Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

X11 Forwarding on a Headless Linux Box

916 views
Skip to first unread message

Chris Wells

unread,
Dec 8, 2001, 1:30:16 AM12/8/01
to
Hi,

I've got a co-located linux box that I'd like to get SSH X forwarding
working on. This was originally a non-x machine and I'd like to keep
it as minimalist as possible so I installed just enough packages from
the RedHat disk to get exported displays working. Now, I've tried to
get X11 Forwarding working and it looks like I have to have an xserver
running on the server itself to make everything 'work'. So, my
questions is, what do I need to setup to get an xserver on this
coloc'd box so ssh can do it's thing?

Thanks,

Chris

Richard E. Silverman

unread,
Dec 8, 2001, 3:41:34 AM12/8/01
to

You do not need an X server on the remote host; all you need is xauth.

--
Richard Silverman
sl...@shore.net

Nico Kadel-Garcia

unread,
Dec 8, 2001, 11:46:13 AM12/8/01
to

"Richard E. Silverman" <sl...@shore.net> wrote in message
news:m1lofla...@syrinx.oankali.net...

Yeah, but if you follow the dependencies, xauth demands XFree86-libs and
maybe other packages. Of course, this way lies madness if you try to follow
the maze of twisty little dependencies, all different, especially if you're
using RedHat.

Do a *forced* installation of the xauth and XFree86-libs packages: see if
that works. You may have to do a "forced" installation of just those
packages.


Hartmut Wziontek

unread,
Dec 21, 2001, 4:58:51 AM12/21/01
to Chris Wells
hi,

just searched the newsgroup because i have the same problem
as chris had.
on a "headless" machine i've installed some parts of X11
(xauth and some libraries), but I could not get x11-forwarding
to work. starting any x-app results in the following message:

Can't open display: host:10.0

but xauth seems to work properly.
x11-forwarding is enabled in /etc/ssh/sshd_config, the
configuration at all is just the same as on other machines,
where the forwarding is working without problems.

found anyone a solution in the meantime?

openssh-2.9.9p2-73
xf86_3x-3.3.6-73 / xf86-4.0-71

on a linux 2.2.16 box (SuSE 7.0)

thanks

hartmut

ni...@nospam.demon.co.uk

unread,
Dec 21, 2001, 12:05:46 PM12/21/01
to
Hartmut Wziontek <h...@mca.bv.tu-berlin.de> wrote:
> on a "headless" machine i've installed some parts of X11
> (xauth and some libraries), but I could not get x11-forwarding
> to work. starting any x-app results in the following message:
>
> Can't open display: host:10.0
>
> but xauth seems to work properly.
> x11-forwarding is enabled in /etc/ssh/sshd_config, the
> configuration at all is just the same as on other machines,
> where the forwarding is working without problems.
>
> found anyone a solution in the meantime?

As always with ssh problems, what do you get out of ssh -v on the client,
and sshd -d on the server? Read up on that sshd -d option before you use it
btw.

--
"Anyone with the naivety to run IIS is, IMHO, automatically suspect when it
comes to doing anything technical, such as setting a clock."

Chris Wells

unread,
Dec 21, 2001, 3:18:10 PM12/21/01
to
Hartmut,

I get the same error.. It honestly seems like there needs to be an
xserver running on the server box itself to handle the connection
between x & ssh on the server side but I couuld be wrong.. I'm
assuming if this box had x running via a startx that the export would
work.. but i could be wrong there too. anyone know?

Chris

ni...@nospam.demon.co.uk

unread,
Dec 24, 2001, 7:25:44 AM12/24/01
to
Chris Wells <clw...@pobox.com> wrote:
> I get the same error.. It honestly seems like there needs to be an
> xserver running on the server box itself to handle the connection
> between x & ssh on the server side but I couuld be wrong.. I'm
> assuming if this box had x running via a startx that the export would
> work.. but i could be wrong there too. anyone know?

From personal experience I *know* you don't need an xserver running to
export X session from or through a host. However you do need some of the
relevant programs, and I think that means more than just xuath.

As I say, use ssh -v on the client and -d on the server to pin down the
problem. But reading up on -d first so you don't kill the sshd on a
headerless box :)

Richard E. Silverman

unread,
Dec 25, 2001, 7:30:39 PM12/25/01
to

> on a "headless" machine i've installed some parts of X11
> (xauth and some libraries), but I could not get x11-forwarding
> to work. starting any x-app results in the following message:
>
> Can't open display: host:10.0
>
> but xauth seems to work properly.

