Mailinglist Archive: opensuse (2348 mails)

< Previous Next >
[opensuse] Re: envvar DISPLAY not set on bash invocation fr/sshd
  • From: Joachim Schrod <jschrod@xxxxxxx>
  • Date: Tue, 01 Apr 2008 14:50:49 +0200
  • Message-id: <fstb39$828$1@xxxxxxxxxxxxx>
Sam Clemens wrote:
Joachim Schrod wrote:

Btw, it is definitively not necessary to set $DISPLAY on the local host before calling ssh, as recommended by Sam. ":0" is a perfectly good value for a local session. Your ssh client can connect to :0 fine (this is done via Unix domain sockets),


But she's not talking about ssh-ing back to the local machine..
she's using ssh to go to another host.

Yes, and she wants to use X clients on the other hosts via ssh X11 forwarding and *not* via remote X. Maybe you mix up these two situations.

ssh X11 forwarding works as follows:
-- On the remote host, sshd listens on localhost:6010 (or
following, each sshd session takes the next port). For X
clients on this host, this translates to $DISPLAY values of
localhost:10 and following (on the remote host, not on
the local host).
-- Any traffic to this port is sent to the local system via
ssh tunneling, i.e., not by remote X. The remote client
thinks it's sending its requests to an X server on the
remote client, sshd takes transparently care of forwarding
that back to the local system.
-- On the local system, ssh client receives this X traffic
and forwards them to the local X server, as designated
by $DISPLAY at the time of call. In typical workstation
sessions, this is ":0". Since the ssh client runs locally,
it has no problem at all to connect to the X server at
:0 and send them all the traffic.
-- When the X server answers, the responses are sent back
via ssh tunnelling to the remote host, where the remote
client receives it.

As an illustration:

X server
|
:0 (local) <-> ssh-client <=tunneling=> sshd <-> localhost:10
|
X client
(remote)

If you change $DISPLAY on your local host to $HOSTNAME:0, you only change that your local ssh client now talks to your local X server over TCP instead of using the direct :0 connection. For the remote X client, nothing changes at all.

The ssh client also does not suddenly get an additional capability to tunnel the X traffic just because it has to talk to the local X server via TCP instead of using a Unix socket; ssh tunneling is *independent* from the server connection type.

There are three common problems in that scenario. First, some people set $DISPLAY in their profile or bashrc. Bad idea, for obvious reasons. Second, on the local host, the ssh client config option ForwardX11Trusted might not be set to "yes". Since Linda said that she uses the same configuration, that doesn't seem to be the case. Third, the X client doesn't succeed to authenticate against the X server, because xauth fails.

Troubleshooting that problem means to check first that ssh really establishes X11 forwarding, and that is done by ssh -v.

HTH for a better understanding,

Joachim

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim Schrod Email: jschrod@xxxxxxx
Roedermark, Germany

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
References