[techtalk] Does there exist...?

[Aaron Malone]

On Sat, Sep 30, 2000 at 03:57:10PM -0400, Laurel Fan wrote:
> If I understand what you're doing, this actually doesn't do ssh
> forwarding.  It's just plain remote X clients, and will work through
> any method of connecting to the X-client-running-machine.  (Note that
> the above method will allow anyone on the remote machine to do
> anything to your X, so only do it if you trust everyone who can log in
> to the remote) If you want to do it through ssh, try:
> 
> ssh -X -l <user> <remote>
> 
> The -X enables X11 forwarding.
> 
> Done this way, it'll only allow you on the remote to access your X.
> (actually, only that particular ssh connection)

This is correct.  The method originally described completely defeats the
purpose of ssh X11 forwarding.  Note that for this to work, the
sshd_config file on the remote machine must have a "X11Forwarding yes"
line, and the "-X' directive can be eliminated by adding the line
"ForwardX11 yes" for that host (or all hosts, if you'd like) in ssh_config
on the client machine.

If you get the message "Warning: remote host denied X11 forwarding" on
connection, the remote machine likely has forwarding disabled.  If you get
no warning and want to make sure forwarding is enabled (before incurring
the bandwidth overhead of actually running something), type:

echo $DISPLAY

if forwarding is enabled, you should see something like:

aaron at raul ~ % echo $DISPLAY
raul.munge.net:10.0

This display (:10.0) is a 'fake' server that forwards the X app back to
your client machine.  Note also that the display offset is configurable in
sshd_config, it should default to 10, as seen above.

-- 
Aaron Malone (aaron at semo.net)
System Administrator             "Some companies think of training as a
Poplar Bluff Internet, Inc.        cost rather than an investment."
http://www.semo.net                         -- Paul Collins