# yet another X11 Forwarding

## nadi

Hei all

I followed the HOWTO http://gentoo-wiki.com/HOWTO_X-forwarding

I search and read many many links here in the forum regarding X forwarding. 

So I modified ssh_config to include

```
X11Forwarding yes

```

(ofcourse restarted /etc/init.d/sshd restart )

I modifed the PAM as suggested by some threads, and it did not help. 

My problem is when I do

```
nadi$ xhost + 
```

 and then connect to ssh

```
nadi$ ssh -X barc@ravn.itk.ntnu.no
```

I can connect fine, then I export the display

```
barc@ravn:~>export DISPLAY=85.164.245.65:10.0
```

but then when I try to run opera 

```
barc@ravn:~>opera & 
```

I get then message 

```
barc@ravn:~> Error: Can't open display: 85.164.245.65:10.0

opera: cannot connect to X server 85.164.245.65:10.0
```

WHY WHY ??? I really need to connect to ravn from my laptop in order to work, but was not able until now...

HELP!

P.S: there is something wrong with the HOWTO: *Quote:*   

> Now verify that the DISPLAY variable points to the display created by sshd (normally localhost:10.0):
> 
> Code: echo $DISPLAY

  but if I try it before I am doing the export DISPLAY command, I get neither  *Quote:*   

> localbox:10.0
> 
> 

  nor 0.0. It simply does not show anything.

----------

## SinoTech

I've never exported ${DISPLAY} and I've never used "xhost". Just ssh'd to my server and started the desired application.

Anyway, have you tried the "-Y" switch instead of "-X" ?

```

nadi$ ssh -Y barc@ravn.itk.ntnu.no

```

Mfg

Sino

----------

## nadi

thx for the reply. 

yes, I have tried Y, and I even tried 

ssh -XY barc@ravn.itk.ntnu.no

no effect

If I don't use export DISPLAY 

then I get the message 

```
barc@ravn:~> xclock 

Error: Can't open display:
```

----------

## SinoTech

Think you've forgotten to edit your "sshd_config" file on the server. "/etc/ssh/ssh_config" is the configuration file for the ssh client and therefore enabling X11-forwarding there won't affect your ssh daemon.

You've to change the following line in your "/etc/ssh/sshd_config" (On the server) from

```

# X11Forwarding yes

```

to

```

X11Forwarding yes

```

Then restart sshd

```

$ /etc/init.d/sshd restart

```

and (re)connect to your server

```

$ ssh -Y barc@ravn.itk.ntnu.no

```

As mentioned in my prior post, you don't have to export ${DISPLAY} or something similiar. In normal case you've just to use the "-Y" switch in your ssh command and after that you should be able to start graphical applications on the server.

If you still got problems just post again.

Mfg

Sino

----------

## nadi

no, sorry for the typo, I updated /etc/ssh/sshd_config in the first place, not /etc/ssh/ssh_config (if exists at all). So this is not my problem.

Any other suggetions? I am still stuck.

----------

## SinoTech

Do you "su" to another user before ssh'ing to your server ?

Mfg

Sino

----------

## nadi

no, I am using ssh as a user.

----------

## SinoTech

Ok, back to the beginning."ssh" to your server using the "-Y" switch.

Important:

- Don't export anything and don't run "xhost" (Not on your local machine and not on the server)

- Don't "su" to another user. Just start your local x-session, open a terminal and run the ssh command

```

$ ssh -Y <user>@<server>

```

After that, perform the following command and post the result:

```

$ echo $DISPLAY

```

For me the result is

```

$ echo $DISPLAY

     localhost:10.1

```

(The ".1" is since I've got two monitors with each having a separate X-Server running. Therefore the first is 10.0 and the second is 10.1. But you don't have to care about that.)

Mfg

Sino

----------

## nadi

aha! but when I perform 

```

bash-2.05$ echo $DISPLAY

bash-2.05$ 

```

nothing appears! when I change the DISPLAY, 

```
bash-2.05$ export DISPLAY=85.164.245.65:0.0   

bash-2.05$ echo $DISPLAY

85.164.245.65:0.0

bash-2.05$ 

```

(?)

----------

## SinoTech

Ok, that's really strangly. You've really add the following line to your "sshd_config" on the server ?

```

X11Forwarding yes

```

And you really restarted sshd ? You've got xorg-x11 installed on the server ? Just to be sure  :Wink: .

Mfg

Sino

----------

## nadi

thanks sino.

yes, I have changed the sshd_config and am using, hehhe, xorg. I am wandering if the problem is the client? it is a unix system (without X) at school. 

my sshd_config:

```
UsePAM yes

#AllowTcpForwarding yes

#GatewayPorts no

X11Forwarding yes

#X11DisplayOffset 10

#X11UseLocalhost yes

```

Any other ideas?

----------

## SinoTech

 *nadi wrote:*   

> thanks sino.
> 
> yes, I have changed the sshd_config and am using, hehhe, xorg. I am wandering if the problem is the client? it is a unix system (without X) at school. 
> 
> [...]
> ...

 

Without X? Yes, think that's the problem. You need to have a running X-Session on the client to get displayed the applications.

