts a connection from a client,
> *when the forwarding is turned on in the config files*, the "sshd" server
> will pick the first free port starting at port number 6000 + "X11DisplayOffset"
> and start listening, simulating a *local* display on "server". Any X client
> programs that attempt to connect to "server:10.0" will find that port and
> the data will be forwarded down the SSH tunnel to the real display.
Intersting. Except when I set the offset to 10, the display variable was
still showing server:0.0 until I found an offending line in /etc/bashrc,
at your suggestion (below).
>
> So look at the ports listening ("netstat -an") when a SSH connection is
> open and the config file has the correct order (or the "-X" is used").
>
> > >
> > > > Question: do I have to have a working X server on server for X forwarding
> > > > to work?
> > >
> > > No. And if you don't, display 0 should work OK for a forwarded
> > > connection.
As is seems to be doing.
> >
> > BINGO! I set
> >
> > X11DisplayOffset 0
> >
> > for the server, and I can run "ssh -X -f server emacs" sucessfully. But:
> > "ssh -f server emacs" fails. As does "ssh server emacs". (And ssh never
> > forks into the background.)
>
> The "-X" flag overrides config file setting, so it should work. The
> failures are explained by the order problem in the client config file.
>
> Now, I suspect we have another problem because it should work with
> "X11DisplayOffset" set to "10". I wonder if someting is modifying
> the "DISPLAY" variable on "server" spmewhere in a login script.
It is being set to 0. I found an offending line in /etc/bashrc, and
commented that out. Oddly enough, I also had to restart sshd after
removing the line.
>
> > Now, with this at least partially working, I still have some questions:
> >
> > 1) Should I leave the "X11DisplayOffset" value alone on server. It will
> > never have a X server of its own, so this is fine. Is this the
> > appropriate setting for a computer with no X server? But suppose later
> > on I want to use ssh on another machine which does have an X server?
> > Should I set that machine's "X11DisplayOffset" to 0 also, or leave it
> > at 10?
>
> Shouldn't really matter - not if it was working properly; although not
> using "0" does help imply to human users that it's *probably* not a real
> X display. Having the offset does keep SSH sessions clear of any (other)
> late-starting X servers or X server simulators like VNC.
OK, I'll leave it at 10.
>
> > 2) Assuming we get this working, is it a candidate for the FAQ?
> >
> > 3) When I shut down the tunneled emacs, I get:
> >
> > root@charlesc # ssh -X server emacs
> > root@server's password:
> > channel 1: chan_shutdown_read: shutdown() failed for fd8 [i1 o128]: Transport
>endpoint is not connected
> > Connection to server closed by remote host.
> >
> > Is this OK? It looks like a typical abrupt shutdown to my inexpert eyes.
>
> Not normal. I'm not sure what's going on here. I've not seen it before.
OK. It may not be specific to emacs, as I get the same thing with xpat2, a
very important program. :-)
>
> > > > I do not have one on server because it is a 486, with limited
> > > > RAM, which I intend to use as a firewall and I have no reason to want an X
> > > > server. I intend to do all of my X displaying for server (mostly emacs and
> > > > Red Hat config tools) on charlesc.
> > >
> > > I do *exactly* what you're trying to do with a firewall myself. Except it's
> > > FreeBSD instead of Linux.
> >
> > Ah. And does the firewall have an X server? And what is the value of its
> > "X11DisplayOffset"?
>
> No, it doesn't. And I leave it at the default "10".
I will also.
--
-- C^2
No windows were crashed in the making of this email.
Looking for fine software and/or web pages?
http://w3.trib.com/~ccurley
PGP signature
