ssh -X shop problem...

[Gene Heskett]

On Monday 27 November 2006 11:37, Gordon Messmer wrote:
>Gene Heskett wrote:
>> Tonight I thought I'd play with emc2 a bit, but since updateing this
>> machine to FC6, somethings gone fubar in the X11 forwarding.  Here is
>> whats been executed to get to the failure:
>>
>> ---------
>> [root at coyote amanda]# xhost +192.168.71.4
>> 192.168.71.4 being added to access control list
>> [root at coyote amanda]# su gene
>> [gene at coyote amanda]$ ssh -X shop
>> gene at shop's password:
>> Warning: No xauth data; using fake authentication data for X11
>> forwarding.
>
>This is the key error... When you "su" to gene on the X terminal, you've
>become a user who doesn't have access to the session's X credentials.
>"gene" can't run X applications on the local system at that point, and
>neither can he forward X over ssh.

Ok, but today, I logged in as gene (init=5 or whatever the gui login is on 
kubuntu, and ran it from the local keyboard out there long enough to 
carve a blast shield out of brass plate to deflect the ignition blast 
away from the bottom of the scope mounted on a T-C Black Diamond 50 
calibre black powder rifle.  So what I'm saying is that there was no X 
server running on that box until I logged in, yet the forwarding worked 
well when I ssh -X gene$shop as root here.  So you are correct in that I 
don't understand it at all well.

>Since you've used xhost to add permission to something other than
>localhost, you probably misunderstand how X forwarding works.  Under
>classic conditions, you'd use xhost to allow access from a remote host,
>such as you've done.  Then you'd telnet to that system and set the
>DISPLAY variable to your X terminal and run your application.  When
>forwarding X, you don't need to do either of those things.  ssh uses
>your .Xauthority file on the local system, creates an .Xauthority file
>on the remote system, and sets the DISPLAY variable automatically.  When
>you run an X application, it uses the .Xauthority file that ssh created
>to authenticate itself to ssh, ssh forwards its traffic to your X
>terminal over the ssh connection, and uses your original .Xauthority
>file to authenticate to your X server.  Since the application connects
>from localhost, through ssh, your xhost command doesn't accomplish
> anything.

I wondered about that in the past, so I'll pull that back out of rc.local 
just for test the next time I reboot this box.

>You have two options.  First, and most simple, just run ssh as the user
>that you're logged in as:
>
>ssh -X gene at shop

Which works well.

>You'll then be able to run applications on shop, and display them
> locally.
>
>If you have some reason to do otherwise, you'll have to use xhost to
>allow connections from anyone on localhost:
>
>xhost +localhost
>su gene
>ssh -X shop

And this would also work?  Kewl.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.