After `ssh` without `-X` to a machine, is it possible to change `$DISPLAY` to make it work like `ssh -X`?












13















After ssh without -X to a machine, is it possible to change some settings (for example $DISPLAY) to make it work like ssh -X? If not, what is the reason? Thanks.






ssh x11







share|improve this question



























    13















    After ssh without -X to a machine, is it possible to change some settings (for example $DISPLAY) to make it work like ssh -X? If not, what is the reason? Thanks.






    ssh x11







    share|improve this question

























      13












      13








      13


      1






      After ssh without -X to a machine, is it possible to change some settings (for example $DISPLAY) to make it work like ssh -X? If not, what is the reason? Thanks.






      ssh x11







      share|improve this question














      After ssh without -X to a machine, is it possible to change some settings (for example $DISPLAY) to make it work like ssh -X? If not, what is the reason? Thanks.






      ssh x11




      ssh x11






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 14 hours ago









      TimTim

      27.6k78264477




      27.6k78264477






















          1 Answer
          1






          active

          oldest

          votes


















          17














          You can create a second connection with X11 forwarding enabled, and then you can also use the DISPLAY environment variable from the second connection in the first.



          In the 1st window:



          $ ssh user@host
          
user@host$ ...


          In the 2nd window:



          $ ssh -Y user@host 'echo $DISPLAY; while sleep 3600; do :; done'
          
localhost:10.0


          Back to the 1st window:



          user@host$ export DISPLAY=localhost:10.0
          
user@host$ xterm


          Unfortunately, ssh does nothing to contain the X11 (or other) forwardings to the process/session it started or to the user it runs as on the remote machine (eg. by using Unix sockets with/out checking credentials, or by using namespaces), and those forwardings are simple tcp listening sockets to which anybody on the remote machine can connect; all the security of the X11 forwarding relies on the X11 authentication.



          X11 Forwarding By Hand



          The sshd_config(5) manpage mentions that:




          disabling X11 forwarding does not prevent users from forwarding X11 traffic, as users can always install their own forwarders.




          Here is how you can do that by hand.



          Show the auth info for DISPLAY=:0 on the local machine:



          $ xauth list :0
          
ohzd/unix:0  MIT-MAGIC-COOKIE-1  a86982ddce0c1e1c1a8c5e8b2846e43b


          Connect to the remote machine without any X11 forwarding:



          $ ssh user@hzy64
          
user@hzy64's password:
          
[motd snipped]


          Open the command line via ~C and add a remote forwarding from the port 6000+43 to the unix socket corresponding to display :0:



          hzy64$~C
          
ssh> -R 6043:/tmp/.X11-unix/X0
          
Forwarding port.


          Set the $DISPLAY envvar and add the auth info from the local to the remote machine: 



          hzy64$ export DISPLAY=localhost:43
          
hzy64$ xauth add $DISPLAY . a86982ddce0c1e1c1a8c5e8b2846e43b
          
xauth:  file /home/user/.Xauthority does not exist


          Now you're ready to go:



          hzy64$ xterm





          share|improve this answer


























          • If you care about security, -X would be slightly better than -Y, wouldn’t it?

            – Stephen Kitt
            10 hours ago






          • 3





            many (most?) X11 programs don't work with -X, only with -Y. people don't notice that because on many system (eg. debian) ForwardX11Trusted is set to yes by default, and the -X and -Y options are equivalent ;-)

            – mosvy
            10 hours ago











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "106"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f505473%2fafter-ssh-without-x-to-a-machine-is-it-possible-to-change-display-to-ma%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          17














          You can create a second connection with X11 forwarding enabled, and then you can also use the DISPLAY environment variable from the second connection in the first.



          In the 1st window:



          $ ssh user@host
          
user@host$ ...


          In the 2nd window:



          $ ssh -Y user@host 'echo $DISPLAY; while sleep 3600; do :; done'
          
localhost:10.0


          Back to the 1st window:



          user@host$ export DISPLAY=localhost:10.0
          
user@host$ xterm


          Unfortunately, ssh does nothing to contain the X11 (or other) forwardings to the process/session it started or to the user it runs as on the remote machine (eg. by using Unix sockets with/out checking credentials, or by using namespaces), and those forwardings are simple tcp listening sockets to which anybody on the remote machine can connect; all the security of the X11 forwarding relies on the X11 authentication.



