ssh -X shop problem...
Gene Heskett
gene.heskett at verizon.net
Mon Nov 27 23:11:41 UTC 2006
On Monday 27 November 2006 11:37, Gordon Messmer wrote:
>Gene Heskett wrote:
>> Tonight I thought I'd play with emc2 a bit, but since updateing this
>> machine to FC6, somethings gone fubar in the X11 forwarding. Here is
>> whats been executed to get to the failure:
>>
>> ---------
>> [root at coyote amanda]# xhost +192.168.71.4
>> 192.168.71.4 being added to access control list
>> [root at coyote amanda]# su gene
>> [gene at coyote amanda]$ ssh -X shop
>> gene at shop's password:
>> Warning: No xauth data; using fake authentication data for X11
>> forwarding.
>
>This is the key error... When you "su" to gene on the X terminal, you've
>become a user who doesn't have access to the session's X credentials.
>"gene" can't run X applications on the local system at that point, and
>neither can he forward X over ssh.
Ok, but today, I logged in as gene (init=5 or whatever the gui login is on
kubuntu, and ran it from the local keyboard out there long enough to
carve a blast shield out of brass plate to deflect the ignition blast
away from the bottom of the scope mounted on a T-C Black Diamond 50
calibre black powder rifle. So what I'm saying is that there was no X
server running on that box until I logged in, yet the forwarding worked
well when I ssh -X gene$shop as root here. So you are correct in that I
don't understand it at all well.
>Since you've used xhost to add permission to something other than
>localhost, you probably misunderstand how X forwarding works. Under
>classic conditions, you'd use xhost to allow access from a remote host,
>such as you've done. Then you'd telnet to that system and set the
>DISPLAY variable to your X terminal and run your application. When
>forwarding X, you don't need to do either of those things. ssh uses
>your .Xauthority file on the local system, creates an .Xauthority file
>on the remote system, and sets the DISPLAY variable automatically. When
>you run an X application, it uses the .Xauthority file that ssh created
>to authenticate itself to ssh, ssh forwards its traffic to your X
>terminal over the ssh connection, and uses your original .Xauthority
>file to authenticate to your X server. Since the application connects
>from localhost, through ssh, your xhost command doesn't accomplish
> anything.
I wondered about that in the past, so I'll pull that back out of rc.local
just for test the next time I reboot this box.
>You have two options. First, and most simple, just run ssh as the user
>that you're logged in as:
>
>ssh -X gene at shop
Which works well.
>You'll then be able to run applications on shop, and display them
> locally.
>
>If you have some reason to do otherwise, you'll have to use xhost to
>allow connections from anyone on localhost:
>
>xhost +localhost
>su gene
>ssh -X shop
And this would also work? Kewl.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
More information about the users
mailing list