X11 tunnelling through SSH from Fedora 3 server to Windows Vista client fails to work

Question

Okay, I've tried using Xming and PuTTY, as well as Cygwin/X and Cygwin ssh, and it is not working.

I've been able to run X applications locally, so it's not a client-side X problem.

I've connected to the server using

ssh -X user@server

and ended up with this:

local-user@client: ~$ ssh -X user@server
user@server's password:
Last login: Sun Jul 19 15:26:46 2009 from 192.168.100.147
 [user@server ~]$  xclock &
[1] 27770
[user@server ~]$ Error: Can't open display: localhost:10.0    

[1]+  Exit 1                  xclock
[user@server ~]$
[user@server ~]$

Here's the relevant snippet of my sshd_config

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

I can't seem to find ssh_config on the client-side. /etc/ssh doesn't exist.

Answer 1

Did you modify your PuTTY settings; Once you have entered your server name or ip-address, change the SSH -> X11 settings: Check the "Enable X11 forwarding" box, and type localhost:0 into the "X display location". Don't forget to go back to "Session" and save your changes.

Answer 2

Or ... just use NoMachine's software which always uses compressed X over SSH. Only an RPM install away.

Answer 3

If your local X server works fine and listens on local network socket (should be doing it on port 6000, check it!) you can manually forward the connection.

I'm assuming here that there's no X server running on the server.

Forward localhost port 6000 from the server (so that SSH would listen on port 6000 on the server) to local port 6000. After connecting do:

export DISPLAY=:0
xclock

you should get the xclock from the server shown on your local X server.

Answer 4

Rerun ssh but with the -v flag as well. It is possible that sshd on the remote side can't find xauth to set your mit magic cookie for X authentication.

Answer 5

I am not familiar with Windows X servers. But the following two points are generic to any X server.

1. I have encountered a situation when the X server is configured to not listen TCP connections. In this case ssh is not able to forward the X connection. Could you check
   that port 6000 is open in the machine where you run the X server. (In Linux this could be done with

   sudo netstat -antp | grep 6000

   I do not know if it works in Cygwin as well?)

2. Maybe the X server is refusing connections unless you tell it is safe. (In Linux/Unix X11 server this can be done with

   xhost +hostname

   where 'hostname' is the host name you want to allow access to your X server.)

3. The previous mention of using -v (maybe multiple times) for ssh is worth diamonds to find what is going wrong.

Answer 6

Fedora 11 fix

sudo vim /etc/gdm/custom.conf

Your file should have following lines (there may be other lines so leave them be)

[xdmcp]

[security] DisallowTCP=false

then restart X. It works...you might need to tweek your firewall though

Answer 7

You probably want to use -Y rather than -X. Basically this sets up the trust properly (details from the ssh man page below).

-X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file.

X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user’s X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring.

For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions by default. Please refer to the ssh -Y option and the ForwardX11Trusted directive in ssh_config(5) for more information.

-Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls.

Answer 8

You might want to take a look at using Xvnc. On Fedora you can choose to start several X Desktops that you can easily connect to and detach from at any time. One downside might be that you have an X desktop running all the time. If absolute performance is an issue, then think again (but hey, if it's idle for some time, the kernel will swap that out to disk anyway). A nice benefit however, is that you can start a task (in a gnome app, or in a terminal) and disconnect while it's still running. You can connect at anytime with any vnc viewer (using portforwarding for added security) to monitor it's progress.

Answer 9

I am assuming the question to be "X11 tunnelling through SSH to Fedora 3 server from Windows Vista client fails to work". (Interchanged to and from)

In that case have a look at my answer and even other people answers at Remote-desktop into Ubuntu 9.04 from a Windows PC.