Solved

Setting DISPLAY variable to use XHOST on a local X-server via SSH

Posted on 2004-09-07
9
680 Views
Last Modified: 2010-04-20
I have a problem - I have Redhat 9.1, and run an X-server on it.  This X-server is at localhost:0.0.  When certain SSH clients connect, they force the value of DISPLAY so they can use X-forwarding.  I want to be able to use X-forwarding at times, so I don't want to disable this.

However, I need to issue xhost + command to enable unauthenticated access to the LOCAL x-server.  To do this, I have to set the DISPLAY environment variable to localhost:0.0 then run xhost +.

The problem is, the ssh client doesn't like me doing that.  (That's what I believe the problem is).

Using fedora's terminal and running ssh (correct result):

 [root@XYZ]# DISPLAY=localhost:0.0
 [root@XYZ]# xhost +
 access control disabled, clients can connect from any host
 [root@XYZ]#

With widows SSH or pengiunet PenguiNet 2.13 http://www.siliconcircus.com/:
[root@XYZ]# DISPLAY=localhost:0.0
[root@XYZ]# xhost +
xhost:  unable to open display ""
[root@XYZ]#

To summarise:
I want to disable access control on an x-server at localhost:0.0, via SSH, without disabling X-forwarding.
0
Comment
Question by:vincevincevince
9 Comments
 
LVL 23

Accepted Solution

by:
Mysidia earned 250 total points
ID: 11994555
Try

env -i -- DISPLAY=localhost:0.0 XAUTHORITY=~/.Xauthority /usr/X11R6/bin/xhost +
0
 
LVL 38

Expert Comment

by:yuzh
ID: 11994580
If your ssh was setup correctly with X-forwarding enable, when you ssh login to a remote
host the DISPLAY should automatically set.

otherwise, from boxA ssh to boxB,  when you ssh login to box B, you need to do:

DISPLAY=boxA-IP:0.0
export DISPLAY
0
 
LVL 1

Author Comment

by:vincevincevince
ID: 11994827
Mysidia, I will try that as soon as I can get hold of a windows machine, thanks.
Yuzh, you may be misunderstanding me - it's not that I have problems with X forwarding, that works fine, it's that I can't run an xhost command for the server's X-server, because the ssh client (I guess taht's the problem) won't let me change the DISPLAY environment variable.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 2

Expert Comment

by:Sunjith
ID: 11995240
Hi vince,
 Try export instead of simply setting the variable as follows:
========
[root@XYZ]# export DISPLAY=localhost:0.0
[root@XYZ]# xhost +
========
0
 
LVL 40

Expert Comment

by:jlevie
ID: 11996263
If X forwarding is working why do you need to disable authention? Is it because you log in to the remote as one user and can't use X applications if you su to some other user (like root)? The solution there is to enable sudo access for your account and do 'sudo some-X-app', or ssh in as the user you need to be (ssh root@remote).

From a remote connection you can't connect to localhost:0.0 because that display is not owned by the logged in user. You can execute an 'xhost +localhost' without ftuzing with DISPLAY, but that won't help with the authentication problem if you switch users within that session because of the way X forwarding works.
0
 
LVL 1

Author Comment

by:vincevincevince
ID: 12003646
"If X forwarding is working why do you need to disable authention?"
I think you misunderstand slightly.  I use X-forwarding for using X applications remotely.  I also use certain X applications 100% serverside via scripts which require an X server for some rendering.

This means I have to have a local X server running (localhost:0.0) AND X forwarding of a different server.  i.e two X servers.

The problem comes when I need to give scripts access to the local X-server.  These scripts are mostly php.  For these to run, I need to disable authentication ... on the local X-server only.

Many thanks for your help thus far, today I test all comments submitted on the server.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12003776
So you are remotely accessing the box via ssh? Unless there's someone logged in on the console and running x localhost:0.0 won't exist.

Unless you are trying to invoke an X application from PHP your script won't need a running X server to execute. What are you doing within the PHP script that needs X?
0
 
LVL 1

Author Comment

by:vincevincevince
ID: 12004195
To create a running X server even when nobody is logged into the console I start the X server and background it.

I need an X server to use kwebdesktop.
0
 
LVL 1

Author Comment

by:vincevincevince
ID: 12004285
#1 from Mysidia was spot on.   I placed that command within the following short script, and all now works well:

startx &
env -i -- DISPLAY=localhost:0.0 XAUTHORITY=~/.Xauthority /usr/X11R6/bin/xhost +
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
wipe a usb using python 5 65
How to make a Bash alias that takes parameters 5 74
awk to variable in bash 2 75
Apache LDAP Authentication 20 34
If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question