This indicates that X forwarding has been set up (since sshd set the
DISPLAY variable), but that the X client can't connect to the SSH X proxy
socket. Perhaps the name "host" does not refer correctly to the remote
host? Verify with netstat -a, lsof, etc. that sshd is listening on port
6010 (in this case). Then check (using strace, ktrace, etc.) what the
client is doing to connect; sometimes there are snafu's whereby Xlib tries
some IPC mechanism instead of TCP.

--
Richard Silverman
sl...@shore.net

Richard E. Silverman

unread,
Dec 25, 2001, 7:31:38 PM12/25/01
to
>>>>> "Chris" == Chris Wells <clw...@pobox.com> writes:

Chris> Hartmut, I get the same error.. It honestly seems like there
Chris> needs to be an xserver running on the server box itself to
Chris> handle the connection between x & ssh on the server side

sshd acts as an X proxy for forwarding -- it listens on a socket indicated
by the DISPLAY variable it sets, and forwards the X traffic.

--
Richard Silverman
sl...@shore.net

Hartmut Wziontek

unread,
Jan 7, 2002, 10:55:10 AM1/7/02
to
> This indicates that X forwarding has been set up (since sshd set the
> DISPLAY variable), but that the X client can't connect to the SSH X proxy
> socket. Perhaps the name "host" does not refer correctly to the remote
> host? Verify with netstat -a, lsof, etc. that sshd is listening on port
> 6010 (in this case). Then check (using strace, ktrace, etc.) what the
> client is doing to connect; sometimes there are snafu's whereby Xlib tries
> some IPC mechanism instead of TCP.

Sorry for my late reply:

a) "host" does refer to the remote host correctly.

b) ssh -v tells me

...
debug1: Requesting pty.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting shell.
debug1: Entering interactive session.

c) netstat -a gives the following:

tcp 0 0 *:ssh *:* LISTEN

I think this should include port 6010 too.

d) from strace I've learnt that connect fails after opening the
socket-connection with TCP and reading some Xlibs, libs and
config-files (/etc/resolv.conf, /etc/nsswitch.conf, /etc/ld.so.cache,
/etc/host.conf, /etc/hosts)
I compared those config-files (if possible) with those of another machine,
where X11-forwarding functions - but no difference!

socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
setsockopt(3, IPPROTO_TCP1, [1], 4) = 0
...
connect(3, {sin_family=AF_INET, sin_port=htons(6010), sin_addr=inet_addr("130.xx
x.xxx.xxx")}}, 16) = -1 ENOBUFS (No buffer space available)
...

For my regret I'm not very familar with this kind of debugging, so it's hard
for me to decide what is the reason for the problem.

Also I configured the X-Server completely, since on another machine without
running but configured X-Server forwarding is working fine. But the situation
did not changed :(

Thank's

Hartmut

Per Hedeland

unread,
Jan 9, 2002, 6:48:35 PM1/9/02
to
In article <3C39C4DE...@mca.bv.tu-berlin.de> Hartmut Wziontek

<h...@mca.bv.tu-berlin.de> writes:
>
>d) from strace I've learnt that connect fails after opening the
> socket-connection with TCP and reading some Xlibs, libs and
> config-files (/etc/resolv.conf, /etc/nsswitch.conf, /etc/ld.so.cache,
> /etc/host.conf, /etc/hosts)
> I compared those config-files (if possible) with those of another machine,
> where X11-forwarding functions - but no difference!

Side note: socket() doesn't "open the connection", it just creates and
endpoint - connect() is what actually makes the connection.

>socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
>setsockopt(3, IPPROTO_TCP1, [1], 4) = 0
>...
>connect(3, {sin_family=AF_INET, sin_port=htons(6010),
>sin_addr=inet_addr("130.xx
>x.xxx.xxx")}}, 16) = -1 ENOBUFS (No buffer space available)
>...
>
> For my regret I'm not very familar with this kind of debugging, so it's hard
> for me to decide what is the reason for the problem.

From 'man errno' on my FreeBSD system (the Linux man page I checked was
useless as usual):

55 ENOBUFS No buffer space available. An operation on a socket or pipe
was not performed because the system lacked sufficient buffer
space or because a queue was full.

So, it seems something is amiss with your OS/kernel, perhaps some limit
needs to be raised - but it's unlikely that it has anything to do with
ssh. If the problem was *only* that sshd wasn't listening on port 6010,
you should get ECONNREFUSED instead:

61 ECONNREFUSED Connection refused. No connection could be made because
the target machine actively refused it. This usually results
from trying to connect to a service that is inactive on the for-
eign host.


--Per Hedeland
p...@bluetail.com

0 new messages