Gene Heskett wrote:
Tonight I thought I'd play with emc2 a bit, but since updateing this
machine to FC6, somethings gone fubar in the X11 forwarding. Here is
whats been executed to get to the failure:
---------
[root@coyote amanda]# xhost +192.168.71.4
192.168.71.4 being added to access control list
[root@coyote amanda]# su gene
[gene@coyote amanda]$ ssh -X shop
gene@shop's password:
Warning: No xauth data; using fake authentication data for X11 forwarding.
This is the key error... When you "su" to gene on the X terminal, you've
become a user who doesn't have access to the session's X credentials.
"gene" can't run X applications on the local system at that point, and
neither can he forward X over ssh.
Since you've used xhost to add permission to something other than
localhost, you probably misunderstand how X forwarding works. Under
classic conditions, you'd use xhost to allow access from a remote host,
such as you've done. Then you'd telnet to that system and set the
DISPLAY variable to your X terminal and run your application. When
forwarding X, you don't need to do either of those things. ssh uses
your .Xauthority file on the local system, creates an .Xauthority file
on the remote system, and sets the DISPLAY variable automatically. When
you run an X application, it uses the .Xauthority file that ssh created
to authenticate itself to ssh, ssh forwards its traffic to your X
terminal over the ssh connection, and uses your original .Xauthority
file to authenticate to your X server. Since the application connects
from localhost, through ssh, your xhost command doesn't accomplish anything.
You have two options. First, and most simple, just run ssh as the user
that you're logged in as:
ssh -X gene@shop
You'll then be able to run applications on shop, and display them locally.
If you have some reason to do otherwise, you'll have to use xhost to
allow connections from anyone on localhost:
xhost +localhost
su gene
ssh -X shop
