SUMMARY: My ssh X11 forwarding problem

From: JV <>
Date: Thu Jun 22 2006 - 15:09:12 EDT
thank you my generous Solaris friends, you saved me 4 gallons of
gasoline (at USD $3.40/gal in California) and greatly increased my
knowledge of ssh <=>X11  with this exercise.

specific thanks to 

Dave Foster
Crist Clark
Dave Markham
Mats Oberg

for the solution: 

1. verify and enable X11 forwarding in /etc/ssh/sshd_conf (was required
action on Box D)
2. restart ssh with '/etc/init.d/ssh restart' to take effect

Mark Scarborough
Eric Sisson

report that OpenSSH version 3.8 and above support a -Y option for an
alternate X11 trust/untrusted option. These options are not available
in ver 4.3.5, or Sun SSH_1.0

Harvey Wamboldt

Suggest an alternative solution was mess with 'xauth list' and 'xauth

Matthew Stier

contributes an obscure bug id 4374153 from the Sun Developer Network
which recommends an env variable "NO_AWT_MITSHM=true" to help drawing
XWindow boxes forwarded over ssh connections with certain version of
java. I think others could use this bugid info so I include it here:

Have a great day -

Original question inline below:

I'm trying to trick jnbSA to run over the WAN. I don't care how slow,
just please work because otherwise I have to travel 80 miles to fix
something in a remote data center. Regular admin has gone on holiday to

Box A = Sun Solaris box running SSH Tectia Client 4.3.2 Build: 12
Box B = Windows XP box running SSH Tectia Client 4.3.2 Build: 12
Box C = Red Hat Linux Box running OpenSSH_3.6.1p2, SSH protocols
1.5/2.0, OpenSSL 0x0090701f
Box D = Sun Solaris box running Sun OpenSSH Version Sun_SSH_1.0,
protocol versions 1.5/2.0.

I can ssh with X11 forwarding from Box A to Box B to Box C.
My display is set to something like "localhost:12.0" on Box C.
I can run "xterm" and see an X-window pop up in my face (success).

However if I then ssh to Box D with

ssh -A -X -g -v  root@solaris9box  		; OR
ssh -X  root@solaris9box

I cannot get the X application to forward to my ssh tunnel. I suspect
the interoperability between Linux and Solaris, or I am just daft.
There is a VPN between Box B and C, otherwise I would omit one of the
links in this chain, but I can't due to VPN/IP restrictions.
Can anybody who has done something similar give me some pointers? I
promise to summarize for the list.

[root@linuxboxC]$ cat /etc/redhat-release
CentOS release 3.7 (Final)

Tired of spam?  Yahoo! Mail has the best spam protection around 
sunmanagers mailing list
Received on Thu Jun 22 15:12:19 2006

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:59 EST