SSH X11 Forwarding...

[ron.peterson at yellowbank.com (ron.peterson at yellowbank.com)]

On Mon, May 26, 2003 at 01:35:31PM -0400, nmeyers at javalinux.net wrote:
> On Mon, May 26, 2003 at 01:31:13PM -0400, ron.peterson at yellowbank.com wrote:
> > On Mon, May 26, 2003 at 01:35:22PM -0700, Wizard wrote:
> > 
> > > While we're discussing SSH, I'm trying to implement X11 Fowarding on a
> > > Solaris 9 box, but can't seem to get it working. I can set my display under
> > > telnet and X is redirected to my SGI box, but when I login using SSH, the
> > > server errors with something like "Can't find display: " and there is no
> > > display set. 1.) How do I set the display (I would guess 'setenv DISPLAY
> > > ip:disp', as in telnet), and more importantly, 2.) What do I set it to
> > > (obviously the IP won't work)?
> > 
> > Might have nothing to do w/ ssh, per se - it might be an X Window System
> > authorization issue.
> 
> If the DISPLAY variable isn't set, then forwarding wasn't set up for
> this connection. Both client and server can choose whether or not to
> enable forwarding in their respective config files - you can override
> client behavior with the -X option, but you probably need to change the
> server setup on the machine you're ssh-ing to.

ssh needs to be able to find the 'xauth' program, which is controlled by
XAuthLocation in ssh_config.  If it can't find it, the DISPLAY
environment variable will not be set, regardless of sshd_config etc.
For example.  This is what I mean when I say it might have nothing to do
w/ ssh...

Another consequence of X Window System authorization issues is that when
you ssh to a box, then 'su' or 'su -' to root, say, you can't tunnel X
anymore.  If you set XAUTHORITY to the unpriviledged user's
.Xauthority file, and DISPLAY to whatever it was set to for that user,
you should then be able to tunnel..

-- 
Ron Peterson                   -o)
87 Taylor Street               /\\
Granby, MA  01033             _\_v
https://www.yellowbank.com/   ----