Weblog entry #10 for Utumno
See all weblog entries made by Utumno.
I know how to do it using the 'xhost' method ( http://www.debian.org/doc/manuals/reference/ch-tune.en.html#s-xhost ) but that's insecure. I would like to do that using SSH.
So I tried following a little howto from http://www.debian.org/doc/manuals/reference/ch-tune.en.html#s-xssh , i.e. I
1) set X11Forwarding and AllowTcpForwarding in remote's etc/ssh/ssh_config
2) restarted SSH on the remote comp
3) on local host, run ssh -X -l username remote.host
4) once there, I try running 'dvdstyler &' and I get
leszek@angband:~$ dvdstyler &
[1] 14114
leszek@angband:~$ Error: Unable to initialize gtk, is DISPLAY set properly?
[1]+ Exit 255 dvdstyler
leszek@angband:~$
What gives?
Comments on this Entry
$ echo $DISPLAY
if it's your ip, then let us know!
[ Parent | Reply to this comment ]
[ Send Message | View Utumno's Scratchpad | View Weblogs ]
1) I thought it does not have to be ( SHH would transparently redirect X traffic to wherever I logged on from, wouldn't it? )
2) My 'local' comp does not have a routable IP, so I can't set DISPLAY on my server to point to it
[ Parent | Reply to this comment ]
> the DISPLAY is not set, but 1) I thought it does not have to be
No, it must be. SSH will set DISPLAY to something like localhost:10.0
> 2) My 'local' comp does not have a routable IP
SSH will handle this.
Is X installed on the remote box?
[ Parent | Reply to this comment ]
You should set X11Forwarding in remote /etc/ssh/sshd_config and not /etc/ssh/ssh_config.
Could be a typo in your post though.
Did you try a verbose ssh -v -X -l username remote.host?
You should see a line like this one :
debug1: Requesting X11 forwarding with authentication spoofing.
Also, check that $DISPLAY is set on local host.
[ Parent | Reply to this comment ]
Hi,
I have this problem, too. When I try to look for that line I also find this:
Remote: No xauth program; cannot forward with spoofing.
I search for a debian package with the name xauth, but I can't find it. Installing all X11 libraries is pointless for a computer without monitor, keyboard and mouse. I only have this problem with two machines running amd64 kernel and debian etch. All other boxes are amd32 with debian sarge. Any clue, someone?
I have to manually set the DISPLAY=local.host:0.0 and to run xhost +remote.host on the local.host.
Thank you,
Ionel
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View dkg's Scratchpad | View Weblogs ]
You need to ensure that your server's /etc/ssh/sshd_config contains the line:
X11Forwarding yesModern ssh clients will also default to being very untrusting of forwarded X11 connections, which may break some poorly-written X apps. This is the ForwardX11Trusted setting, and it is a per-client setting. (read man ssh_config for details).
Note that the debian ssh packagers have decided to default ForwardX11Trusted to yes (i.e. less secure) in the standard debian openssh-client install, which is different than upstream's stated preference. You can restore upstream's preference on your machine by adding the following line to /etc/ssh/ssh_config (default settings for all clients on the system) or in ~/.ssh/config (default settings just for your account):
ForwardX11Trusted no
If you are sure that you trust the remote host, you can use -Y instead of -X in your ssh invocation to force ForwardX11Trusted to yes. But beware that doing so means that remote clients can steal or tamper with data provided by the other windows in your X11 session.
[ Parent | Reply to this comment ]
[ Send Message | View Utumno's Scratchpad | View Weblogs ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
then you can fix the problem of "DISPLAY is not set";
# set | grep DISPLAY
#
# aptitude install xutils xrsh xbase-clients
after relogin
=========================================================
/usr/bin/X11/xauth: creating new authority file /home/xqian/.Xauthority
xxxx@debian-31r3-x86:~$ set | grep DISPLAY
DISPLAY=localhost:10.0
[ Parent | Reply to this comment ]