HPE Community
Operating System - HP-UX
1757084 Members
1971 Online
108858 Solutions
New Discussion юеВ

DISPLAY Variable & ssh -X

 
SOLVED
Go to solution
Sven Bergmann
Frequent Advisor

тАО06-02-2010 05:16 AM

тАО06-02-2010 05:16 AM

DISPLAY Variable & ssh -X

hi,

i'm connected to a hp-ux machine (server a)...from a windows client via ssh/putty. x11 forwarding is working fine. on the hp-ux server i make a ssh -X to another hp-ux machine (server b). x11 forwarding doesn't work anymore.

the problem is DISPLAY=localhost:10. when i change localhost to my Client-IP the problem is solved.

can i change this behaviour permanently?? i've searched sshd_config for some options but found no solution.

i don't want to change this variable everytime i login.
0 Kudos
Reply
2 REPLIES 2
Matti_Kurkela
Honored Contributor

тАО06-02-2010 05:32 AM

тАО06-02-2010 05:32 AM

Solution

Re: DISPLAY Variable & ssh -X

DISPLAY=localhost:10 is correct when using SSH x11 forwarding.

When you change it to your client IP, you're bypassing the SSH forwarding chain entirely and making your X11 connection insecure.

There are two common causes of X11 forwarding problems:

1.) Old X11 applications (X11R5 or older, I think) might not understand "localhost" in the DISPLAY variable.

Fix: add "X11UseLocalhost no" to sshd_config on the host that runs the problematic application, restart the sshd daemon and re-connect. This will cause the value of DISPLAY variable to change to ":10 form.

See "man sshd_config" for more information.

2.) Modern SSH versions use "untrusted x11 forwarding" by default. The untrusted mode is a fairly new extension to the X11 protocol (the SECURITY extension), and older applications might not understand it.

Fix: use "ssh -Y" instead to use old-style "trusted" x11 forwarding.

If you want to set this as your default X11 forwarding method, set "ForwardX11Trusted yes" in ~/.ssh/config (for your user account only) or ssh_config (for all users).

NOTE: this is a client-side setting and must be added into the ssh client configuration files, *not* into sshd_config.

MK
MK
Reply
Sven Bergmann
Frequent Advisor

тАО06-02-2010 06:12 AM

тАО06-02-2010 06:12 AM

Re: DISPLAY Variable & ssh -X

thanks...your second tip does the trick!

i set "ForwardX11Trusted yes" in ssh_config.

the initial problem was a ignite workflow that causes an error. when i try to "create network recovery archive" via ignite gui i run into this x forwarding problem. i think this workflow is similar to a ssh -X from one machine to another (inside a existing putty/ssh-connection).

now i can make a make_net_recovery with the ignite gui (the cli-version has always been working).

thanks :)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.