X refusing remote connections.

[James Hinchey]

I have an installation of Fedora Core 2 which is refusing remote X
sessions. Even after setting "xhost +" on my local machine and
setting the DISPLAY variable on the remote computer, I still get:

Error: Cannot open display

It may be a coincidence, but this seems to have started with the
change to X.org. Any suggestions would be welcome

Thanks
James Hinchey

[J.O. Aho]

It's just coincident that the change of security and change over to xorg
happened on the same time. Sorry I don't use FC2, so I can't help you with
that, but you could try to check out the FC1/RH9 XFree86 setup to see the
difference in the setup of security.

//Aho

[Juhan Leemet]

These days it might be good practice to avoid the totally wide open "xhost
+"? It is really easy to set up ssh X tunneling. All it takes is setting
an X tunneling configuration parameter in each ssh(d) conf file. Works
great! It transparently tunnels the X traffic back to the user machine.

--
Juhan Leemet
Logicognosis, Inc.

[James Hinchey]

I agree completely, but our system administrators refuse to set up
sshd. For some reason I can't comprehend they seem to think that ssh
is a security problem, but running rsh or telnet isn't. Ordinarily, I
would not use "xhost +", but rather use xhost with the specific remote
system name, but that doesn't work either so I tried the more general
approach.

Juhan Leemet <ju...@logicognosis.com> wrote in message news:<pan.2004.10.26....@logicognosis.com>...

[Charles Philip Chan]

James Hinchey wrote:

> I agree completely, but our system administrators refuse to set up
> sshd. For some reason I can't comprehend they seem to think that ssh
> is a security problem, but running rsh or telnet isn't.

Wow, I am speechless- I haven't seen such clueless admins. Anyway xhost+ is
a security risk, you should consider using xauth. Here is a mini howto:

http://www.xs4all.nl/~zweije/xauth.html

Charles

[Amit Aronovitch]

Another thing to check is your xdm (or gdm or kdm - whichever you use)
config file (somewhere in /etc/ - depending on distro)

Modern distro's default *dm config files tend to start X with the
"-nolistentcp" option
(that's because nowadays majority of users eiter don't run remote X apps or
use ssh tunneling - with ssh tunneling X calls are done locally by sshd - so
server does not need to listen to remote connection).

If this is the case, and you don't have write perms to you xdm config file,
login at a text-mode linux console (CTRL+ALT+F1), and start a personal X
server manually:

~ $ X :1 &
This will start a new X instance on the next available vc - will also go to
graphics mode.
Go back to your console (CTRL+ALT+F1), and make sure you find out how to
switch to your new X & back. Usually X vc's start from F7, which is already
taken by XDM. Your new X would probably be in either CTRL+ALT+F8 or F9 (some
distros use F8 vc for logging, some don't).

Now you need to start some X apps and a WM
~ $ export DISPLAY=:1
~ $ xterm &
Switch back to your X, and you should see the new xterm. Use it to start
your favorite window-manager (wmaker, twm, etc. for using Gnome/KDE the
typical command names are startkde/startgnome/kde-session/gnome-session).
Also use it to do xhost + .

Note: Always make sure to set DISPLAY to the number of your new server (:1
in this example) before starting an X app. Another option is adding -display
:1 to the application's command-line. e.g.

mylogin@localhost ~$ xhost +
mylogin@localhost ~$ ssh remotehost
Password:
Welcome to RemoteHost
you have 1 new mail message
mylogin@remotehost ~$ xterm -display localhost:1 &

(note: this example uses direct X protocol - not ssh tunneling. Whatever you
type in the newly open xterm will pass plain on the network)

"J.O. Aho" <us...@example.net> wrote in message
news:2u76hvF...@uni-berlin.de...