[plug] ssh & X window

Christian christian at amnet.net.au
Thu Oct 18 11:02:53 WST 2001 

On Thu, Oct 18, 2001 at 10:12:28AM +0800, skribe wrote:
 
> From the FAQ at:
> 
> http://www.openssh.org/faq.html#2.7
> 
> Check your ssh_config and sshd_config. The default configuration files 
> disable authentication agent and X11 forwarding. To enable it, put the line 
> below in sshd_config (server machine):
> 
> X11Forwarding yes 
> 
> and put the following lines in ssh_config (client machine):
> 
> ForwardAgent yes
> ForwardX11 yes 

Actually, I have read the docs (although not the FAQ).

diffie:~$ grep Forward /etc/ssh/ssh_config 
### ForwardX11 & ForwardAgent
    ForwardAgent yes
    ForwardX11 yes
#   ForwardAgent no
#   ForwardX11 no
 

stallman:~$ grep Forward /etc/ssh/sshd_config
X11Forwarding yes

(diffie is the client, stallman the server.)

diffie:~$ echo $DISPLAY
:0
diffie:~$ ssh stallman
Last login: Thu Oct 18 10:26:51 2001 from diffie.murdoch.edu.au on pts/1
Linux stallman 2.2.16 #4 Fri Jun 16 00:43:17 WST 2000 i586 unknown

Copyright (C) 1993-1999 Software in the Public Interest, and others

Most of the programs included with the Debian GNU/Linux system are
freely redistributable; the exact distribution terms for each program
are described in the individual files in /usr/doc/*/copyright

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
No mail.
stallman:~$ xeyes
Error: Can't open display: 
stallman:~$ echo $DISPLAY

stallman:~$ logout
Connection to stallman closed.

diffie:~$ ssh -X stallman
Last login: Thu Oct 18 10:27:04 2001 from diffie.murdoch.edu.au on pts/1
Linux stallman 2.2.16 #4 Fri Jun 16 00:43:17 WST 2000 i586 unknown

Copyright (C) 1993-1999 Software in the Public Interest, and others

Most of the programs included with the Debian GNU/Linux system are
freely redistributable; the exact distribution terms for each program
are described in the individual files in /usr/doc/*/copyright

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
No mail.
stallman:~$ xeyes
<program runs>

stallman:~$ 

Now given the following from ssh(1):

---
X11 and TCP forwarding
If the user is using X11 (the DISPLAY environment variable is set),
the connection to the X11 display is automatically forwarded to the
remote side in such a way that any X11 programs started from the shell
(or com­ mand) will go through the encrypted channel, and the connection
to the real X server will be made from the local machine.  The user
should not manually set DISPLAY. 
---

It seems to me that there is either a bug in the software or the
documentation.

(Incidentally, in playing around with the ~/.ssh/config file just now
I've managed to get it working without the '-X' option by creating a
Host entry for stallman and explicitly requesting ForwardX11.
Previously I had only tried it using the IP address which I thought
would be the more reliable way but apparently not.  Either way, it
certainly didn't happen "automatically" as implied by the documentation.)

-- 
DSA 0x0EC1D28C: BBCB 0D79 4EBB 078A A066  7267 8BED E9D6 0EC1 D28C

More information about the plug mailing list