# sshd and X-forwarding

## pstevenson

Hi.

I have sshd set up and working okay, except that it doesn't want to do X forwarding when connecting to the machine.  I've got $DISPLAY set correctly on the client, but when I ssh to my gentoo box, $DISPLAY is not set and I can't securely forward X.  

My package is net-misc/openssh-3.5_p1 and I've explicitely uncommented X11Forwarding yes in the sshd_config file. 

Any ideas?  thanks

Paul

----------

## compu-tom

Have your tried

```
ssh -X remotehost
```

? Don't set the DISPLAY on the remote host, ssh will do this for you to point back to your local host.

----------

## Sven Vermeulen

Otherwise, on your client (were you are sitting behind), execute

```

~$ xhost +ip.of.the.server

```

then ssh to that server, issue:

```

~$ export DISPLAY="ip.of.the.client:0.0"

```

and you're ready.

Don't forget to check the firewall that exist (if any) between both pc's, it could deny all X-traffic. Also make sure that you haven't disabled the remote X functionality on your client (by adding -nolisten tcp when starting up X).

----------

## pstevenson

Thanks for the suggestions.  

I have tried adding -X to the ssh command, but it makes no difference.

I am loath to set the DISPLAY variable manually as traffic will not then be routed over a secure connection.

Although I do have a firewall, I think it is set up to allow X, and besides: even if it were not, am I right in thinking that ssh should still pass down the $DISPLAY variable and it would only be when I tried starting a client that I ran into problems?

----------

## Zugot

What happens when you do a:

```

ssh -X -v -v -v host

```

[/code]

----------

## paul138

I'm sure you're aware of this but...

Your sshd_config file should contain the following lines:

```

X11Forwarding yes

X11DisplayOffset 10

X11UseLocalhost yes   

```

When you login:

```

ssh -l user -X host

```

Can you see what the DISPLAY variable is?

```

echo $DISPLAY

localhost:10.0

```

If not, that variable needs to be defined and it's something with either a ssh client config or the server. Add the lines above (if they're not already) and reload the server. See what happens when you run xterm from the remote machine.

Of course...if you're not in X allready, it does you no good at all.

----------

## Naan Yaar

Silly question, did you do:

```

/etc/init.d/sshd restart

```

after making your changes to the sshd_config file?  You need to do it for the settings to take effect.  As others have stated here, you also need to use a "-X" option or change /etc/ssh_config to enable X11 forwarding at the client end.

 *pstevenson wrote:*   

> Thanks for the suggestions.  
> 
> I have tried adding -X to the ssh command, but it makes no difference.
> 
> ...

 

----------

## pstevenson

adding

X11DisplayOffset 10

X11UseLocalhost yes

to sshd_config (and restarting sshd) did the trick.

thanks for all your help,

Paul

----------

## TaboZ

if there is a .Xauthority file on the machine you are ssh'ing into. Delete it!

----------

## paul138

Anytime  :Very Happy: 

 *pstevenson wrote:*   

> adding
> 
> X11DisplayOffset 10
> 
> X11UseLocalhost yes
> ...

 

----------

## pstevenson

 *paul138 wrote:*   

> Anytime 
> 
>  *pstevenson wrote:*   adding
> 
> X11DisplayOffset 10
> ...

 

 :Smile:    The reason I hadn't set these is that the sshd_config man page says that these are the default values anyway, implying only X11Forwarding needed to be manually set to yes. 

I suppose the defaults set by the ebuild packager are different to what the man page says.

----------

## Naan Yaar

Did you restart sshd the previous time without these settings?  I don't think these defaults have been changed in the ebuild.  I don't use these settings and it seems to work fine.

 *pstevenson wrote:*   

>  *paul138 wrote:*   Anytime 
> 
>  *pstevenson wrote:*   adding
> 
> X11DisplayOffset 10
> ...

 

----------