          X11 Forwarding By Hand



          The sshd_config(5) manpage mentions that:




          disabling X11 forwarding does not prevent users from forwarding X11 traffic, as users can always install their own forwarders.




          Here is how you can do that by hand.



          Show the auth info for DISPLAY=:0 on the local machine:



          $ xauth list :0
          
ohzd/unix:0  MIT-MAGIC-COOKIE-1  a86982ddce0c1e1c1a8c5e8b2846e43b


          Connect to the remote machine without any X11 forwarding:



          $ ssh user@hzy64
          
user@hzy64's password:
          
[motd snipped]


          Open the command line via ~C and add a remote forwarding from the port 6000+43 to the unix socket corresponding to display :0:



          hzy64$~C
          
ssh> -R 6043:/tmp/.X11-unix/X0
          
Forwarding port.


          Set the $DISPLAY envvar and add the auth info from the local to the remote machine: 



          hzy64$ export DISPLAY=localhost:43
          
hzy64$ xauth add $DISPLAY . a86982ddce0c1e1c1a8c5e8b2846e43b
          
xauth:  file /home/user/.Xauthority does not exist


          Now you're ready to go:



          hzy64$ xterm





          share|improve this answer


























          • If you care about security, -X would be slightly better than -Y, wouldn’t it?

            – Stephen Kitt
            10 hours ago






          • 3





            many (most?) X11 programs don't work with -X, only with -Y. people don't notice that because on many system (eg. debian) ForwardX11Trusted is set to yes by default, and the -X and -Y options are equivalent ;-)

            – mosvy
            10 hours ago
















          17














          You can create a second connection with X11 forwarding enabled, and then you can also use the DISPLAY environment variable from the second connection in the first.



          In the 1st window:



          $ ssh user@host
          
user@host$ ...


          In the 2nd window:



          $ ssh -Y user@host 'echo $DISPLAY; while sleep 3600; do :; done'
          
localhost:10.0


          Back to the 1st window:



          user@host$ export DISPLAY=localhost:10.0
          
user@host$ xterm


          Unfortunately, ssh does nothing to contain the X11 (or other) forwardings to the process/session it started or to the user it runs as on the remote machine (eg. by using Unix sockets with/out checking credentials, or by using namespaces), and those forwardings are simple tcp listening sockets to which anybody on the remote machine can connect; all the security of the X11 forwarding relies on the X11 authentication.



          X11 Forwarding By Hand



          The sshd_config(5) manpage mentions that:




          disabling X11 forwarding does not prevent users from forwarding X11 traffic, as users can always install their own forwarders.




          Here is how you can do that by hand.



          Show the auth info for DISPLAY=:0 on the local machine:



          $ xauth list :0
          
ohzd/unix:0  MIT-MAGIC-COOKIE-1  a86982ddce0c1e1c1a8c5e8b2846e43b


          Connect to the remote machine without any X11 forwarding:



          $ ssh user@hzy64
          
user@hzy64's password:
          
[motd snipped]


          Open the command line via ~C and add a remote forwarding from the port 6000+43 to the unix socket corresponding to display :0:



          hzy64$~C
          
ssh> -R 6043:/tmp/.X11-unix/X0
          
Forwarding port.


          Set the $DISPLAY envvar and add the auth info from the local to the remote machine: 



          hzy64$ export DISPLAY=localhost:43
          
hzy64$ xauth add $DISPLAY . a86982ddce0c1e1c1a8c5e8b2846e43b
          
xauth:  file /home/user/.Xauthority does not exist


          Now you're ready to go:



          hzy64$ xterm





          share|improve this answer


























          • If you care about security, -X would be slightly better than -Y, wouldn’t it?

            – Stephen Kitt
            10 hours ago






          • 3





            many (most?) X11 programs don't work with -X, only with -Y. people don't notice that because on many system (eg. debian) ForwardX11Trusted is set to yes by default, and the -X and -Y options are equivalent ;-)

            – mosvy
            10 hours ago














          17












          17








          17







          You can create a second connection with X11 forwarding enabled, and then you can also use the DISPLAY environment variable from the second connection in the first.



          In the 1st window:



          $ ssh user@host
          
user@host$ ...


