X via ssh on FreeBSD

...in progress..

I had no problem in running X clients on crimson (FreeBSD 4.7) against the X server on gold (Redhat 7.3 Linux), but when I tried to run X clients against the X server on maroon, which has FreeBSD 4.7 installed, I could not get them running.

It turns out that the X server startup in FreeBSD defaults to -nolisten tcp, which means X will not accept remote connections via TCP/IP. Issuing startx with a "-listen_tcp" argument turns off this option. I could run X clients against maroon on the local area network.

I then turned my attention to running X clients via ssh, which would allow me to operate X clients securely over the Internet. First, I wanted to get it working locally.

I followed the instructions outlined in the SSH book, i.e. using the -X argument to ssh, but it simply didn't work. I figured it was something wrong on the crimson server, since the DISPLAY variable on crimson wasn't being set to something like "localhost:10" as shown in examples. However, even with "-vv", the most verbose diagnostic mode, it gave no indication why it wasn't working.

Finally, in desperation, I uncommented the defaults in the /etc/ssh/sshd_config file related to X forwarding:

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

Progress: the DISPLAY variable was now being set, but I still couldn't connect to the X server on my local machine. So, the defaults in the sshd config file weren't really defaults after all. I then added to the /etc/ssh/sshd_config file, the line:

 "XAuthLocation /usr/X11R6/bin/xauth"

That did the trick, now I was connecting successfully. With X running through the ssh tunnel, the X server doesn't even need a -listen_tcp argument!

Note:

To ensure arguments, such as -auth, to turn on xauth style X authentication, is sent to the X server, use the following arguments to startx:

startx -listen_tcp -- -auth

Addendum - 28th February, 2006

See also a later journal entry on SSH and X.