Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Handle ssh X11 forwarding in .bashrc UNIX
I have been trying to get X11 forwarding to pass through a Mac. I have it working on one so I know it can be done. I discovered that if you set the DISPLAY variable with a .bashrc fragment like this...
  if [ `ps -awwwux|grep  X11.app |grep -vc grep` -gt 0 ]; then
    export DISPLAY=":0.0"
  fi
...then X11 forwarding won't work because the .bashrc script overwrites the DISPLAY variable. So I had to add an if statement like this (in my ~/.bashrc):
  if [ -z "$DISPLAY" ]; then
    if [ `ps -awwwux|grep  X11.app |grep -vc grep` -gt 0 ]; then
      export DISPLAY=":0.0"
    fi
  fi
[robg adds: I haven't tested this one.]
    •    
  • Currently 2.50 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[27,096 views]  

Handle ssh X11 forwarding in .bashrc | 9 comments | Create New Account
Click here to return to the 'Handle ssh X11 forwarding in .bashrc' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Handle ssh X11 forwarding in .bashrc
Authored by: rhowell on Sep 27, '05 09:31:27AM
For completeness, this statement in tcsh:

if (! $?DISPLAY) then
setenv DISPLAY :0.0
endif

achieves the same as this statement in bash:

if [ -z "$DISPLAY" ]; then
export DISPLAY=:0.0
fi



[ Reply to This | # ]
Alternate method for ssh X11 forwarding and .bashrc handling
Authored by: finitesquid on Sep 27, '05 01:20:33PM
If it helps any, here's what I do for my X11 forwarding for ssh for bash.

Note that I have X11.app Security preferences set to both "Authenticate connections" and "Allow connections from network clients". Also, I have ssh_config read "ForwardX11 yes" (or, if you prefer, you can use "-X" on the ssh command line). Fragment from both local and remote machine's ~/.bashrc

# If running interactively, then:
if [ "$PS1" ]; then

     ...

    if [ -z "$DISPLAY" ]; then
        export DISPLAY=:0.0
    fi
fi

Contents of remote file ~/.ssh/rc

if read proto cookie && [ -n "$DISPLAY" ]; then
    if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
        # X11UseLocalhost=yes
        /usr/X11R6/bin/xauth -i add unix:`echo $DISPLAY | \
            cut -c11-` $proto $cookie
    else
        # X11UseLocalhost=no
        /usr/X11R6/bin/xauth -i add $DISPLAY $proto $cookie
    fi
fi


[ Reply to This | # ]

Handle ssh X11 forwarding in .bashrc
Authored by: emarmite on Sep 27, '05 01:30:22PM
Er, have I misunderstood this hint? To enable X11 forwarding, simply use the -X flag in ssh:

-X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file.

X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring.

-x Disables X11 forwarding.

-Y Enables trusted X11 forwarding.

If you're talking about ssh'ing to an OSX server, X11 forwarding should be enabled by default. To be sure edit as sudo /etc/sshd_config, uncomment #X11 forwarding no, change 'no' to 'yes', and restart sshd.

Finally, as you don't want to do X11 forwarding by default, you can automatically enable it per host by adding the following lines to ~/.ssh/config (create the file if it's not already there):

Host testbox
ForwardX11 yes

Change testbox to be the name or IP address of the host you are accessing.

Have I missed the point of this script?


[ Reply to This | # ]
Handle ssh X11 forwarding in .bashrc
Authored by: kholburn on Sep 27, '05 04:33:22PM

You have to do all that X11Forwarding stuff you talked about on the ssh client or none of this will work.

Even if you do all that client X11Forwarding, if your "server" is not set up do X11Forwarding correctly it still won't work. When you ssh to a "server" the server sshd process sets the DISPLAY environment variable. If your log-in script resets it, ssh X11Forwarding won't work.

Finally I wasn't talking about sshing to an OSX Server, but to an OSX machine.



[ Reply to This | # ]
Handle ssh X11 forwarding in .bashrc
Authored by: EddEdmondson on Sep 28, '05 08:46:57AM

Actually you want 'ssh -Y' since Tiger.



[ Reply to This | # ]
Handle ssh X11 forwarding in .bashrc
Authored by: Anonymous on Mar 17, '06 12:20:07PM

Now that's a hint! I've been racking the Brain Housing Group over this one.

---
Salmon, the other pink meat.



[ Reply to This | # ]
Be careful setting your display
Authored by: EddEdmondson on Sep 28, '05 08:56:34AM
I have to say this every time a comment like this comes out...

Don't set your DISPLAY to 0!

It's the cause of innumerable hard-to-diagnose problems because it's a fundamentally broken assumption. It breaks when you ssh in somewhere (as the poster of this hint has noticed) and it also breaks on multi-user Macs, and in some other less common situations.

If you must have your DISPLAY variable set in non-X11 applications (which is the situation when you need to have something like the snippet of code in the hint) then use a method that not only checks that it isn't already set, but which then checks for what value it should take. There are several ways of doing this. One is to use open-x11 to open a script from inside X11.app that writes out the DISPLAY setting to some file (this is the method used by Gimp.app for example) or by searching /tmp/.X11-unix/ for the file with the appropriate ownership (see this article).

[ Reply to This | # ]

Be careful setting your display
Authored by: n8gray on Sep 28, '05 12:42:55PM

Thank you! I was about to say the same thing...



[ Reply to This | # ]
Handle ssh X11 forwarding in .bashrc
Authored by: stewarsh on Oct 05, '05 10:21:45AM
Assuming that SSH forwarding is allowed on the server you connecting to(default is no), then you shouldn't have to touch anything in your environment. The only two things you need to do are:

1) Run SSH from an X11 terminal (default for Apple's X11 is xterm, KDE is kterm, etc...)
2) use the -X option to tell SSH to setup the forward. (ssh -x hostname)

$DISPLAY is a variable that's maintained by the system when you are using X and really shouldn't be messed with unless you know what you're doing. To see what I mean, launch X and in the xterm type "echo $DISPLAY". You'll see that it's already set to :0.0. What this means is the XServer is listening to 127.0.0.1:600n (where n is the display prefix ie :x.0). If you have X set to respond to outside/remote connections then it's likely hostname:0.0. Now when you ssh -X to a remote machine from that terminal and echo your DISPLAY, by default you should see something like hostname:10.0 which is a tunnel back to your local setting. So by using SSH inside X11 terminals you shouldn't have to worry about setting your DISPLAY manually.
Below is a quick function you can add to your .bashrc to replace the ssh command with c, and when it runs it will run ssh -X if you are using X11.


function c () { 
    case "$1" in 
        "home")
            host="home.me.net"
        ;;
        "office1" | "o1")
            host="host.name.net"
        ;;
        "uh")
            host="user@host.name.net"
        ;;
        *)
            host="${1}"
        ;;
    esac;
    if [ -n "${DISPLAY}" ]; then
        ssh -X $host;
    else
        ssh -x $host;
    fi
}


[ Reply to This | # ]