Solved

Setting DISPLAY variable to use XHOST on a local X-server via SSH

Posted on 2004-09-07
9
635 Views
Last Modified: 2010-04-20
I have a problem - I have Redhat 9.1, and run an X-server on it.  This X-server is at localhost:0.0.  When certain SSH clients connect, they force the value of DISPLAY so they can use X-forwarding.  I want to be able to use X-forwarding at times, so I don't want to disable this.

However, I need to issue xhost + command to enable unauthenticated access to the LOCAL x-server.  To do this, I have to set the DISPLAY environment variable to localhost:0.0 then run xhost +.

The problem is, the ssh client doesn't like me doing that.  (That's what I believe the problem is).

Using fedora's terminal and running ssh (correct result):

 [root@XYZ]# DISPLAY=localhost:0.0
 [root@XYZ]# xhost +
 access control disabled, clients can connect from any host
 [root@XYZ]#

With widows SSH or pengiunet PenguiNet 2.13 http://www.siliconcircus.com/:
[root@XYZ]# DISPLAY=localhost:0.0
[root@XYZ]# xhost +
xhost:  unable to open display ""
[root@XYZ]#

To summarise:
I want to disable access control on an x-server at localhost:0.0, via SSH, without disabling X-forwarding.
0
Comment
Question by:vincevincevince
9 Comments
 
LVL 23

Accepted Solution

by:
Mysidia earned 250 total points
ID: 11994555
Try

env -i -- DISPLAY=localhost:0.0 XAUTHORITY=~/.Xauthority /usr/X11R6/bin/xhost +
0
 
LVL 38

Expert Comment

by:yuzh
ID: 11994580
If your ssh was setup correctly with X-forwarding enable, when you ssh login to a remote
host the DISPLAY should automatically set.

otherwise, from boxA ssh to boxB,  when you ssh login to box B, you need to do:

DISPLAY=boxA-IP:0.0
export DISPLAY
0
 
LVL 1

Author Comment

by:vincevincevince
ID: 11994827
Mysidia, I will try that as soon as I can get hold of a windows machine, thanks.
Yuzh, you may be misunderstanding me - it's not that I have problems with X forwarding, that works fine, it's that I can't run an xhost command for the server's X-server, because the ssh client (I guess taht's the problem) won't let me change the DISPLAY environment variable.
0
 
LVL 2

Expert Comment

by:Sunjith
ID: 11995240
Hi vince,
 Try export instead of simply setting the variable as follows:
========
[root@XYZ]# export DISPLAY=localhost:0.0
[root@XYZ]# xhost +
========
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 40

Expert Comment

by:jlevie
ID: 11996263
If X forwarding is working why do you need to disable authention? Is it because you log in to the remote as one user and can't use X applications if you su to some other user (like root)? The solution there is to enable sudo access for your account and do 'sudo some-X-app', or ssh in as the user you need to be (ssh root@remote).

From a remote connection you can't connect to localhost:0.0 because that display is not owned by the logged in user. You can execute an 'xhost +localhost' without ftuzing with DISPLAY, but that won't help with the authentication problem if you switch users within that session because of the way X forwarding works.
0
 
LVL 1

Author Comment

by:vincevincevince
ID: 12003646
"If X forwarding is working why do you need to disable authention?"
I think you misunderstand slightly.  I use X-forwarding for using X applications remotely.  I also use certain X applications 100% serverside via scripts which require an X server for some rendering.

This means I have to have a local X server running (localhost:0.0) AND X forwarding of a different server.  i.e two X servers.

The problem comes when I need to give scripts access to the local X-server.  These scripts are mostly php.  For these to run, I need to disable authentication ... on the local X-server only.

Many thanks for your help thus far, today I test all comments submitted on the server.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12003776
So you are remotely accessing the box via ssh? Unless there's someone logged in on the console and running x localhost:0.0 won't exist.

Unless you are trying to invoke an X application from PHP your script won't need a running X server to execute. What are you doing within the PHP script that needs X?
0
 
LVL 1

Author Comment

by:vincevincevince
ID: 12004195
To create a running X server even when nobody is logged into the console I start the X server and background it.

I need an X server to use kwebdesktop.
0
 
LVL 1

Author Comment

by:vincevincevince
ID: 12004285
#1 from Mysidia was spot on.   I placed that command within the following short script, and all now works well:

startx &
env -i -- DISPLAY=localhost:0.0 XAUTHORITY=~/.Xauthority /usr/X11R6/bin/xhost +
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is the error message I got (CODE) Error caused by incompatible libmp3lame 3.98-2 with ffmpeg I've googled this error message and found out sometimes it attaches this note "can be treated with downgrade libmp3lame to version 3.97 or 3.98" …
Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now