Mailinglist Archive: opensuse (878 mails)

< Previous Next >
Re: [opensuse] ssh -X -C and virtualbox [solved]
On 9/9/2013 2:17 AM, jdd wrote:
Le 09/09/2013 09:59, jdd a �crit :
Hello,

I use ssh -X -C to use gui enabled applications (say xeyes to test).
This works perfectly on my hosted server (remote).

But on the same server I have a virtual server I connect to through
port 32022 (ssh -X -C -p 32022) and there if I try xeyes, I get
"display not found"

Well. My host was at first configured by my ISP to allow X11forwarding, and
the guest was not.

Then most internet pages do not know that a some time a new option become
necessary. now one have to add both:

X11Forwarding yes
X11UseLocalhost no

in /etc/ssh/sshd_config

to make the forwarding works.

done all works now


You should not need to, and possibly do not want to set X11UseLocalhost no.
That tells it to let X sessions use ALL/any interfaces.

This works because it works around another problem, but in doing so
it opens a security hole.

With X11UseLocalhost yes, X sessions can only bind to localhost.

Since you ssh into that machine, your X session need only bind to the
localhost:10 display (for the first ssh session, 11 for the next, etc).
That display (10) is routed back to where every you are sitting via
the encrypted ssh tunnel. So X11 only ever has to bind to localhost
addresses.

The root of this problem is gimpy or missing setting for
AddressFamily xxxx
Often its set to "any" which causes it to try IPV6 and then
IPV4.
But the problem is the fail-over from 6 back to 4, when there is
some segment where ipv6 is not available, can take so long that
it acts as if the session failed and it times out.

Setting AddressFamily inet tells it to run on ipv4 and that works
and will continue to work even when you have ipv6 to everywhere.

This is how I have ALL my remote servers set and it works perfectly.




--
_____________________________________
---This space for rent---
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups
References