On Sat, May 05, 2001 at 10:50:22AM -0700, Cory Petkovsek wrote:
> For those who don't know, one can run X applications remotely by using ssh:
> ssh -CX server
>
> C is compression, X is enable X forwarding. X forwarding must be enabled in the ssh
>config file on the ssh server.
Actually, the sshd config file:
/etc/ssh/sshd_config on Debian
/etc/sshd_config on OpenBSD
The specific line is:
X11Forwarding yes
You can use the ssh config file:
/etc/ssh/ssh_config on Debian
/etc/ssh_config on OpenBSD
to set system wide command line option defaults, which can be bracketed
in "Host" specifications to apply to connections to specific hosts.
You can use a similar config file for single user preferences in
$HOME/.ssh/config.
It's also a good idea to use rsa or, even better, dsa keys, instead or
sending your password, even though all transmissions are encrypted.
It would take someone a lot longer to duplicate a dsa key than to figure
out even a really strong password. Check out the manpage for ssh-keygen.
Also look at ssh-agent and ssh-add.
> >
> > emma.clipper.net is my home firewall, with a static IP address. The box I'm
>trying to run the X session from is sasha.localdomain, with a private IP address
>given by the DHCP server running on my firewall. I'm assuming there is some sort of
>error in my router config or in my IPF rules. The firewall is running OpenBSD, and
>as far as I've seen everything else has been working fine for the past year or so. I
>also haven't found any messages indicating a problem in my firewall or other
>confiurations.
> >
> > Any ideas?
Um, are you using rdr rules? The reason I ask is:
> > _X11TransSocketINETConnect: Can't get address for emma
> > xterm Xt error: Can't open display: emma:0.0
looks like you're trying to connect to emma, not sasha. To be honest,
I haven't played with redirecting X servers, but you might find a clue
in the OpenBSD mailing list archives:
http://www.sigmasoft.com/~openbsd/
*NOTE TO EVERYONE*
Even if you're not using OpenBSD, this is a great source for UNIX, and
especially OpenSSH info. You'll see posts from the people who actually
write the code.
In your rdr rules, are you using interface device names? How does your
ipf know what address to reach sasha at, if it was given an IP from
DHCP?
If nothing Cory or I said helps, wait a couple of weeks and update your
firewall (and the rest of your boxen :) to OpenBSD 2.9. Or install
2.9 snapshots from
ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/
ascii art fans -> log into ftp.openbsd.org and check out the blowfish
<[EMAIL PROTECTED]>
PS OpenBSD's /etc/sshd_config has an option 'X11DisplayOffset', maybe
you need to play with that? You'll probably also need to know what the
X server you are connecting with is expecting.
