Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 17 Dec 2006 10:52:58 +0000
From:      Matthew Seaman <>
To:        Lane <>
Cc:        FreeBSD Questions <>, Christopher Cowart <>
Subject:   Re: xorg on a headless, mouseless, keyboardless box
Message-ID:  <>
In-Reply-To: <>
References:  <>	<>	<> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Lane wrote:

> I can, in fact, run a gui root process on the remote machine, now.
> Unfortunately I still can't run qemu so that I can get the console.  I =
> X Error of failed request:  BadWindow (invalid Window parameter)
>   Major opcode of failed request:  25 (X_SendEvent)
>   Resource id in failed request:  0x3e
>   Serial number of failed request:  18
>   Current serial number in output stream:  21
> Any advice on how to setup the remote (headless, mouseless, and keyboar=
> server to run X?  My brain is fried trying to track down a HOWTO, and t=
> wiki is just a half millimeter left of useless.

The quickest and easiest method would be to run this on your desktop
*before* SSH'ing to the other machine:

    xhost +LOCAL:

That means that any user on the same machine (technically, any user
accessing your display via the local domain socket /tmp/.X11-unix/X0)
can pop up windows on your X display.  Because of the way SSH X-
forwarding works, all the processes on your remote machine appear to
the local X server as if they were running on your local desktop, so
that command will work for them too.

Obviously this has security implications on machines where you do not
trust all of the users -- for instance it would be fairly trivial for
anyone else with access to either of those machines to be able to capture=

all of your keyboard input including any passwords you needed to type.
You need to be able to trust implicitly both your local desktop and the
remote server you're logging into.

You can have more fine-grained control by using xauth to copy the access
tokens for your display into the .Xauthority file in another users' home

   xauth nextract - $DISPLAY | su - otheruser -c "xauth nmerge -"

You should only need to do that one time per $DISPLAY, but if you're
doing X forwarding over SSH, you may need to do that at least once
for each desktop machine you log in from, even if you get the same
$DISPLAY setting each time.  ssh, when doing X forwarding, does pretty
much that internally to forward your credentials so commands on the
remote machine can display on the desktop in front of you.

Note: $DISPLAY is set automatically for you when you enable X forwarding
and SSH in.  You may need to quietly eliminate misguided attempts to set
$DISPLAY in the shell startup scripts of otheruser --- it should inherit
the value from your environment if you become that user by su(1) or sudo(=

See xauth(1) for more information about what you can do with it -- quite
a lot more really.



Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP:         Ramsgate
                                                      Kent, CT11 9PW

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v1.4.6 (FreeBSD)
Comment: Using GnuPG with Mozilla -



Want to link to this message? Use this URL: <>