ssh -X (-Y) not working

Rick Stevens ricks at nerd.com
Wed Sep 24 00:44:41 UTC 2008 

Karl Pearson wrote:
> On Tue, 23 Sep 2008, Bob McClure Jr wrote:
> 
>> On Tue, Sep 23, 2008 at 01:06:37PM -0600, Karl Pearson wrote:
>>> I like remote managing my server using ssh -X or ssh -Y and then running
>>> gui apps sometimes.
>>>
>>> I've check workstation and server X11Forwarding yes and then restarted
>>> sshd so don't know where else to go.
>>>
>>> I've checked the logs and there's nothing about it. The error I get is:
>>>
>>> [root at mail root]# system-config-printer
>>> system-config-printer: could not open display
>>> This is a graphical application and requires DISPLAY to be set.
>>>
>>> or:
>>>
>>> [karlp at mail ~/]$ xterm
>>> xterm Xt error: Can't open display:
>>> xterm: DISPLAY is not set
>>>
>>> Of course, the obvious is to set $DISPLAY, which doesn't work either.
>>
>> Well, no, it needs to be set by sshd.  If you "ssh -X host.onthe.net",
>> when you get a shell prompt, you should be able to
>>
>> $ echo $DISPLAY
>> localhost:10.0
> 
> Nope, it's empty...
> 
>>
>> in the usual case.  Any problems should be evident in
>> /var/log/messages or /var/log/secure.
> 
> Logging in works, and the logs show that, but there's nothing about 
> forwarding anomalies. There is an entry about DNS lookup failed for my 
> IP. Should I set secure forwarding on?
> 
>>
>> Check also your ~/.Xauthority file on the distant server.  Permissions
>> should be something like mine:
>>
>> -rw------- 1 bob users 532 Sep 23 15:09 .Xauthority
>>
>> You might try deleting it, then exit, and "ssh -X" in again.  It
>> should mention something about creating it.
> 
> Deleted. And... not recreated on next ssh in... Hmmm?
> 
> 
>>
>>> I've seen blogs, threads and other stuff all over the net and everything
>>> says, enable X11Forwarding. I've done this for years and have never had
>>> that not work. Using -X or -Y should even countermand that setting if 
>>> it's
>>> off, right?
>>>
>>> Any ideas where to go next?

On your ssh client, enter "echo $DISPLAY" and make sure it displays
something to the effect ":0.0" (you ARE in an xterm, right?).  If it
doesn't, then there's something wrong with your local X.  That's step
one.  If you don't have $DISPLAY set locally, there's no way ssh can
communicate that to the sshd server, regardless of using "-X" or "-Y".

Next, check the remote machine's /etc/ssh/sshd_config and make sure that
both "AllowTcpForwarding yes" and "X11Forwarding yes" are set (they're
both set to "no" by default).  If you've changed either or both
settings, do "service sshd restart" before you log off the remote
machine to make the changes "take".

Now, if the local "echo $DISPLAY" does display data, then "ssh -Y
remotehost" should get you to the remote.  Once on there, do another
"echo $DISPLAY" and it should show "localhost:10.0" or something very
similar (the ":10" bit is set by the "X11DisplayOffset" value in the
remote machine's /etc/ssh/sshd_config file and is 10 by default).  The
"localhost" bit indicates that X is being tunneled through the ssh
pipe.

Example on my machines:

[root at prophead ~]# echo $DISPLAY
:0.0
[root at prophead ~]# ssh bigdog
Last login: Tue Sep 23 17:26:51 2008 from prophead.hci.com
[root at bigdog ~]# echo $DISPLAY

[root at bigdog ~]# exit
logout
Connection to bigdog closed.
[root at prophead ~]# ssh -Y bigdog
Last login: Tue Sep 23 17:30:31 2008 from prophead.hci.com
[root at bigdog ~]# echo $DISPLAY
localhost:10.0
[root at bigdog ~]# exit
logout

Hope that helps!
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-            We look for things.  Things that make us go!            -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list