# xhost doesn't work

## dattaway

My xorg server refuses to open windows from applications if the DISPLAY set to any IP address, including localhost.  Without the IP address, windows open as they should.  This means my xforwarding is broken, unless I start X with the -ac option, which disables all access control.  Obviously, I don't want to run my xserver with the -ac option, so how do I get a functional access control?

Here is a typical runaround in the bash shell and a snippet of an strace:

```

dattaway@home ~ $ export DISPLAY=:0.0

dattaway@home ~ $ xosview 

dattaway@home ~ $ export DISPLAY=127.0.0.1:0.0

dattaway@home ~ $ xosview 

Can't open display named 

dattaway@home ~ $ strace xosview

.... 

connect(3, {sa_family=AF_INET, sin_port=htons(6000), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ECONNREFUSED (Connection refused)

....

dattaway@home ~ $ xhost +

xhost:  unable to open display "127.0.0.1:0.0"

dattaway@home ~ $ export DISPLAY=:0.0

dattaway@home ~ $ xhost +

access control disabled, clients can connect from any host

dattaway@home ~ $ xosview 

dattaway@home ~ $ xhost -

```

You see what's going on here?

----------

## firex

the best way to do it what you want for me is :

ssh user@host -X [command]

in you sshd config you shuld enable X11Forwarding und restart sshd befor you try.

[command] is optional. if you don't use it you will get shell with set DISLPAY varible and all application started in the shell will use your local X  :Smile: 

----------

## dattaway

 *firex wrote:*   

> the best way to do it what you want for me is :
> 
> ssh user@host -X [command]
> 
> in you sshd config you shuld enable X11Forwarding und restart sshd befor you try.
> ...

 

Yes, my X11 forwarding was enabled in sshd_config.  Same error using ssh.  Something inside the xserver is denying any request with an IP number, including localhost and loopback:

```

dattaway@home ~ $ ssh dattaway@localhost -X xosview

Password: 

Can't open display named 

dattaway@home ~ $ 

```

Starting X with the -ac option makes it all work, but without ANY security.  No other problems with name lookups that I can see.  The X server just doesn't want to do it.

----------

## Esel Theo

Never, never ever use xhost.

Simply do

```

ssh -Y user@host

xosview

```

No xhost, no export DISPLAY, no nothing.

ssh will magically do X11 forwarding for you (except if you confuse it with xhost or export DISPLAY  :Smile: ).

----------

## dattaway

 *Esel Theo wrote:*   

> Never, never ever use xhost.
> 
> Simply do
> 
> ```
> ...

 

ok...

```

dattaway@ts7200:/$ ssh -Y dattaway@home.dattaway.org                                

Password:                                                                       

Last login: Thu Jan 19 13:07:55 2006 from cpe-69-23-113-234.kc.res.rr.com       

dattaway@home ~ $ xosview                                                       

Can't open display named                                                        

dattaway@home ~ $ 

```

See what I'm trying to say?  My xserver WILL NOT honor any ip address, not from another box, localhost, or even the loopback address.  SSH works great.  SSH sets up the environment up like it should.  Its not the problem.  Its *within* X.

----------

## firex

try "ssh user@host -X " only and check DISPLAY

for me it is localhost:10.0 on the remote pc.

then try to start xterm

/etc/ssh/sshd_config must have X11Forwarding yes

----------

## dattaway

I found the problem with ssh -vvv

It was able to tell me it could not find xauth

Now it works!    :Mr. Green: 

----------

