> I see to have hit an interesting problem with openssh-2.1.1p1-1 and X
> forwarding. When I use the directions in the file
> /usr/doc/openssh-2.1.1p1/README.Ylonen, I get different results:
>
> root@charlesc # ssh server echo $DISPLAY
> root@server's password:
> charlesc:0.0
Note that this is to be expected because $DISPLAY gets expanded by the
shell on "charlesc" and the command passed to "server" is:
echo charlesc:0.0
> root@charlesc # ssh -f server emacs
> root@server's password:
> _X11TransSocketINETConnect: Can't connect: errno =3D 111
> _X11TransSocketINETConnect: Can't connect: errno =3D 111
> _X11TransSocketINETConnect: Can't connect: errno =3D 111
> _X11TransSocketINETConnect: Can't connect: errno =3D 111
> _X11TransSocketINETConnect: Can't connect: errno =3D 111
> _X11TransSocketINETConnect: Can't connect: errno =3D 111
> emacs: Cannot connect to X server server:0.0.
> Check the DISPLAY environment variable or use `-d'.
> Also use the `xhost' program to verify that it is set to permit
> connections from your machine.
>
> In the first command, I have it echo $DISPLAY, which is the display on the
> machine from which I am logging in. In the second, emacs is dying after
> being unable to connect to an X server on the machine the client is
> running on, server. Is this a bug in openssh-2.1.1p1-1?
Make *sure* the X forwarding is enabled; different versions of ssh have
different defaults; try:
ssh -X -f server emacs
to force X forwarding on; also check both the client and server config
files.
> I can get a connection by setting the server explicitly:
>
> root@charlesc # ssh -f server emacs -d charlesc:0.0
> root@server's password:
>
> However three things:
>
> 1) I don't know if this is running thorugh X forwarding via SSH or
> through the standard X client-server mechanism, and
Standard X client-server in this case.
> 2) ssh does not appear to be forking into the background.
>
> 3) ssh does not appear to be setting the variable display correctly.
>
> root@charlesc # ssh -f server 'echo $DISPLAY ; emacs -d charlesc:0.0'
> root@server's password:
> server:0.0
This is correct: because of the single quote symbols the shell on "charlesc"
will *not* expend $DISPLAY on that machine but will pass the command:
echo $DISPLAY; emacs -d charlesc:0.0
to "server"; the shell on "server" will interpret $DISPLAY as "server:0.0".
*If* the "sshd" is behaving correctly it should be listening on port 6000+n
for local connections which it will forward through the SSH tunnel to
"charlesc". However, I would expect it to be listening for X display n
where n>0 and normally about 10 rather then listening for display 0.
> Question: do I have to have a working X server on server for X forwarding
> to work?
No. And if you don't, display 0 should work OK for a forwarded connection.
> I do not have one on server because it is a 486, with limited
> RAM, which I intend to use as a firewall and I have no reason to want an X
> server. I intend to do all of my X displaying for server (mostly emacs and
> Red Hat config tools) on charlesc.
I do *exactly* what you're trying to do with a firewall myself. Except it's
FreeBSD instead of Linux.
By the way, to protect my desktop machine, my "Xservers" file has the
parameter "-nolisten tcp" appended to the line starting the local server.
This stops it listening for TCP connections on port 6000 from anywhere
(either local processes or remote ones) and it only talks using the
"unix domain" socket usually named ":0.0". SSH forwards this like any
other X connection and it all works with less chance of a security hole
allowing unauthorized connections to the X display server process.
--
David Pick
