Hi Raz,
Thanks very much for your very insightful explaination.
I changed the /m200/ .login file so that the DISPLAY parameter sets to
xia:10.0. But I still got the same error message. What would be an
appropriate way to do this?
M200 is an instrument used by chemists to work out how atoms are
arranged in space. I would like to remotely run it from my office
computer. I used to do with Telnet but University strongly discouraged
it. They suggested the SSH X forwarding to me.
Please forgive me for being naive, and thanks again for your help.
Paul.
Roland Turner (Security Focus) wrote:
On Thu, 2006-02-09 at 17:25 -0500, Zhicheng Xia wrote:
I have openSSH 4.2p installed for debian Sarge 3.1 and Solaris 2.8.
The remote x display works between Solaris systems, it also works
between debian systems. However when I tried to do a Solaris remote
Xterm on my debian box, it no longer work. Could someone help me here
please???
...
[EMAIL PROTECTED]:~$ ssh -v -X m200
...
debug1: Requesting X11 forwarding with authentication spoofing.
...
Choose s)un x)window t)ek d)umb g)raphon [s/x/t/d/g(default)]:x
input display server name: xia
m200:xia 1>xterm
xterm Xt error: Can't open display: xia:0.0
^^^^^^^
I'd guess that your login menu on m200 is ignoring the DISPLAY variable
set by sshd and that your Solaris desktops are permitting X11
connections from anywhere (i.e. ssh is not involved in the "successful"
forwardings between Solaris machines; it's straight X11 over TCP).
What should happen with X11 forwarding, and what most likely is
happening when forwarding between your Debian boxes, is that sshd sets a
DISPLAY variable to something like localhost:10.0 and listens on the
corresponding TCP port (6010 in this case). When X apps look at the
DISPLAY variable, they see that they are to connect to
localhost/TCP/6000+displaynumber and the connection is then forwarded by
sshd back to the ssh client.
Your login menu (or .rc files, or whatever) on m200 is presumably
overriding the DISPLAY variable and setting it to xia:0.0, which tells
xterm to open a connection across the network to xia/TCP/6000, which (a)
isn't what you want (it's direct, rather than forwarded) and (b) on a
default Debian configuration is prohibited (Debian X11 servers will only
accept local connections unless explicitly configured to do otherwise).
My guess is that your Solaris boxes are accepting network connections,
so it all _seems_ to work correctly Solaris<->Solaris.
Why do you want to use ssh forwarding for your X connections in the
first place?
- Raz
