From owner-freebsd-questions@FreeBSD.ORG Tue Jan 27 01:39:44 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A8DF106566B for ; Tue, 27 Jan 2009 01:39:44 +0000 (UTC) (envelope-from the.sk89q@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.29]) by mx1.freebsd.org (Postfix) with ESMTP id 3A1EE8FC12 for ; Tue, 27 Jan 2009 01:39:43 +0000 (UTC) (envelope-from the.sk89q@gmail.com) Received: by yw-out-2324.google.com with SMTP id 9so2465988ywe.13 for ; Mon, 26 Jan 2009 17:39:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=3Z0788F3AQOot6VViv6gZ3jSBhjDk84VjBotjwQ8S6M=; b=rxrh1r15UUOPySU/4qHtACNV4YRlYJqyg/OeOGIctdwRv9ttRFiLPCiNs1YW32no+1 KK9qbVkoaJ7iao+lqglyA122TMGWyBa3u5q3LwkOaErt96wOrkP9iti9ZijzA3cYmZiR CURfI0Q/kjn3A2gELpP5ttsofO+02SNU858fU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=iK7ekjU8fVv7a0KJ7gWAbnFrr47G3/SI79oKkhgz258w827JwrufIKdKmJCFLx9B50 u2cvfpH4DsCan9ssdr/XLlR6kiPGMVYh7K5tf0vEhwNXzWZqxymLAY/hJoj9qDYNcPVg hvTeSF0MsIp9hkoHKEYf8Q9s4/Vkkd3snhngE= MIME-Version: 1.0 Received: by 10.231.15.130 with SMTP id k2mr60038iba.31.1233020382355; Mon, 26 Jan 2009 17:39:42 -0800 (PST) In-Reply-To: <497DF10C.9000601@telenix.org> References: <825770ac0901252109n14c9de4exec2fe3c1daed335b@mail.gmail.com> <497D51E6.2000904@boosten.org> <825770ac0901252217m74882871o543027b0e32b9eb8@mail.gmail.com> <20090126093242.863c59b0.wmoran@potentialtech.com> <825770ac0901260752s16655f49ue069d2166450d672@mail.gmail.com> <497DF10C.9000601@telenix.org> Date: Mon, 26 Jan 2009 17:39:42 -0800 Message-ID: <825770ac0901261739k19b6f65ap431db4a959a43262@mail.gmail.com> From: sk89q To: Chuck Robey Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Peter Boosten , Bill Moran , freebsd-questions@freebsd.org Subject: Re: X11 forwarding through SSH: Can't open display X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2009 01:39:44 -0000 On Mon, Jan 26, 2009 at 9:21 AM, Chuck Robey wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > sk89q wrote: >> On Mon, Jan 26, 2009 at 6:32 AM, Bill Moran wrote: >>> In response to sk89q : >>> >>>> I meant sshd_config. >>> Do you have the xauth package installed on the remote server? You don't >>> need a full X install, but X11 forwarding won't work without xauth >>> installed. >> >> Yes, I do (at least to my knowledge), but xauth is located at >> "/usr/local/bin/xauth". sshd wasn't able to find xauth, so I made a >> hard link at "/usr/X11/bin/xauth" to "/usr/local/bin/xauth". That >> fixed a can't-find-xauth error, and that's where I am now. > > I think a far more likely thing might be being missed here. Usually when I'm > surprised when a new system refuses to allow me to remotely open X apps, it's > not the problem of ssh, it's because X11, by default, doesn't open up the port > 6000 IP socket to allow remotes to work. You can easily use netstat, to look > for open sockets 6xxx range, opened by your X server. If you can't find it, > then some part of your X installation is likely giving the -nolisten tcp > commands when starting up the X server. I don't know how you open your X, so I > couldn't directly tell you how to fix this. > > Being a bit more honest, the X server itself doesn't block the remote ports. > It's all of the startup tools (like startx) which stick in the anti-remote > prejudice. Giving the fact that it IS a security risk, I guess they're right, > it just means that if you want remote operation, you need to tell X (via > whatever startup method you use) to stop blocking the opening of that port 6000. Well, the good news is that it works now. The bad news is that I don't know why. I haven't made a change to anything (except change /etc/motd and restart sshd, which I had already previously done numerous times). Nothing else has been restarted. However, I can say that it was most likely an issue on the server, because now it works with PuTTY, ssh -X on Windows, and ssh -X on Ubuntu. Nevertheless, performance (over the Internet) is pretty bad... so I'll probably have to look into NX (even though the version of FreeNX in the ports system presently doesn't support amd64...). Thanks for everyone's help, sk89q