X11 forwarding question


#1

What is the best way to connect to X11 running on my remote unix box from my Mac? I’ve tried “ssh -2 -X remotemachine -l username” but I keep getting the error “Warning: No xauth data; using fake
authentication data for X11 forwarding.” I googled this error and don’t seem to fully understand any of the solutions. X11 forwarding is enabled on the remote machine. Do I need to have X11 installed on the Mac?


#2

From the man pages for the ssh_config
ForwardX11
Specifies whether X11 connections will be automatically redi-
rected over the secure channel and DISPLAY set. The argument
must be yes'' orno’’. The default is ``no’’.

         X11 forwarding should be enabled with caution.  Users with the
         ability to bypass file permissions on the remote host (for the
         user's X11 authorization database) can access the local X11 dis-
         play through the forwarded connection.  An attacker may then be
         able to perform activities such as keystroke monitoring if the
         ForwardX11Trusted option is also enabled.

Check your ssh config file set ForwardX11 to yes

check your auth file and its location
XAuthLocation
Specifies the full pathname of the xauth(1) program. The default
is /usr/bin/X11/xauth.

in the sshd_config (server)

check if xserver forwarding is enabled
more from the man pages. I havnt done this before but check those things in your config. and let me know what it says or post your configs.

X11UseLocalhost
Specifies whether sshd should bind the X11 forwarding server to
the loopback address or to the wildcard address. By default,
sshd binds the forwarding server to the loopback address and sets
the hostname part of the DISPLAY environment variable to
localhost''. This prevents remote hosts from connecting to the proxy display. However, some older X11 clients may not function with this configuration. X11UseLocalhost may be set tono’’ to
specify that the forwarding server should be bound to the wild-
card address. The argument must be yes'' orno’’. The
default is ``yes’’.

 XAuthLocation
         Specifies the full pathname of the xauth(1) program.  The default
         is /usr/bin/X11/xauth.

#3

He’s not talking about tunneling X through ssh, he’s just talking about running an X11 server on his Mac to display stuff running on the BSD box.

X11 should already be installed, if not, it’s right here:

apple.com/macosx/features/x11/

Start it up, start an xterm. Use that to ssh over to your BSD box.

export DISPLAY=ip.address.of.your.mac:0.0

run something (like another xterm or mozilla)

xterm &

If it gives you permission errors, you need to play with xhost on the Mac side.

The Mac is the server, the BSD box is the client, keep that in mind when reading documentation, since it’s the opposite of what you’d think.


#4

Pardon the big screenshot, but here’s my iBook’s screen a few minutes ago, just to demonstrate:

http://hackingthemainframe.com/coppermine/albums/userpics/10002/x11screenshot.jpg

You got Mac OS X running, with the normal apps (Safari, in this case), then X11 server running on the iBook, with a single xterm open. Using the xterm, I ssh to my linux box, and tell it that the X11 display is located on the iBook’s IP address. Then any program I run (mozilla for example) will show up on the Mac’s screen.

For good measure, I have Windows XP running in the background there, installing some updates remotely.


#5

WHat is the pourpose of this ? If i may ask ?


#6

Same thing as Remote Desktop Client or PCAnywhere, but for unix.

Sort of what we’ve been using for 20 years or so, before Microsoft “invented” Remote Desktop.


#7

Heres a nifty little package

rdesktop.org/

I cant seem to find the server anymore :frowning:


#8

I’m still working on this. I’ve installed x11 onto my imac. But I have set up Firefox on my openbsd box…and I’m posting from it now…cool. (Isaac is wigging out in my arm…computers and babies don’t always mix…he wants to eat the key board, I think.) :smiley:


#9

so your remote desktop into your bsd box from your imac Using X11


#10

That’s what i’m working on.


#11

Thanks MiG…I got it working. (this time I’m posting using Firefox via my iMac…it looks far better on the iMac than the BSD box). I only made one change to your instructions…I used setenv for export, export didn’t work…probably because I’m running a different shell.


#12