          In the 2nd window:



          $ ssh -Y user@host 'echo $DISPLAY; while sleep 3600; do :; done'
          
localhost:10.0


          Back to the 1st window:



          user@host$ export DISPLAY=localhost:10.0
          
user@host$ xterm


          Unfortunately, ssh does nothing to contain the X11 (or other) forwardings to the process/session it started or to the user it runs as on the remote machine (eg. by using Unix sockets with/out checking credentials, or by using namespaces), and those forwardings are simple tcp listening sockets to which anybody on the remote machine can connect; all the security of the X11 forwarding relies on the X11 authentication.



          X11 Forwarding By Hand



          The sshd_config(5) manpage mentions that:




          disabling X11 forwarding does not prevent users from forwarding X11 traffic, as users can always install their own forwarders.




          Here is how you can do that by hand.



          Show the auth info for DISPLAY=:0 on the local machine:



          $ xauth list :0
          
ohzd/unix:0  MIT-MAGIC-COOKIE-1  a86982ddce0c1e1c1a8c5e8b2846e43b


          Connect to the remote machine without any X11 forwarding:



          $ ssh user@hzy64
          
user@hzy64's password:
          
[motd snipped]


          Open the command line via ~C and add a remote forwarding from the port 6000+43 to the unix socket corresponding to display :0:



          hzy64$~C
          
ssh> -R 6043:/tmp/.X11-unix/X0
          
Forwarding port.


          Set the $DISPLAY envvar and add the auth info from the local to the remote machine: 



          hzy64$ export DISPLAY=localhost:43
          
hzy64$ xauth add $DISPLAY . a86982ddce0c1e1c1a8c5e8b2846e43b
          
xauth:  file /home/user/.Xauthority does not exist


          Now you're ready to go:



          hzy64$ xterm





          share|improve this answer















          You can create a second connection with X11 forwarding enabled, and then you can also use the DISPLAY environment variable from the second connection in the first.



          In the 1st window:



          $ ssh user@host
          
user@host$ ...


          In the 2nd window:



          $ ssh -Y user@host 'echo $DISPLAY; while sleep 3600; do :; done'
          
localhost:10.0


          Back to the 1st window:



          user@host$ export DISPLAY=localhost:10.0
          
user@host$ xterm


          Unfortunately, ssh does nothing to contain the X11 (or other) forwardings to the process/session it started or to the user it runs as on the remote machine (eg. by using Unix sockets with/out checking credentials, or by using namespaces), and those forwardings are simple tcp listening sockets to which anybody on the remote machine can connect; all the security of the X11 forwarding relies on the X11 authentication.



          X11 Forwarding By Hand



          The sshd_config(5) manpage mentions that:




          disabling X11 forwarding does not prevent users from forwarding X11 traffic, as users can always install their own forwarders.




          Here is how you can do that by hand.



          Show the auth info for DISPLAY=:0 on the local machine:



          $ xauth list :0
          
ohzd/unix:0  MIT-MAGIC-COOKIE-1  a86982ddce0c1e1c1a8c5e8b2846e43b


          Connect to the remote machine without any X11 forwarding:



          $ ssh user@hzy64
          
user@hzy64's password:
          
[motd snipped]


          Open the command line via ~C and add a remote forwarding from the port 6000+43 to the unix socket corresponding to display :0:



          hzy64$~C
          
ssh> -R 6043:/tmp/.X11-unix/X0
          
Forwarding port.


          Set the $DISPLAY envvar and add the auth info from the local to the remote machine: 



          hzy64$ export DISPLAY=localhost:43
          
hzy64$ xauth add $DISPLAY . a86982ddce0c1e1c1a8c5e8b2846e43b
          
xauth:  file /home/user/.Xauthority does not exist


          Now you're ready to go:



          hzy64$ xterm






          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited 10 hours ago

























          answered 13 hours ago









          mosvymosvy

          8,0721531




          8,0721531













          • If you care about security, -X would be slightly better than -Y, wouldn’t it?

            – Stephen Kitt
            10 hours ago






          • 3





            many (most?) X11 programs don't work with -X, only with -Y. people don't notice that because on many system (eg. debian) ForwardX11Trusted is set to yes by default, and the -X and -Y options are equivalent ;-)

            – mosvy
            10 hours ago



















          • If you care about security, -X would be slightly better than -Y, wouldn’t it?

