Gene Heskett wrote: > > Ok, but today, I logged in as gene (init=5 or whatever the gui login is on > kubuntu, and ran it from the local keyboard out there long enough to > carve a blast shield out of brass plate to deflect the ignition blast > away from the bottom of the scope mounted on a T-C Black Diamond 50 > calibre black powder rifle. So what I'm saying is that there was no X > server running on that box until I logged in, yet the forwarding worked > well when I ssh -X gene$shop as root here. So you are correct in that I > don't understand it at all well. > It is the X server on the local machine that you are trying to connect to when you use "ssh -x" to connect to a remote machine. The X server is the program on the local machine that drives the display, and accepts input from the keyboard and mouse. It is fussy about who gets to connect to it. The default setup only lets the user who is logged into the X secession connect to it. Ssh know how to extend that permission to a remote machine, but only for the user it connects to the remote machine as. When you change users on the remote machine, you lose that permission. The reason for this is that with the right program, you can capture every key stroke and mouse movement that the X server sees. In the past, when X security was a lot more open, you would sometimes get people logging into a machine remotely, and running that would connect to the local X display. You could be peacefully working and get all kinds of strange things popping up on your screen. Or someone could take over your cursor, and start doing things on your desktop. (The x2x program works well for this.) Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!