Hi,
Thanks for that. I had all that set already, it isn't the cause of the problem.
I think the point is that the route back for the forwarded X11 is via a port called localhost:6011,
but if the machine can not work out what localhost is then it fails. You need either one of
127.0.0.1 localhost.localdomain localhost
or
::1 localhost
in /etc/hosts
Alex
Fernando M. Roxo da Motta wrote:
> On Wed, Dec 06, 2006 at 04:59:22PM -0600, Troy Dawson wrote:
>> Alex Finch wrote:
>>> I find that X11 forwarding over ssh does not work on SL 4.4. I get the
>>> message
>>> _X11TransSocketINETConnect() can't get address for localhost:6011: Name
>>> or service not known
> =================8<-----------------------------
>> The easiest fix I know of is to edit
>> /etc/ssh/ssh_config
>> and add the line
>> ForwardX11 yes
>> I usually put it at the end, so that it looks like
>>
>> ForwardX11Trusted yes
>> ForwardX11 yes
>>
>
>
> Just as an aditional information, the first option above
> (ForwardX11Trusted) will export the DISPLAY with all, or almost all,
> extensions available. See the output of xdpyinfo(1) command in local and
> remote hosts to get the available X11 extensions. Without that option
> only a few extensions are made available in the remote (X11 client)
> machine and many applications fail, due to the lack of resources, with some
> cryptic message that explains nothing.
>
> Anyway it is neccessary some care in order to avoid export all resources
> to the world, as it may represent some security threat. Perhaps a
> solution like :
>
> =============8<------- cut here -----------
>
> # Inside my network -------------------------
> # This one is not trusted at all
> Host noexport.at.mynet
> ForwardX11 no
>
> # This one is not all trusted
> Host partial.at.mynet
> ForwardX11Trusted no
> ForwardX11 yes
>
> # I trust all others
> Host *.at.mynet
> ForwardX11Trusted yes
> ForwardX11 yes
>
> # Outside my network -------------------------
>
> # The ones I trust
> Host somehost.at.some.place
> ForwardX11Trusted yes
> ForwardX11 yes
>
> # I trust "ma non troppo"
> Host other.not.so.trusted
> ForwardX11Trusted no
> ForwardX11 yes
>
> # Global Defaults
> Host *
> ForwardX11 no
>
>
> =============8<------- cut here -----------
>
> Points to note in config above, from ssh_config(5) :
>
> Since the first obtained value for each parameter is used, more host-
> specific declarations should be given near the beginning of the file,
> and general defaults at the end.
> ...
> Host Restricts the following declarations (up to the next Host
> keyword) to be only for those hosts that match one of the
> patterns given after the keyword. * and ? can be used as
> wildcards in the patterns. A single * as a pattern can be
> used to provide global defaults for all hosts. The host
> is the hostname argument given on the command line (i.e.,
> the name is not converted to a canonicalized host name before
> matching).
>
> Some of these can (should?) be inside the sitewide '/etc/ssh/ssh_config'
> and those that differs must be in '~/.ssh/config'. A question to ALL,
> can this config be in a NIS map or some sort of LDAP directory ?
>
> An extra information learned from experience. If the home directory
> and/or the '~/.ssh' have insecure access permissions the personal
> configuration is silently ignored. So if you change configs and it takes
> no effect, look at those permissions.
>
>
> HTH
>
>
> Roxo
>
--
Alex Finch, Research Fellow, Physics Department, Lancaster University.
+44 (0) 1524 593618 http://www.lancs.ac.uk/depts/physics/staff/ajf.htm
|