Mfg

Sino

----------

## nadi

my mistake: there IS an X running on the client:

```
barc@ravn:~> startx

Fatal server error:

Server is already active for display 0

        If this server is no longer running, remove /tmp/.X0-lock

        and start again.

```

So what is the problem then?

----------

## SinoTech

You must be inside the running X-session. You cannot start a graphical application if you're on a TTY.

Mfg

Sino

----------

## nadi

 *Quote:*   

> You must be inside the running X-session. You cannot start a graphical application if you're on a TTY.
> 
> 

 

what do you mean on the TTY ? I am ssh'ing into a machine at school, which runs X. Please explain..

Thanks

----------

## SinoTech

 *nadi wrote:*   

> 
> 
> [...]
> 
> ```
> ...

 

You're on a TTY (Terminal) on your client and you try to start a X-Session. But in order to start a graphical application, you have to be inside a running X-Session. As long as you're on a TTY, you're unable to start any graphical applications. So type "startx" to start a X-Session, or is one is already running, press <ALT> + <F7> to switch to it. After that open a terminal, ssh to your server and start your desired application.

Mfg

Sino

----------

## nadi

Thanks SIno, I think we have misunderstanding here:

I am in a laptop, which have x (I am using xfce4 desktop. gentoo and x11-xorg). I opened a terminal in the laptop, used ssh to the server at school, and started working on that (see the threads above). I might confused with the name clients-server, but this is not the point.  From a laptop with X I am opening terminal, ssh into the server at school which runs X, and try to export all the X applications TO my laptop. Am I doing something wrong?

Nadi

----------

## SinoTech

Think you've done the right stuff. I've just wondered about that:

```

barc@ravn:~> startx

Fatal server error:

Server is already active for display 0

        If this server is no longer running, remove /tmp/.X0-lock

        and start again. 

```

Therefore I've thought your in the console and not in a running X-Session. So just to be sure and that there are no more mistakes, here are the steps again you've to perform:

On the server (Computer on your school where you connecting to)

1. Add "X11Forwarding yes" to the ssh servers config

2. restart the ssh server

(Hope you've got the permission for that)

On the client (Your laptop)

1. Start an X-Session (xfce, kde, ...)

2. Open a terminal (xterm, Eterm, ...)

3. ssh to your server (The computer at your school)

```

$ ssh -Y <computer-at-school>

```

4. Inside the ssh session, start your desired application

5. If this don't work, perform the following command

```

$ echo $DISPLAY

```

to see if the variable is set or not.

Mfg

Sino

----------

## nadi

hmm. I am wandering if the problem is at the server at school. From the /etc/ssh/ssh_config:

```

barc@ravn:~> less /etc/ssh/ssh_config

# Site-wide defaults for various options

Host *

#   ForwardAgent no

#   ForwardX11 no

# If you do not trust your remote host (or its administrator), you

# should not forward X11 connections to your local X11-display for

# security reasons: Someone stealing the authentification data on the

# remote side (the "spoofed" X-server by the remote sshd) can read your

# keystrokes as you type, just like any other X11 client could do.

# Set this to "no" here for global effect or in your own ~/.ssh/config

# file if you want to have the remote X11 authentification data to 

# expire after two minutes after remote login.

ForwardX11Trusted yes

```

Does it means that the X11 forwarding is off? it is unclear for me.

Nadi

----------

## SinoTech

Since the computer at your school acts as server, you have to look at the "sshd_config" rather than the "ssh_config"

Mfg

Sino

----------

## VStrider

 *nadi wrote:*   

> 
> 
> I get then message 
> 
> ```
> ...

 

Hi,

did you make sure that the server's Xaccess config allows this?

Have a look at /etc/X11/xdm/Xaccess

----------

## nadi

thanks for the reply. 

 *Quote:*   

> Since the computer at your school acts as server, you have to look at the "sshd_config" rather than the "ssh_config" 

 

you might be right, but I dont have premission to read this file. I sent an email to the administrator, see if it helps.

 *Quote:*   

> did you make sure that the server's Xaccess config allows this? 

 

I am not using xdm. my desktop is xfce4 and I am starting it by startx command. Or do I need to consider modifying xdm?

----------

## VStrider

 *nadi wrote:*   

> I am not using xdm. my desktop is xfce4 and I am starting it by startx command. Or do I need to consider modifying xdm?

 

No, this doesn't have anything to do with your desktop or what wm you're using. Xaccess is a file on the server that controls where the X server is listening to. The admins could have set it to only listen on local connections. If so, your connection attempt to X would fail as it did.

----------

## nadi

well, the administrator confirms that others are succesfully using X forwarding. Så the problem is not the server at school. maybe it is because they have firewall, is it possible that it blocks outgoing traffic? Alternatively, there is something misconfigure with my gentoo.

Hopeless! I am about to give up.

----------

## VStrider

 *nadi wrote:*   

> well, the administrator confirms that others are succesfully using X forwarding. Så the problem is not the server at school. 

 

Yes, if the admins told you that X forwarding works on their end, then it does. The problem must be on your end.

----------

