EGOPOLY

Topics include: programming, Apple, Unix, gadgets, large-scale web sites and other nerdy stuff.

Weird problems with SSH tunnelling of X11

2007-03-28 16:47:25

I've wasted about two hours just now trying to get X11 to tunnel over my ssh connection. My machine is a Mac running X11, and the remote machine is over in our DMZ at work, running CentOS. I had to install some X11 packages on the Linux machine, and then I assumed everything would be golden. But no.

I also made sure ForwardX11 was enabled on the Mac ssh config and the Linux ssh config. But when I "ssh -X linuxmachine" it acts as if everything is fine, creating the Xauthority file and setting a DISPLAY environment variable. But I run "xclock" and it says:

Error: Can't open display: linuxmachinename.com:10.0

I can't find any deeper way to diagnose what is going on. Hoping that it was some kind of Mac vs. CentOS xauth incompatibility, I tried another Linux server, my own server (that runs this site.) It works fine; and it's CentOS also. Then I tried my home server, an Ubuntu workstation, and it works fine.

So I went to another server on our LAN. Also CentOS. No connecty. Another one in our DMZ. No sirree. It's like the Mac just won't accept connections from Linux machines in the same building. WTF?

So I'm stumped. Is there some X11 utility that will complain more verbosely about why it can't connect?

Update: Mystery solved. Sort of. I needed to change the sshd_config on the remote machine to have:

X11UseLocalhost yes

Then I had to restart the sshd and reconnect. For some reason, the ssh tunnel listener was refusing all connections otherwise, even though it was (apparently) bound to all IP addresses on the machine! (And, to answer your next question, no, I did not have iptables running on the remote machine.)