Talk:OpenSSH/X forwarding
From Gentoo Linux Wiki
Contents |
[edit] Can't open display?
If you get can't open display like this:
~ $ xterm xterm Xt error: Can't open display: localhost:10.0
how to verify that the DISPLAY variable points to the display created by sshd? It's not explained in the text.
- Is X11Forwarding enabled? Did you reload OpenSSH? Did you set the parameter "-X" or "-Y" on the client-side (ssh -X user@host)? If this doesn't work, try to execute xterm using "DISPLAY=:0 xterm".
- syslogd 17:33, 3 July 2008 (UTC)
[edit] Hum, how about no
for instance
root@hif hiffy # ssh -l hiffy localhost -p 8080 Password: Last login: Mon Jan 3 17:54:30 2005 hiffy@hif hiffy $ firefox & [1] 15315 hiffy@hif hiffy $ xdpyinfo: unable to open display "localhost:0.0". Unable to connect to X server (firefox-bin:15328): Gtk-WARNING **: cannot open display:
It would be nice to have something slightly more complete. -- hiffy, 03/01/05
[edit] More Switches...
I usually find it necessary to use the -X flag to SSH to get it to do X forwarding:
So instead of...
ssh hiffy@localhost -p 8080
...something like this would allow those X clients to connect to whatever X server `ssh' can see (via the DISPLAY it has in its environment)...
ssh -X hiffy@localhost -p 8080
This won't work for some programs that require elevated access to the X server. Adding the -Y switch should help in those cases:
ssh -YX hiffy@localhost -p 8080
And, since X forwarding can be slow at times (for instance, over a slow link) you can enable compression with the -C flag:
ssh -XYC hiffy@localhost -p 8080
Since this is a loopback connection, it would probably end up slowing things down, but for most normal cases, it really helps.
- chris [04/01/05] (I changed your date to the more logical d/m/y -- hiffy. Please use it :( )
[edit] Still nothin'
i.e.
hiffy@hif hiffy $ ssh -YX mog@localhost -p 8080 Password: Last login: Thu Jan 6 20:39:52 2005 from localhost mog@hif mog $ firefox xdpyinfo: unable to open display "localhost:0.0". Unable to connect to X server (firefox-bin:23268): Gtk-WARNING **: cannot open display: mog@hif mog $
However, if I do
hiffy@hif hiffy $ ssh -YX hiffy@localhost -p 8080 Password: Last login: Thu Jan 6 20:43:38 2005 hiffy@hif hiffy $ firefox xdpyinfo: unable to open display "localhost:0.0". Unable to connect to X server (firefox-bin:23324): Gtk-WARNING **: cannot open display:
but
'hiffy@hif hiffy $ DISPLAY=:0 firefox'
works, as it just it sends it to the X server running at display 0 on my machine logged on as hiffy (not what I want at all).
Any other thing I may be doing wrong? -- hiffy 06/01/04
First of all try this
edit /etc/hosts
make sure you have: 127.0.0.1 localhost and remove any other localhost i.e 192.168.x ....Best of luck.......
Make sure you leave the other addresses alone. see: man hosts for further info
[edit] Hrm...
The errors you're getting suggest that the DISPLAY variable isn't being set properly on the remote end. You may want to confirm this by first checking to see if the terminal you're running ssh from indeed has a proper DISPLAY set up.
# Before running ssh... $ echo $DISPLAY localhost:0.0 $ xdpyinfo ...lots of useless information, but no errors...
If neither of those works, you'll have to get local X-client access going first--the ssh client needs access to the Xserver before it can grant it to others. As long as you're running from an XTerm you start from within X, this shouldn't be a problem, but it's definitely something to check.
As well, you'll want to check the value of DISPLAY on the remote side of the connection:
# In the same window as the above check... $ ssh -X someuser@localhost 'echo $DISPLAY' localhost:10.0 $ ssh -X someuser@localhost xdpyinfo ...more useless information, but no errors...
The display should be something in the high range (10+). If there's anything resetting the DISPLAY (.bashrc, .bash_profile, etc) you may want to take out such initialization as it will interfere with ssh.
But before you go through all of that trouble, double check to make absolutely sure you have the following (uncommented) in your /etc/ssh/sshd_config (the sshd_config on the remote side of the connection, which, in your case is on the local machine).
X11Forwarding yes
...and note that a subsequent...
X11Forwarding no
...will likely cancel the effect.
Other than that, I'm not sure what the problem could be. You can get some diagnostic information from SSH by using the -v switch (the more v's, the more info)...there may be some hints in there.
- chris [ 07/01/04 ]
Note that there is a conflict between /etc/security/pam_env.conf and ssh X11 fowarding on most run of the mill Gentoo installs. The pam_env.conf file will generally have the following lines uncommented:
REMOTEHOST DEFAULT= OVERRIDE=@(PAM_RHOST)
DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
XAUTHORITY DEFAULT= OVERRIDE=@{XAUTHORITY}
the Display line will automatically set the DISPLAY var to <your IP>:0.0 which is great when you want to use the traditional X11 sharing on port 6000. But ssh X11 forwarding needs to have the DISPLAY var set to localhost:10.0 in order to tunnel your traffic. Commenting out this line will allow ssh to set up the env correctly.
- theGorilla [ 02/17/05]
[edit] X11UseLocalHost
try X11UseLocalHost yes
and make sure you have xauth installed, pre xorg7 you may need all of xorg installed.
[edit] This first paragraph is confusing (and probably misleading)
It is not at all clear what you are trying to do here.
It says:
you have an X application that you need to run, but there is no X-server installed on your local machine
The only reasonable way I could interpret that, is that you have the X application (say xeyes) installed on your local machine (have=have installed) but can't run it because you don't have an X server installed (i.e. - you are actually typing using a text mode terminal). Not very common situation, but does happen (e.g. when you don't have a driver for your graphics card).
However, reading on, I see that what you actually do is ssh to the remote machine, and then run the application remotely (i.e. the remote machine has xeyes), while forwarding the X communication to the X server on your local machine. Exactly the other way around.
So, you probably ment to say something like "You have X installed on your local machine, and you want to run an X application that you don't have, but is available on some remote machine you have access to"
hmm... I think the source of confusion might be that while for ssh the server (sshd) is on the remote machine and the client is local, the situation is reversed for X (X server runs locally, providing "user interaction" services for the remote client (the xeyes application)). To avoid confusion, I suggest we avoid using the term "X server" here. Use something like "X Window System" or "X display" instead.
[edit] Possibly false and dangerous
I'm not a very experienced linux user, but is it really true that you have to "Also verify that X is running without the -nolisten tcp option."? I just tried running an application on an ubuntu server and have it forward to my screen via ssh, the -nolisten option of the remote and my local X were both set and it still works.
Short: Having X listen to a network socket (Port 6000) is not necessary and possibly dangerous). SSH X-Forwarding works without it. German SSH explanation to back this up: http://www.jfranken.de/homepages/johannes/vortraege/ssh2.de.htm
