# ssh and X11 error, need help

## rajl

I had setup ssh to work with X11 forwarding, but it has suddenly stopped working and I don't know why.  Where as it used to work, after a severed network connection while logged in, whenever I try to use X over ssh, I get the following error message:

```

johnlyon@lyon johnlyon $ emacs

emacs: Cannot connect to X server localhost:10.0.

Check the DISPLAY environment variable or use `-d'.

Also use the `xhost' program to verify that it is set to permit

connections from your machine.

```

I've tried all the basic trouble shooting like restarting sshd, rebooting the computer, checking to make sure I have localhost set in my hosts file (I do).  But I'm drawing blanks because I'm not fully familiar with administering ssh yet.  Here is my sshd_config file it it will help:

```

#       $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $

# This is the sshd server system-wide configuration file.  See

# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented.  Uncommented options change a

# default value.

#Port 22

Protocol 2

#ListenAddress 0.0.0.0

#ListenAddress ::

# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 3600

#ServerKeyBits 768

# Logging

#obsoletes QuietMode and FascistLogging

SyslogFacility AUTH

LogLevel INFO

# Authentication:

#LoginGraceTime 120

PermitRootLogin no

#StrictModes yes

#RSAAuthentication yes

#PubkeyAuthentication yes

#AuthorizedKeysFile     .ssh/authorized_keys

# rhosts authentication should not be used

#RhostsAuthentication no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!

#PasswordAuthentication yes

#PermitEmptyPasswords no

# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes

# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver

#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication 

# Warning: enabling this may bypass the setting of 'PasswordAuthentication'

#PAMAuthenticationViaKbdInt no

X11Forwarding yes

X11DisplayOffset 10

X11UseLocalhost yes

#PrintMotd yes

#PrintLastLog yes

#KeepAlive yes

#UseLogin no

#UsePrivilegeSeparation yes

#PermitUserEnvironment no

#Compression yes

#MaxStartups 10

# no default banner path

#Banner /some/path

#VerifyReverseMapping no

# override default of no subsystems

Subsystem       sftp    /usr/lib/misc/sftp-server

```

Does anyone have any ideas as to what I should do to fix the problem?  Any and all help would be appreciated.  I really do need to be able to use X11 over ssh.

----------

## easykill

try this

DISPLAY=":0" emacs

if that doesn't work, type

echo $DISPLAY

and post what it shows

it seemed to be trying to open a weird display

----------

## rajl

i tried as you reccommended and typed $DISPLAY=":0" emacs

I didn't get an error message, but the program didn't pop up on my ssh forwared connection.  Then did an echo $DISPLAY and got the following:

localhost:10.0

As I said, it used to work perfectly, but now it hasn't since last week when my connection was severed abruptly.  Hopefully you can give me some other advice.

----------

## rajl

With this new information, is there anyone out there who can help me?

----------

## DaSH

may be you need to type 'xhost +' on your comp...

----------

## dpryden

What happens if you try ssh -X?  That tells ssh to set up a second tunnel expressly for the X11 protocol, and ssh is nice enough to set your DISPLAY variable for you automatically.

If ssh -X works, and setting $DISPLAY manually doesn't, there may be a firewall issue between the boxes, or you may have started X with the --nolisten switch. (Which is, actually, a good idea, since tunneling through ssh is more secure.)

----------

## jana

I'm having the same problem.  I've tried the solutions offered above...

Since I'm using DHCP my /etc/hosts file only includes

***

127.0.0.1    rosencrantz

***

(that is, my localhost name is coded in explicitly)

Do I need anything else?  I wouldn't think so, since my problem still exists for local programs, but I thought I'd throw the idea out there...

thanks,

 - j

----------

## bLanark

 *Quote:*   

> may be you need to type 'xhost +' on your comp...

 

I think that's it. Before you ssh to the other system (OK, it doesn't have to be before, but this is easier to explain than two terminals and which prompt is on which system) type "xhost +" and you'll get a message like: 

```
access control disabled, clients can connect from any host
```

. THEN you ssh to the remote system. 

(ssh IS forwarding X, otherwise your DISPLAY would not be localhost:10)

The only other thing I can think of is that X might *not* be listening to TCP, which is a recommend setting for security. You might find a -nolisten tcp or something flag somewhere in the config (sorry, never used it, no books to hand, but have a grep for similar strings).

----------

## rtn

Forwarded X connections should be setting up and using the .Xauthority.

`xhost +` is inherantly insecure, and should be avoided.

--rtn

----------

## rajl

my problems magically went away all of a sudden.  so I can't offer any advice there.

----------

## The DJ

I have been experiencing this as well.

I'm positive i did everthing that is required again and again and again.

It used to work like a charm. since the upgrade to 4.3.0 however, it no longer works. If i type startx for instance, it always wants to open 0:0 on vt7, while it should open 10:0 (for the forwarding part) as the DISPLAY variable states.

it's really strange and the problem is still bothering me.

----------

