[vox-tech] Exporting displays

Karsten M. Self kmself at ix.netcom.com
Thu Mar 17 13:21:52 PST 2005 

First:  don't start a new thready by replying to a message from an
existing one.  Your email headers will cause your message to appear in
the other (unrelated) thread.

Compose a new message and address it to list instead.

on Wed, Mar 16, 2005 at 10:19:02PM -0800, John Wojnaroski (castle at mminternet.com) wrote:
> Hi,
> 
> I'm trying to login into a remote host and have the host export the
> screen display back to my machine

Let's clarify understanding.

   You are at host 'foo'
   You are remotely logged in to host 'bar'
   You want a program on 'bar' to appear on 'foo'
 
> With "export DISPLAY=:0.0" will result in the executing program using
> the remote host display.  

Right, this will run on the existing (if any) X display on 'bar', if you
have permissions to do so, it exists, etc.

> Trying "export DISPLAY=my_ip_address:0.0"  returns something like
> "Xlib: client is not authorized to connect to server" which seems to
> indicate that something is missing or lacking on the local machine.
> Any suggestions where to look?

First:  you're not doing this right.

You want to ssh to the remote host with X11 forwarding set.  This both
sets all your DISPLAY environment settings properly *AND* tunnels the
session through an encrypted SSH session back to your local (foo)
display.

On the client side (foo):

   ssh -X bar
   <connection established>
   <run X command>

You can shortcut this to:

   ssh -Xf bar <command>

...which will set up the SSH session, the X11 tunnel, run your command,
then fork SSH to background until your X application closes.


On the server side, it's necessary to enable X11 forwarding.  Generally
in /etc/ssh/sshd_conf .  Many distros disable this by default (it's an
access/security issue, though in the grand scheme of things, a lesser
risk than many sins).


You'll also find:

  - Mark Kim's "xhost+" advice.  DON'T DO THIS.  EVER.  Google for the
    reasons, they're well known and tedious to recount.  Fortunately,
    most sane X servers don't allow this in their default sessions.

  - Most X servers don't allow remote TCP connections.  These may also
    be blocked at other stages, including IP filters and (possibly)
    tcpwrappers (not sure on last).

  - You don't have a cookie.  It's magic.  It's from a secret recipie
    sold by MIT for $50,000.  Wait, wrong chain mail....


Peace.

-- 
Karsten M. Self <kmself at ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    I  was taking my bicycle on BART one afternoon. I have a FreeBSD sticker
    on it and a woman looked at it with her head cocked and then asked me,
    "Who's BSD?"
    - Skip Evans
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://ns1.livepenguin.com/pipermail/vox-tech/attachments/20050317/5f392f9a/attachment.bin

More information about the vox-tech mailing list