SUMMARY: Tunnelling X11 via ssh

From: Jana Dunn <jana_at_scsr.nevada.edu>
Date: Tue Oct 21 2003 - 19:30:18 EDT
Sun Managers,

Last week I posted to sunmanagers about a problem tunnelling X11 through
ssh.  In short, when I ssh'd to the server, the "proxy" display variable
wasn't set.

I figured it was a configuration problem with my Suns, and I was right.

I had compiled ssh (from http://www.ssh.com, version 3.2.5, non-commercial
version) from source code; when I initially ran the ./configure, it did
not find the appropriate X-related files and so didn't include them in. In
the configure output, I had "checking for X ... no"  And then nothing
listed in the summary for X libraries or X includes.

I'll admit I hadn't read the configure output when I'd initially installed
ssh; I did

 ./configure
 make
 make install

I *did* have X libraries installed on the system; configure just couldn't
find them.  By adding some echos into "configure", I found it that the
"find X" portion of configure indirectly uses /usr/ccs/lib/cpp; I have
(had) a copy of cpp in /usr/local/bin, but this utility was looking
for/using this particular copy of cpp using the full path name.  The
"can't execute"  error message goes to /dev/null when configure runs.

I also had a very incomplete set of X include files.

So, the solution is/was to install X headers (SUNWxwinc), cpp (SUNsprot),
and the list of X-related packages (nearly all of which I already had
installed) given to me by Sun Support (see below). Then I removed the
configure cache for ssh and reconfigured and recompiled.  The client end
works now; I'll probably be working on the server end tomorrow.

----------------------

Other problems that someone else might have, but I DIDN'T have:

Make sure that xauth is in your/configure's path when you run configure or
put the path to xauth in ssh's configuration file.
(I had xauth in the path)

Make sure you have X forwarding enabled:
(I did this)

On the system where the Xserver runs (i.e. the display machine)
in /etc/ssh2/ssh2_config:
     ForwardX11                      yes

On the remote machine:
in /etc/ssh2/sshd2_config:
        AllowX11Forwarding              yes

If you compiled ssh with tcpwrappers support, make sure
that /etc/hosts.allow allows the traffic. (I didn't have tcpwrappers
compiled in.)

Check the flags you use for ssh.  Based on the responses I received,
it looks like OpenSSH uses '-X' to mean ENABLE X11 forwarding;
the version of ssh I am using uses '-X' to mean DISABLE X11 forwarding.
I was using +x and +X.

Here is a man page chunk for this version of ssh:

     +x   Enable X11  connection  forwarding  (default).  If  X11
          SECURITY  extension  is  compiled  in, treat the client
          applications as untrusted (the effects of  this  depend
          on     your    Xserver's    security    policy).    See
          TrustX11Applications in ssh2_config(5)  for  additional
          details.

     +X   As above, but the client applications  are  treated  as
          trusted.

     -x   Disable X11 connection forwarding.


Here's the list of x-related packages given to me by Sun Support.
This is for Solaris 2.8.

SUNWowbcp
SUNWxwrtl
SUNWxwslb
SUNWxwplt
SUNWxwplx
SUNWxwrtx
SUNWxwpmn
SUNWmfrun
SUNWdtjxt
SUNWdtbax
SUNWolrte
SUNWxwopt
SUNWxwicx
SUNWxwice
SUNWxwslx

SUNWxwinc (include files)
SUNsprot (cpp)

Sun's info on X11 support:
http://docs.sun.com/db/doc/806-1363?q=%22X11%22

---------------

Other resources:

ssh FAQ:
http://www.uni-karlsruhe.de/~ig25/ssh-faq/

Secure Shell Knowledge Base (very basic instructions):
https://support.ssh.com/rqcustomer/servlet/login

 1749  How to forward X11 applications on UNIX
 1750  How to forward X11 applications using Windows client?
 1751  How to forward X11 applications after su to root?

------------------------------------------------------
 Jana Dunn
 Telecom Analyst
 SCS Telecom Engineering
 University and Community College System of Nevada
 Support Center: 775-784-HELP
 jana@scsr.nevada.edu

 http://netstats.scsr.nevada.edu/index.html
-------------------------------------------------------
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Oct 21 19:30:12 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:20 EST