            – Stephen Kitt
            10 hours ago






          • 3





            many (most?) X11 programs don't work with -X, only with -Y. people don't notice that because on many system (eg. debian) ForwardX11Trusted is set to yes by default, and the -X and -Y options are equivalent ;-)

            – mosvy
            10 hours ago

















          If you care about security, -X would be slightly better than -Y, wouldn’t it?

          – Stephen Kitt
          10 hours ago





          If you care about security, -X would be slightly better than -Y, wouldn’t it?

          – Stephen Kitt
          10 hours ago




          3




          3





          many (most?) X11 programs don't work with -X, only with -Y. people don't notice that because on many system (eg. debian) ForwardX11Trusted is set to yes by default, and the -X and -Y options are equivalent ;-)

          – mosvy
          10 hours ago





          many (most?) X11 programs don't work with -X, only with -Y. people don't notice that because on many system (eg. debian) ForwardX11Trusted is set to yes by default, and the -X and -Y options are equivalent ;-)

          – mosvy
          10 hours ago


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f505473%2fafter-ssh-without-x-to-a-machine-is-it-possible-to-change-display-to-ma%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          How to label and detect the document text images

          Image
          1 $begingroup$ This is what I mean as document text image: I want to label the texts in image as separate blocks and my model should detect these labels as classes. NOTE: This is how the end result should be like: The labels like Block 1, Block 2, Block 3,.. should be Logo, Title, Date,.. Others, etc. Work done: First approach : I tried to implement this method via Object Detection, it didn't work. It didn't even detect any text. Second approach : Then I tried it using PixelLink. As this model is build for scene text detection, it detected each and every text in the image. But this method can detect multiple lines of text if the threshold values are increased. But I have no idea how do I add labels to the text blocks. PIXEL_CLS_WEIGHT_all_ones = 'PIXEL_CLS_WEIGHT_all_ones' PIXEL_C
          Read more

          Vallis Paradisi

          Image
          Coordinata: .mw-parser-output .geo-default,.mw-parser-output .geo-dms,.mw-parser-output .geo-dec{display:inline}.mw-parser-output .geo-nondefault,.mw-parser-output .geo-multi-punct{display:none}.mw-parser-output .longitude,.mw-parser-output .latitude{white-space:nowrap} 33°03′S 71°37′W  /  33.05°S 71.617°W  / -33.05; -71.617 Vallis Paradisi Res apud Vicidata repertae: Civitas : Chilia Numerus incolarum : 296 655 Zona horaria : UTC-4 Situs interretialis Nomen officiale : Valparaíso Gubernium Consilium : municipal council of Valparaíso Geographia Superficies : 401 600 000 Metrum quadratum Coniunctiones urbium Urbes gemellae : Ovetum , Badalona , Santa Fe , Ora longa , Sciamhaevum , Quantunia , Callao , Bat Yam , Melaka , Novorossiysk , Busan , Corduba , Odessa , Rosario , Malacca , Barcino , Soteropolis , Franciscopolis (California) , Guanajuato, Silao Tabula aut despectus Despectus in portum sinumque et urbem Vallis Paradisi Vallis Para
          Read more

          Tabula Rosettana

          Image
          Tabula multilinguis Rosettana in Museo Britannico ostenditur. Tabula Rosettana, [1] etiam titulo OGIS 90 agnita, est stela decreto de rebus sacris in Aegypto anno 196 a.C.n. lato inscripta. Tabula iuxta Rosettam Aegypti, urbem in delta Nili et ad oram maris Mediterranei iacentem, anno 1799 a milite Francico reperta est. Inventio stelae, linguis duabus scripturisque tribus inscriptae, eruditis Instituti Aegypti statim nuntiata est; ibi enim iussu imperatoris Napoleonis eruditi omnium scientiarum (sub aegide Commissionis Scientiarum et Artium) properaverant cum expeditione Francica. Qua a Britannis mox debellata, tabula Rosettana Londinium missa hodie apud Museum Britannicum iacet. Textus Graecus cito lectus interpretationi textuum Aegyptiorum (in formis hieroglyphica et demotica expressorum) gradatim adiuvit. Denique textum plene interpretatus est Ioannes Franciscus Champollion. Ab opere eruditorum cumulativo coepit hodiernus scripturae hieroglyphicae linguaeque Aegyptiae a
          Read more