5

Here is what I've tried.

I've edited /etc/ssh/sshd_config on the remote AIX system

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

as well as set $DISPLAY

DISPLAY=localhost:10.0
export DISPLAY

...reboot

connect via RHEL

ssh -X me@hostname

run xclock

xclock

get the following output:

X11 connection rejected because of wrong authentication.
X connection to localhost:10.0 broken (explicit kill or server shutdown)

also xauth list doesn't print anything.

Kenster
  • 2,082
  • 16
  • 15
Stephen__T
  • 227
  • 1
  • 4
  • 10
  • Does `xauth list` print anything before you run the `ssh` command? – kasperd Jun 16 '14 at 17:35
  • on the RHEL machine? – Stephen__T Jun 16 '14 at 18:17
  • Worth mentioning you need to be in a X-windows environment on the client side in order for this to work. – dmourati Jan 03 '16 at 05:08
  • Just a comment: avoid it. It is not only slow but also fragile. I would go with Xvnc or any of the recent low-bandwidth and mobile terminal server protocols. Compression is better and re-attaching is just a priceless stability feature. – eckes Apr 26 '17 at 02:29
  • Can you start clients in the local shell session before you start SSH? It should print a xauth token and display should be set – eckes Apr 26 '17 at 02:35

2 Answers2

2
DISPLAY=localhost:10.0
export DISPLAY

I presume this is in your shell startup files (.bash_profile or similar)? Try removing it. ssh -X automatically sets this variable for sessions where it's forwarding X. It shouldn't be necessary for you to set this variable manually, and you may be setting it to the wrong value.

By way of background, the default TCP port for X is 6000, corresponding to "localhost:0.0". ssh -X normally starts with port 6010, which corresponds to "localhost:10.0", and works upwards until it finds a free port. If port 6010 was in use, then it might bind to 6011 and set DISPLAY to "localhost:11.0". This is why you should let ssh set DISPLAY for you.

Kenster
  • 2,082
  • 16
  • 15
0

you must ensure your AIX server's windows manager is working . for example, if you use CDE , please use netstat -an|grep 177 to check 177 port is listening.

Then you can type xhost + to disable access control.

At last , try to use Xmanager to login, both xstart and xbrowser are ok. if you use xstart , you should run Xmanager-passive first, then choose the command as CDE. if you use xbrowser, you can choose Secure XDMCP as login method.

catjing
  • 11
  • 2