which port(s) does the X server listen on?

Fri Feb 11 21:19:25 UTC 2005

On Fri, 2005-02-11 at 15:30, Douglas Frank wrote:
> I've set xhost + (OK, I know, I'll fix the auths later) on my FC3 box
> but remote X clients are unable to display to it.  FWIW, I'm not seeing
> connection refusals; things just quietly fail to display.
> 
> I'm guessing the firewall is blocking?  Anyone know which
> ports/protocols I need to open up?

How are you trying to start up an X session?

Most of the time one would ssh to the box they want to run the
application on then start that application.  If everything is setup
correctly the display window of the program you start will be routed
back to your box over the ssh connection.  This is good for two reasons,
first your password will be encrypted and the entire session will be
encrypted.

The things you may run into include:

1. on local machine you will need to allow other systems to display X
windows on your local machine.  This is done via the xhost command as
you already found out.

2. you will need to open up port 22 (or whatever port you have
configured) for ssh access on the remote system.  You did this by
disabling the firewall but you should go back and just allow ssh access.

3. Starting with FC3 you will most likely need to specify either -Y or
-X as options on the ssh session to get it to connect successfully.  -X
sets up X11 forwarding and -Y setups up trusted X11 forwarding.

4. The first time you connect you will be prompted to setup an
certificate or key with that system.  If the machine has been locked
down tight you may not be able to do this on the fly, it may require you
to copy the certificate to the known_hosts file by hand.  But the
default setup should let you do this on the fly.

5. The display variable must be setup on the remote system correctly. 
In the past this used to be a problem and required modifying various
startup scripts and such.  The ssh being used now does most of this for
you so you should not have to worry about that.  (echo $DISPLAY to see
what is set for this)

6. You may also want to modify the ssh_config file to enable X11
forwarding and compression.  I think by default this is not set up.  Of
course if you use the -X or -Y options I think this is taken care of.

7. For security reasons you should modify the sshd_config file to
disallow root logins over ssh.  You can further restrict which local
accounts can use ssh and this is a good idea.  If you system is exposed
to the Internet there are any number of scripts that knock on port 22
looking for poor passwords on well known accounts setup to accept ssh.

-- 

Response brought to you by AutoReponder 0.1
a product of Magic-8-ball productions.
(version 0.2 will feature correct answers!)