On Fri, 2005-02-11 at 15:30, Douglas Frank wrote: > I've set xhost + (OK, I know, I'll fix the auths later) on my FC3 box > but remote X clients are unable to display to it. FWIW, I'm not seeing > connection refusals; things just quietly fail to display. > > I'm guessing the firewall is blocking? Anyone know which > ports/protocols I need to open up? How are you trying to start up an X session? Most of the time one would ssh to the box they want to run the application on then start that application. If everything is setup correctly the display window of the program you start will be routed back to your box over the ssh connection. This is good for two reasons, first your password will be encrypted and the entire session will be encrypted. The things you may run into include: 1. on local machine you will need to allow other systems to display X windows on your local machine. This is done via the xhost command as you already found out. 2. you will need to open up port 22 (or whatever port you have configured) for ssh access on the remote system. You did this by disabling the firewall but you should go back and just allow ssh access. 3. Starting with FC3 you will most likely need to specify either -Y or -X as options on the ssh session to get it to connect successfully. -X sets up X11 forwarding and -Y setups up trusted X11 forwarding. 4. The first time you connect you will be prompted to setup an certificate or key with that system. If the machine has been locked down tight you may not be able to do this on the fly, it may require you to copy the certificate to the known_hosts file by hand. But the default setup should let you do this on the fly. 5. The display variable must be setup on the remote system correctly. In the past this used to be a problem and required modifying various startup scripts and such. The ssh being used now does most of this for you so you should not have to worry about that. (echo $DISPLAY to see what is set for this) 6. You may also want to modify the ssh_config file to enable X11 forwarding and compression. I think by default this is not set up. Of course if you use the -X or -Y options I think this is taken care of. 7. For security reasons you should modify the sshd_config file to disallow root logins over ssh. You can further restrict which local accounts can use ssh and this is a good idea. If you system is exposed to the Internet there are any number of scripts that knock on port 22 looking for poor passwords on well known accounts setup to accept ssh. -- Response brought to you by AutoReponder 0.1 a product of Magic-8-ball productions. (version 0.2 will feature correct answers!)
