[Contents] [Index]

About This Document >>     Installing SSH Tectia Server >>     Getting Started >>     Configuration >>     Authentication >>     Application Tunneling >>         Incoming and Outgoing Tunnels >>         Tunneling FTP >>         Tunneling X11         Agent Forwarding         Dynamic Tunneling     Troubleshooting >>     Man Pages     Advanced Options >>     Log Messages >>

Tunneling X11

To enable X11 forwarding, perform the following tasks:

1. Make sure that the SSH Tectia Server software was compiled with X forwarding support. The binary packages contain runtime X detection in SSH Tectia Server and Client.

   However, if X security extensions are needed, it is necessary to compile from source. When compiling, make sure not to run ./configure with any X-disabling options. See Appendix Installing from Source Code for more information.

2. Ensure that xauth is in the path of the user running ./configure. Also, make sure that you have the following line in your /etc/ssh2/sshd2_config file:

   AllowX11Forwarding yes

   X11 forwarding also needs to be enabled in the client by setting the following line in the ssh2_config file:

   ForwardX11 yes

   These options are on by default.
3. Log into the remote system and type xclock &. This starts an X clock program that can be used for testing the forwarding connection. If the X clock window is displayed properly, you have X11 forwarding working.

Note: Do not set the DISPLAY variable on the client. You will most likely disable encryption. (X connections forwarded through Secure Shell use a special local display setting.)

In SSH Tectia Server, if X11 SECURITY extension is compiled in, the X11 client applications are treated as untrusted by default (the effects of this depend on your X server security policy). For more information, please see the ssh2_config man pages.