Bookmark this site!

2007-12-02

X11 on Leopard

X11.app won't launch for me - a quick google tells me that others have the same problem.

The idea under Leopard is that X11 will launch automatically as required, so just typing xterm in a Terminal window will launch a xterm window.

But for me this didn't work, since I had set DISPLAY = 0:0

To check, type echo $DISPLAY if the response is 0:0 (as you might expect) you need to remove the entry for DISPLAY from environment.plist (double-click on the file and the property list editor should open). On the other hand something bizarre:

mfourman$ echo $DISPLAY
/tmp/launch-SKAysC/:0
seems to be fine!

Note that some applications may set the DISPLAY variable on startup. I had to retire sshLogin (a Mac port of sshAskPass) because it insists on doing this. So I'm back to using ssh-add from the terminal to set up my ssh identity before launching xterm.

Connecting via ssh from the xterm then sets up an X11 connection so that remote X applications can use your Mac screen. Use ssh -X to forward X11 connections, or set this up, for hosts you trust, in your ssh configuration.

Your ssh configuration depends on various files in ˜/.ssh:

authorized_keys config identity  identity.pub  known_hosts

You can set your ˜/.ssh/config on a per-host basis: for example

# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
Host trusted.local
     ForwardX11 yes 
     ForwardX11Trusted yes
Host ssh.foo.uni.ac.uk
     Compression yes
     Cipher blowfish
     ForwardX11 yes 
Host ssh.foreign.com
     User alias 
Host *
     ForwardX11 no
     ForwardX11Trusted no
Note X11 forwarding should be enabled with caution.

User Specifies the user to log in as, useful when you have a different user name on different machines.

The default configuration file (see /private/etc/ssh_config) includes a list of common settings. The configuration files contain sections separated by ``Host'' specifications, and that section is only applied for hosts that match one of the patterns given in the specification. (Lines starting with `#' are comments. Copy this template, remove `#' and edit values as desired. For details see man ssh_config)

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no

3 comments:

Space Mom said...

When connecting to another system via ssh, you must also explicitly set the -Y option. The Tiger X11 didn't require this.

I also have found that some x applications won't host, an example is xemacs won't display on my leaopard macBook, but emacs will...

Michael Fourman said...

See blog for more detail. I added something on ssh forwarding.

You can set this in ~/.ssh/config

ForwardX11 yes
ForwardX11Trusted yes

Use -Y with caution (see man ssh_config). I only use -X (the untrusted option) except for local machines I control.

Richard Sheppard said...

Thank you! It took me a while to track down your post, but you've helped me track down why it took soooo long for me to log into a server on the Interweb™ where I didn't require an X session anyway, and I would eventually get a message saying:

/usr/X11R6/bin/xauth: timeout in locking authority file /var/www/vhosts/domain.dom/.Xauthority

I had

Host *
ForwardX11 yes


as the only information in my config file. I've sense made it more specific for the Ubuntu box on my home network only, and NO to *.

Thanks again!