From rowdenw@eskimo.com Thu Nov 9 16:43:54 2000 Received: from mxu2.u.washington.edu (mxu2.u.washington.edu [140.142.32.9]) by lists.u.washington.edu (8.9.3+UW00.05/8.9.3+UW99.09) with ESMTP id QAA113146 for ; Thu, 9 Nov 2000 16:43:51 -0800 Received: from mx1.eskimo.com (mx1.eskimo.com [204.122.16.48]) by mxu2.u.washington.edu (8.9.3+UW00.02/8.9.3+UW99.09) with ESMTP id QAA02407 for ; Thu, 9 Nov 2000 16:43:49 -0800 Received: from eskimo.com (rowdenw@eskimo.com [204.122.16.13]) by mx1.eskimo.com (8.9.1a/8.8.8) with ESMTP id QAA20348 for ; Thu, 9 Nov 2000 16:43:48 -0800 Received: from localhost (rowdenw@localhost) by eskimo.com (8.9.1a/8.9.1) with ESMTP id QAA28033 for ; Thu, 9 Nov 2000 16:43:45 -0800 (PST) X-Authentication-Warning: eskimo.com: rowdenw owned process doing -bs Date: Thu, 9 Nov 2000 16:43:45 -0800 (PST) From: William Rowden To: UW Linux Group Subject: Re: [OT] XConfused In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII I thank you for the continued discussion! Today, Mike wrote: [snip] > I think you're mistaken about what this does. Using 'xhost' (in > Linux at least) allows you to specify which *remote* hosts can > connect to your *local* X server. So if I weren't using ssh, I'd put this in the X configuration: xhost +eskimo.com If I understand correctly, this would work for normal connections. Since I'm making an X tunnel, however, forwarding the port via ssh, I thought ssh would carry the X communication in its channel. The other end of the forwarding would be the local machine, wouldn't it? This is the way it works for protocols going the other direction, e.g., if I forward the local nntp port to the nntp port on eskinews.eskimo.com, I connect to localhost:119. This connection goes from localhost:119 to eskimo.com (the ssh server) through ssh's encrypted tunnel, and then to eskinews:119. > For example, in order to run the X application "baz" on > host "foo" from my workstation "bar" I would: > 1) Fire up X on bar (startx in Linux) > 2) Run 'xhost +inet:foo' on bar > 3) ssh to host foo and make sure $DISPLAY is set to "bar:0" > 4) run X application "baz" on host "foo" AFAIK, if this works the X connection would be outside the ssh tunnel. Nevertheless, I tried MI/X, and WeirdX with this configuration: xhost + Setting DISPLAY to my Windoze box, I get "Error: Can't open display:". This is a *different* error; I assume it's because of the firewall. The ssh connections--and the ports they forward--have no problem with the firewall, however, presumably because it's initiated from the local machine. -- -William PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2001-02-01 Fingerprint: B6E5 9732 3464 97C8 2B70 A031 6BF6 9E5C 16B5 C4000 I aim to kill you with it, mmm hmm. .