ssh -X shop problem...
Gordon Messmer
yinyang at eburg.com
Mon Nov 27 16:37:16 UTC 2006
Gene Heskett wrote:
>
> Tonight I thought I'd play with emc2 a bit, but since updateing this
> machine to FC6, somethings gone fubar in the X11 forwarding. Here is
> whats been executed to get to the failure:
>
> ---------
> [root at coyote amanda]# xhost +192.168.71.4
> 192.168.71.4 being added to access control list
> [root at coyote amanda]# su gene
> [gene at coyote amanda]$ ssh -X shop
> gene at shop's password:
> Warning: No xauth data; using fake authentication data for X11 forwarding.
This is the key error... When you "su" to gene on the X terminal, you've
become a user who doesn't have access to the session's X credentials.
"gene" can't run X applications on the local system at that point, and
neither can he forward X over ssh.
Since you've used xhost to add permission to something other than
localhost, you probably misunderstand how X forwarding works. Under
classic conditions, you'd use xhost to allow access from a remote host,
such as you've done. Then you'd telnet to that system and set the
DISPLAY variable to your X terminal and run your application. When
forwarding X, you don't need to do either of those things. ssh uses
your .Xauthority file on the local system, creates an .Xauthority file
on the remote system, and sets the DISPLAY variable automatically. When
you run an X application, it uses the .Xauthority file that ssh created
to authenticate itself to ssh, ssh forwards its traffic to your X
terminal over the ssh connection, and uses your original .Xauthority
file to authenticate to your X server. Since the application connects
from localhost, through ssh, your xhost command doesn't accomplish anything.
You have two options. First, and most simple, just run ssh as the user
that you're logged in as:
ssh -X gene at shop
You'll then be able to run applications on shop, and display them locally.
If you have some reason to do otherwise, you'll have to use xhost to
allow connections from anyone on localhost:
xhost +localhost
su gene
ssh -X shop
More information about the fedora-list
mailing list