Using X11 forwarding in SSH
The SSH protocol has the ability to securely forward X Window System applications over your encrypted SSH connection, so that you can run an application on the SSH server machine and have it put its windows up on your local machine without sending any X network traffic in the clear.
In order to use this feature, you will need an X display server for your Windows machine, such as Cygwin/X, X-Win32, or Exceed. This will probably install itself as display number 0 on your local machine; if it doesn't, the manual for the X server should tell you what it does do.
You should then tick the ‘Enable X11 forwarding’ box in the Tunnels panel before starting your SSH session. The ‘X display location’ box is blank by default, which means that PuTTY will try to use a sensible default such as :0, which is the usual display location where your X server will be installed. If that needs changing, then change it.
Now you should be able to log in to the SSH server as normal. To check that X forwarding has been successfully negotiated during connection startup, you can check the PuTTY Event Log. It should say something like this:
2001-12-05 17:22:01 Requesting X11 forwarding
2001-12-05 17:22:02 X11 forwarding enabled
If the remote system is Unix or Unix-like, you should also be able to see that the DISPLAY environment variable has been set to point at display 10 or above on the SSH server machine itself:
fred@unixbox:~$ echo $DISPLAY
Overview of the X server:
I think your problem is a confusion about how X works, so a few clarifications first:
An "X-Server" is a process which handles and manages a certain (physically available) display. This usually runs on a *client*. Think of an "X-Server" as sort of a driver for a graphics card. (X-Server is where the Keyboard, Video & Mouse were attached.)
An "X-Client" is a process which uses an X-Server to display (a window with) some information on it. This usually runs on the server. An example would be "xterm" or "aixterm" or "Mozilla", etc.
To tell your xclient which Xserver to use there is an environment variable DISPLAY, which is set pointing to your Xserver:
means use the Xserver running on this machine and managing display 0 (there could be several) and use screen 0 (mymachine.withxserverrunning.com:0.1 would be screen 1), since displays could consist of several screens (this is: monitors handled by graphics cards). As you see, unlike in Windoze one doesn't need multiheaded graphics cards with dual (several) monitor capabilities to span a graphical environment over several screens, this can be done by run-of-the-mill X-Servers and windowmanagers running on top of them.
You can run your X-Server directly on ylour server only if you have a graphical terminal (an "lft" ) attached to it. Check in your inventory (man lscfg, man lsdev) to find out if you have one.
If you have none (this is the common case, as servers usually don't come with graphics cards), you will have a machine you work on (if you have to endure common working conditions this is a Windoze machine, if you are lucky this is a real computer running some real OS, Linux or AIX for instance). On this machine (client.yournet.com) you start your X-Server. Start a local X-client (a window), then use some Telnet or similar program to log in to your host (host.yournet.com.
On this host issue issue a "export DISPLAY=client.yournet.com:0.0" and then a "xterm &".
A window should pop up on your display with an xterm. This xterm is not running on your local machine, but on the server. The process on the server only uses your screen (vie your X-Server) to display its content. You can check that by issuing "kill -9 %1" in the first window, which would make the second window vanish.
If it doesn't work as described: issue an "xhost +" on your client machine, X-Windows contains a mechanism to limit access to an X-Servers resource only to a defined group of hosts (which is empty by default), the command will enable any host to use the screen.
(in putty X11 forwarding should be enabled and an X server (e.g. XMING) has to be run)
1. ssh settings:
in sshd_config (/etc/ssh)set: X11Forwarding yes
stopsrc -s sshd; startsrc -s sshd
2. install X11
in /mnt/5300-00/installp/ppc: smitty install:
-X11.base.220.127.116.11.I (this will install some requisites as well from apps, fonts...)
-X11.apps (it contains a startx, xauth, xhost commands)
do an update to the needed TL level
5. then login again:
ssh -X root@aix40
it did this: 1356-364 /usr/bin/X11/xauth: creating new authority file /.Xauthority
5. xclock :)))))
echo $DISPLAY showed: localhost:10.0 (I did not set it at all)
(export DISPLAY=localhost:10.0 perhaps does not needed at all)
(It happend that under roo xlock worked, but as other user it didn't. After copying .Xauthority file (from root) it worked)
Hostname - where the display physically attached
Number - ID number of the display server on that host machine
Scrreen - number of the screen on that host server
If everything looks OK, but you receive this:
root@bb_lpar: / # xclock
Error: Can't open display:
Probably the only problem, you did not use -X: ssh -X root@servername.
When I used -X the DISPLAY variable was configured automatically.:
(I did not set up anything, when I used -X I could see this, but prior -X I received an empty line.)
root@bb_lpar: / # echo $DISPLAY
X server problems:
(This is not edited, I received these errors when I tried to config X)
X11.base is needed
errors I have received:
1 .Gtk-WARNING **: cannot open display <--after setting X11Forwarding yes I received other errors)
someone suggested this:xhost +LOCAL (it gives all non-network connect. access to the display)
2. Gtk-WARNING **: cannot open display: 0.0 <--suggested solution: export DISPLAY=:0.0
3.Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified
After I gave these commands:
xclock <--until I gave startx, xclock command did not work
xhost + localhost
Xlib: connection to "localhost:10.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
Error: Can't open display: localhost:10.0
root@aix10: / # env
You can see in 'ps -ef' that display :10 is already in use:
root@aix10: / # ps -ef | grep ":10"
root 643132 123006 0 Nov 10 - 79:10 /etc/ncs/llbd
root 852170 1458410 0 May 22 - 1:10 /usr/lpp/OV/lbin/eaagt/opcmsga
yyxxxxx 999524 1188014 0 10:45:15 - 0:00 /usr/lpp/CTXSmf/slib/ctxlogin -display :10
Solution is to set in /etc/ssh/sshd_config:
Then displays will be start from 70 and hopefully will not interfere with citrix
When doing ssh -X user@host, I received these:
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.
X11 connection rejected because of wrong authentication.
X connection to localhost:11.0 broken (explicit kill or server shutdown).
However xclock with ssh -Y user@host worked fine.
After adding on the client (where I was coming from) into /etc/ssh/ssh_config: "ForwardX11Trusted yes" it worked well with ssh -X. (This line was missing from ssh_config, so I added to it.)
- FS - LVM
- STORAGE - BACKUP
- UPD. - INSTALL