On Monday 27 November 2006 11:37, Gordon Messmer wrote: >Gene Heskett wrote: >> Tonight I thought I'd play with emc2 a bit, but since updateing this >> machine to FC6, somethings gone fubar in the X11 forwarding. Here is >> whats been executed to get to the failure: >> >> --------- >> [root@coyote amanda]# xhost +192.168.71.4 >> 192.168.71.4 being added to access control list >> [root@coyote amanda]# su gene >> [gene@coyote amanda]$ ssh -X shop >> gene@shop's password: >> Warning: No xauth data; using fake authentication data for X11 >> forwarding. > >This is the key error... When you "su" to gene on the X terminal, you've >become a user who doesn't have access to the session's X credentials. >"gene" can't run X applications on the local system at that point, and >neither can he forward X over ssh. Ok, but today, I logged in as gene (init=5 or whatever the gui login is on kubuntu, and ran it from the local keyboard out there long enough to carve a blast shield out of brass plate to deflect the ignition blast away from the bottom of the scope mounted on a T-C Black Diamond 50 calibre black powder rifle. So what I'm saying is that there was no X server running on that box until I logged in, yet the forwarding worked well when I ssh -X gene$shop as root here. So you are correct in that I don't understand it at all well. >Since you've used xhost to add permission to something other than >localhost, you probably misunderstand how X forwarding works. Under >classic conditions, you'd use xhost to allow access from a remote host, >such as you've done. Then you'd telnet to that system and set the >DISPLAY variable to your X terminal and run your application. When >forwarding X, you don't need to do either of those things. ssh uses >your .Xauthority file on the local system, creates an .Xauthority file >on the remote system, and sets the DISPLAY variable automatically. When >you run an X application, it uses the .Xauthority file that ssh created >to authenticate itself to ssh, ssh forwards its traffic to your X >terminal over the ssh connection, and uses your original .Xauthority >file to authenticate to your X server. Since the application connects >from localhost, through ssh, your xhost command doesn't accomplish > anything. I wondered about that in the past, so I'll pull that back out of rc.local just for test the next time I reboot this box. >You have two options. First, and most simple, just run ssh as the user >that you're logged in as: > >ssh -X gene@shop Which works well. >You'll then be able to run applications on shop, and display them > locally. > >If you have some reason to do otherwise, you'll have to use xhost to >allow connections from anyone on localhost: > >xhost +localhost >su gene >ssh -X shop And this would also work? Kewl. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
