From: Miles O'Neal <[log in to unmask]>
Subject: Re: one-sided ssh connection, restricted access to X.
To: "William Shu" <[log in to unmask]>
Cc: [log in to unmask]
Date: Saturday, December 5, 2009, 7:22 PM

For #1, what are your SELinux settings>

For #2, that also applies, but... you should NOT by default be able to have other users access your X display.  That's the way it is supposed to work.

If you want local users to be able to access your display, type in a terminal window:

xhost +localhost

Then as long as the DISPLAY is :0 they should work (if SELinux isn't in the way).  If you wnat DISPLAY to be set to $HOST:0 you need to type

xhost +$HOST

On Sat, Dec 5, 2009 at 8:58 AM, William Shu <[log in to unmask]">[log in to unmask]> wrote:

Hi, Please for help on two [related] problems (I'm probably missing something glaring!): 1)  On my newly installed SL54 on a machine *not* connected to the internet, I tried to connect to a remote machine (Redhat 9) via ssh and it does not allow me. I am lost, as sshd is activated on both machines, and I had used a laptop to make the connection to the remote machine  before. I can ssh connect from the Redhat 9 machine. QUESTION:  What could I be doing wrong? (script of my attempts below). I can;t pick up what to do from man pages. 2) I tried to open emacs as root, but was not allowed.  I was only allowed connection after I executed $ xhost + to allow everybody access. QUESTION: Is there no more secure way of enabling users on local machine to use X without having to enumerate them, or allow all to access? In the past, I've always been able to open a terminal window as root or 3rd party and use without probs. Regards, William.   [wss@csc101A ~]$ uname -a Linux csc101A 2.6.18-164.2.1.el5PAE #1 SMP Tue Sep 29 19:14:47 EDT 2009 i686 i686 i386 GNU/Linux [wss@csc101A ~]$ [wss@csc101A ~]$ ssh -XY 192.168.10.1 ssh: connect to host 192.168.10.1 port 22: Connection refused [wss@csc101A ~]$ xhost access control enabled, only authorized clients can connect SI:localuser:wss [wss@csc101A ~]$ xhost + access control disabled, clients can connect from any host [wss@csc101A ~]$ ssh -XY [log in to unmask]">[log in to unmask] ssh: connect to host 192.168.10.1 port 22: Connection refused [wss@csc101A ~]$ ssh -XY [log in to unmask]">[log in to unmask] ssh: connect to host 192.168.10.1 port 22: Connection refused [wss@csc101A ~]$ ssh -XY [log in to unmask]">[log in to unmask] ssh: connect to host 192.168.10.1 port 22: Connection refused [wss@csc101A ~]$ man xhost [wss@csc101A ~]$ ssh -v -XY 192.168.10.1 OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.10.1 [192.168.10.1] port 22. debug1: connect to address 192.168.10.1 port 22: Connection refused ssh: connect to host 192.168.10.1 port 22: Connection refused [wss@csc101A ~]$ ssh -vv -XY 192.168.10.1 OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.10.1 [192.168.10.1] port 22. debug1: connect to address 192.168.10.1 port 22: Connection refused ssh: connect to host 192.168.10.1 port 22: Connection refused [wss@csc101A ~]$ ssh -vvv -XY 192.168.10.1 OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.10.1 [192.168.10.1] port 22. debug1: connect to address 192.168.10.1 port 22: Connection refused ssh: connect to host 192.168.10.1 port 22: Connection refused [wss@csc101A ~]$ ---------- [root@csc101A wss]# emacs & [1] 4833 [root@csc101A wss]# Xlib: connection to ":0.0" refused by server Xlib: No protocol specified emacs: Cannot connect to X server :0.0. Check the DISPLAY environment variable or use `-d'. Also use the `xhost' program to verify that it is set to permit connections from your machine.