From owner-freebsd-questions Thu Dec 19 15: 6:58 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A8B3237B401 for ; Thu, 19 Dec 2002 15:06:55 -0800 (PST) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95BEF43EDA for ; Thu, 19 Dec 2002 15:06:54 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.6/8.12.6) with ESMTP id gBJMixQn086137 for ; Thu, 19 Dec 2002 22:44:59 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.6/8.12.6/Submit) id gBJMis8K086136 for questions@FreeBSD.ORG; Thu, 19 Dec 2002 22:44:54 GMT Date: Thu, 19 Dec 2002 22:44:54 +0000 From: Matthew Seaman To: questions@FreeBSD.ORG Subject: Re: Running X-clients on remote hosts. Message-ID: <20021219224454.GA85773@happy-idiot-talk.infracaninophi> Mail-Followup-To: Matthew Seaman , questions@FreeBSD.ORG References: <20021219184204.I958-100000@aqua.lan.palfreman.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021219184204.I958-100000@aqua.lan.palfreman.com> User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-3.0 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_02_03, USER_AGENT,USER_AGENT_MUTT version=2.43 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Dec 19, 2002 at 07:07:49PM +0000, William Palfreman wrote: > How can I allow Xfree86 to listen for network connections again? I > certainly used to have no problem doing this, and I don't see anything > about this specific and probably very simple problem in the handbook or > googling. > > I'm running an X server on my workstation (Xfree86 4.1) on my > workstation (FreeBSD 4.6.2-p3) and I wan to have X-clients connect from > other machine, for example xload. > > So, on logged into the remote host (using bash) I enter > "export DISPLAY=wks:0" and on my workstation I enter "xhost +". Then on > the remote host I enter "xload &" and all I get is "Error: Can't > open display: wks:0" > > Then, if I go to a virtual terminal on my workstation (i.e. press > ctrl-alt-F3) and enter "export DISPLAY=wks:0" then "xhost +" I get > 'xhost: unable to open display "wks:0"'. If I replace the > (DNS-valid) hostname with localhost exactly the same thing happens. > > I've tested this from a friend's Windows 98 box which has Hummingbird > Exceed installed on it, and there is no problem running X-clients on > it, by sshing in and doing "export DISPLAY=ant:0". So I know the > problem is with my workstation's X server. > > So what should I do to make X network aware? It currently only seems to > work as "export DISPLAY=:0" Seems you're running the X server with the '-nolisten tcp' flag. If you examine the output of 'netstat -na' do you see anything listening at port 6000 ? Lack of anything listening there confirms the diagnosis. How to make X listen on the network depends on how you start the X server. If you use startx(1), then you just need to invoke it as: startx -listen_tcp Otherwise, if you use xdm(1) then you need to edit /usr/X11R6/lib/X11/xdm/Xservers and remove the '-nolisten tcp' flags: --- Xservers.orig Thu Dec 19 22:25:16 2002 +++ Xservers Thu Dec 19 22:25:30 2002 @@ -10,4 +10,4 @@ # look like: # XTerminalName:0 foreign # -:0 local /usr/X11R6/bin/X -nolisten tcp +:0 local /usr/X11R6/bin/X and then hit Ctrl-Alt-Bksp to make xdm(1) restart. However, be warned. Sending X traffic across the network unencrypted is at least as bad securitywise as using plain text protocols like rsh(1) or telnet(1): maybe worse --- it's very easy to forget yourself and type a root password into an xterm(1) session on a remote host. The secure alternative is to use ssh's ability to tunnel X protocol over an encrypted channel. Simply add: Host remote.server.name ForwardX11 yes to either $HOME/.ssh/config (your account only) or /etc/ssh/ssh_config (system wide default), and make sure the remote system hasn't had X11 forwarding turned off in /etc/ssh/sshd_config (default is to allow it). Now, when you log in you should find that you get a $DISPLAY variable automatically set to something like: localhost:10.0 where the sshd is listening on port 6010 pretending to be a local X server, but in reality forwarding everything over an encrypted tunnel to your desktop. (Make sure that your .login / .cshrc or .profile or .bashrc or whatever initialization files your shell uses don't set $DISPLAY for themselves or this won't work.) Fire up xterm or some other X program, and it should display fine, even without enabling your local workstation to listen for X connections on the network. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message