0

I have a very small lab network with three boxes: a modern x86-based RHEL3 box, an x86-based RHEL5 box, and a 1998-vintage SPARC Ultra5 with Solaris 8. I can use ssh -X to run a program on the RHEL5 box and view the windows on the RHEL3 box. I believe this uses xauth and magic cookies?? I have followed the X-Windows HOWTO to set up xauth on the Solaris box, but so far no dice. I would like to be able to use the X-windows server on the RHEL3 box with a client program on the Solaris box (program running on Solaris host, windows appearing at Linux host). Is there a trick to this, or have I made a mistake following the instructions for setting up xauth and magic cookie?

joshxdr
  • 257
  • 3
  • 15

1 Answers1

2

There are two options: xauth + magic cookies, where you set the DISPLAY variable to the host you want to see the gui on:

from client-machine ssh to server-machine,

export DISPLAY=client-machine:0
xterm

On the other hand, a much better and easier solution is using the -X option for ssh. This sets up an automatic tunnel for forwarding the X connection. You'll see your DISPLAY variable has already been set upon ssh to the localhost with a high display number: usually around 10.

However, you must enable X forwarding. As I recall, it is disabled by default on solaris. Go into your sshd_config and ensure you have it enabled.

P.S. You may find it useful to know that while the solaris ssh client only uses -X, the standard linux client also has -Y for trusted connections. This means that for some applications, only -Y will work (I've had issues with Java GUIs)

Michael Lowman
  • 3,604
  • 20
  • 36
  • I have two config files for openssh on my old Solaris box: ssh_config and sshd_config. In both files, everything is commented out which makes me think the real setting is somewhere else. Any recommendations? – joshxdr Jan 05 '11 at 15:14
  • /etc/ssh/ssh_config is where default settings for the client live: if you enable X forwarding there, then it's enabled even when you don't use -X on the command line. /etc/ssh/sshd_config is the server config. Everything is commented out to show you the default values and possible entries, but all are active. Change #X11Forwarding no to X11Forwarding yes. Restart sshd and your problem is fixed :) – Michael Lowman Jan 05 '11 at 15:18
  • P.S. Sometimes it's in `/etc/sshd_config`. Depends on the operating system, and I don't have a Solaris machine handy – Michael Lowman Jan 05 '11 at 15:24
  • On the Solaris box I changed X11Forwarding to yes in sshd_config and uncommented. Then I restarted sshd. This did NOT work. At Solaris box, I can see windows from app on Linux box by typing @Solaris>ssh -X, but the other way does NOT work, i.e. @Linux>ssh -X Solaris. When I do this and type @Solaris>echo $DISPLAY there is nothing there. – joshxdr Jan 05 '11 at 15:41
  • 1
    can you check your syslog? you may be experiencing [this bug](http://spiralbound.net/2008/06/03/x11-forwarding-broken-on-solaris) – Michael Lowman Jan 05 '11 at 15:56
  • I have this error in /var/adm/messages: Jan 5 10:37:28 stealth6 sshd[8976]: [ID 800047 auth.error] error: Failed to allocate interne t-domain X11 display socket. – joshxdr Jan 05 '11 at 17:03
  • there you go, so that's precisely the bug you're experiencing. According to that site, you should update socfs. Unfortunately I don't believe Oracle will allow this any more without a support account; the workaround is to add a `Listen` directive for an IPv4 address (either 0.0.0.0 for all addresses or a particular IP on your machine) and edit `/lib/svc/method/sshd` to include -4 on the start command line. – Michael Lowman Jan 05 '11 at 17:09
  • btw... I would suggest reversing any `xhost +`, etc. X11 forwarding is secure; that isn't, and leaving it open would be a security hole. – Michael Lowman Jan 05 '11 at 17:11
  • Thanks Michael! That was it! I added -4 to my sshd startup script: /usr/local/sbin/sshd -4. Now I can see windows when I use ssh -X. Great hint! – joshxdr Jan 05 '11 at 17:22