SSH
First, enable X11 forwarding: uncommented and properly set 2 following lines in /etc/ssh/ssh_config file:
Host * ForwardX11 yes
Normally ssh creates .Xauthority file in $HOME directory. If $HOME directory is on file server and shared between different machines, it can be a conflict. It is recommended in that case to tell ssh to place .Xauthority file somewhere else, for example in /tmp directory which is usually local. Do following:
1. Uncomment or add following line in /etc/ssh/sshd_config (it will force execution of /etc/ssh/sshrc script which we'll create below; also every user's $HOME/.ssh/environment file will be processed):
PermitUserEnvironment yes
2. Add two lines in /etc/profile:
XAUTHORITY=/tmp/.Xauthority.$LOGNAME export XAUTHORITY
3. Create /etc/ssh/sshrc with following contents:
HOME=/tmp XAUTHORITY=$HOME/.Xauthority.$USER export XAUTHORITY if read proto cookie && [ -n "$DISPLAY" ] then if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ] then # X11UseLocalhost=yes echo add unix:`echo $DISPLAY | cut -c11-` $proto $cookie else # X11UseLocalhost=no echo add $DISPLAY $proto $cookie fi | /usr/openwin/bin/xauth -q - fi
(on RHEL4 xauth is located at /usr/X11R6/bin/xauth, on RHEL5 at /usr/bin, adjust script accordingly)
4. Create /root/.ssh/environment file with following contents:
XAUTHORITY=/tmp/.Xauthority.root
5. NOTIFY ALL USERS TO HAVE THAT FILE WITH CORRESPONDING CONTENTS IN THEIR $HOME/.ssh directories. You can do it for example by placing following into /etc/.login (on linux you can use /etc/csh.login):
if (! -e ~/.ssh/environment ) then echo "" echo "===== ERROR: create file '~/.ssh/environment' containing following line:" echo "===== XAUTHORITY=/tmp/.Xauthority.$LOGNAME" echo "===== OTHERWISE SSH/X11 MAY NOT WORK PROPERLY" echo "" endif
6. Restart ssh service by
svcadm restart network/ssh
(on Linux /etc/init.d/sshd restart)
7. If need to make ssh without password between different clon machines for some user, login as that user and do following:
cd .ssh ssh-keygen -t rsa <hit return on password prompt> cp id_rsa.pub authorized_keys