Using X11 forwarding in SSH

The SSH protocol has the ability to securely forward X Window System applications over
your encrypted SSH connection, so that you can run an application on the SSH server
machine and have it put its windows up on your local machine without sending any X
network traffic in the clear.
In order to use this feature, you will need an X display server for your Windows
machine, such as Cygwin/X, X-Win32, or Exceed. This will probably install itself as
display number 0 on your local machine; if it doesn't, the manual for the X server
should tell you what it does do.
You should then tick the Enable X11 forwarding box in the Tunnels panel before
starting your SSH session. The X display location box is blank by default, which
means that PuTTY will try to use a sensible default such as :0, which is the usual
display location where your X server will be installed. If that needs changing, then
change it.
Now you should be able to log in to the SSH server as normal. To check that X
forwarding has been successfully negotiated during connection startup, you can check
the PuTTY Event Log. It should say something like this:
2001-12-05 17:22:01 Requesting X11 forwarding
2001-12-05 17:22:02 X11 forwarding enabled
If the remote system is Unix or Unix-like, you should also be able to see that the
DISPLAY environment variable has been set to point at display 10 or above on the SSH
server machine itself:
fred@unixbox:~$ echo $DISPLAY
unixbox:10.0
-------------------Overview of the X server:
I think your problem is a confusion about how X works, so a few clarifications first:
An "X-Server" is a process which handles and manages a certain (physically available)
display. This usually runs on a *client*. Think of an "X-Server" as sort of a driver
for a graphics card. (X-Server is where the Keyboard, Video & Mouse were attached.)
An "X-Client" is a process which uses an X-Server to display (a window with) some
information on it. This usually runs on the server. An example would be "xterm" or
"aixterm" or "Mozilla", etc.
To tell your xclient which Xserver to use there is an environment variable DISPLAY,
which is set pointing to your Xserver:
export DISPLAY="mymachine.withxserverrunning.com:0.0"
means use the Xserver running on this machine and managing display 0 (there could be
several) and use screen 0 (mymachine.withxserverrunning.com:0.1 would be screen 1),
since displays could consist of several screens (this is: monitors handled by graphics
cards). As you see, unlike in Windoze one doesn't need multiheaded graphics cards with
dual (several) monitor capabilities to span a graphical environment over several
screens, this can be done by run-of-the-mill X-Servers and windowmanagers running on
top of them.

You can run your X-Server directly on ylour server only if you have a graphical
terminal (an "lft" ) attached to it. Check in your inventory (man lscfg, man lsdev) to
find out if you have one.
If you have none (this is the common case, as servers usually don't come with graphics
cards), you will have a machine you work on (if you have to endure common working
conditions this is a Windoze machine, if you are lucky this is a real computer running
some real OS, Linux or AIX for instance). On this machine (client.yournet.com) you
start your X-Server. Start a local X-client (a window), then use some Telnet or
similar program to log in to your host (host.yournet.com.
On this host issue issue a "export DISPLAY=client.yournet.com:0.0" and then a "xterm
&".
A window should pop up on your display with an xterm. This xterm is not running on
your local machine, but on the server. The process on the server only uses your screen
(vie your X-Server) to display its content. You can check that by issuing "kill -9 %1"
in the first window, which would make the second window vanish.
If it doesn't work as described: issue an "xhost +" on your client machine, X-Windows
contains a mechanism to limit access to an X-Servers resource only to a defined group
of hosts (which is empty by default), the command will enable any host to use the
screen.
-------------------X11 forwarding:
(in putty X11 forwarding should be enabled and an X server (e.g. XMING) has to be run)
0. Xming
1. ssh settings:
in sshd_config (/etc/ssh)set: X11Forwarding yes
stopsrc -s sshd; startsrc -s sshd
2. install X11
in /mnt/5300-00/installp/ppc: smitty install:
-X11.base.5.3.0.0.I (this will install some requisites as well from apps, fonts...)
-X11.apps
(it contains a startx, xauth, xhost commands)
do an update to the needed TL level
4. startx
5. then login again:
ssh -X root@aix40
it did this: 1356-364 /usr/bin/X11/xauth:
/.Xauthority

creating new authority file

5. xclock :)))))
echo $DISPLAY showed: localhost:10.0 (I did not set it at all)
(export DISPLAY=localhost:10.0 perhaps does not needed at all)
(It happend that under roo xlock worked, but as other user it didn't. After copying
.Xauthority file (from root) it worked)
-------------Hostname:Number.Screen

Hostname - where the display physically attached

Number - ID number of the display server on that host machine
Scrreen - number of the screen on that host server
xhost command???
----------------------------------If everything looks OK, but you receive this:
root@bb_lpar: / # xclock
Error: Can't open display:
Probably the only problem, you did not use -X: ssh -X root@servername.
When I used -X the DISPLAY variable was configured automatically.:
(I did not set up anything, when I used -X I could see this, but prior -X I received
an empty line.)
root@bb_lpar: / # echo $DISPLAY
localhost:10.0
-----------------------------------

X server problems:
(This is not edited, I received these errors when I tried to config X)
X11.base is needed
./firefox
errors I have received:
1 .Gtk-WARNING **: cannot open display
<--after setting X11Forwarding yes I
received other errors)
someone suggested this:xhost +LOCAL (it gives all non-network connect. access to the
display)
2. Gtk-WARNING **: cannot open display: 0.0
DISPLAY=:0.0

<--suggested solution: export

3.Xlib: connection to ":0.0" refused by server

Xlib: No protocol specified
After I gave these commands:
xauth list
startx
xclock
did not work

<--until I gave startx, xclock command

export DISPLAY=localhost:10.0
xhost + localhost
export DISPLAY=10.10.100.96:0.0
xinit
----------------------------------Xlib: connection to "localhost:10.0" refused by server

Xlib: Invalid MIT-MAGIC-COOKIE-1 key

Error: Can't open display: localhost:10.0
root@aix10: / # env
DISPLAY=localhost:10.0
You can see in 'ps -ef' that display :10 is already in use:
root@aix10: / # ps -ef | grep ":10"
root 643132 123006
0
Nov 10
root 852170 1458410
0
May 22
yyxxxxx 999524 1188014
0 10:45:15
display :10

- 79:10 /etc/ncs/llbd
- 1:10 /usr/lpp/OV/lbin/eaagt/opcmsga
- 0:00 /usr/lpp/CTXSmf/slib/ctxlogin -

Solution is to set in /etc/ssh/sshd_config:

X11DisplayOffset 70
Then displays will be start from 70 and hopefully will not interfere with citrix
----------------------------------When doing ssh -X user@host, I received these:
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.

$ xclock
X11 connection rejected because of wrong authentication.
X connection to localhost:11.0 broken (explicit kill or server shutdown).
However xclock with ssh -Y user@host worked fine.
After adding on the client (where I was coming from) into /etc/ssh/ssh_config:
"ForwardX11Trusted yes" it worked well with ssh -X. (This line was missing from
ssh_config, so I added to it.)