How to use xhost/xauth to control X11 access from EC2 to cygwinX

0
votes

I must be missing something very simple here:

I am connecting to a RedHat 7 Enterprise EC2 instance from my Cygwin/X Windows desktop. I use ssh -XYg -i kekfile.pem [email protected] to connect. I then export DISPLAY=:10.0.

This works fine as long as on the client side I do: xhost +

But that seems a little risky as it will let anything on my network connect to my local X11 server. How can you use xhost or xauth (or something else?) to only allow that one ssh session to use my local X11 server?

1
sshamazon-ec2x11-forwarding
It shouldn't be necessary to set DISPLAY. If ssh is successfully forwarding X, it'll set an appropriate DISPLAY for you. It also shouldn't be necessary to run "xhost +". Why are you finding it necessary to do that?Kenster
That's what I thought. But if I just ssh onto the EC2 host and run an X program I get: xterm: Xt error: Can't open display: xterm: DISPLAY is not setJoshK

1 Answers

0
votes

Ok, I realized that I was doing this backwards. Hopefully this will help any CygwinX user who wants to host an EC2 machine:

  1. Before starting the ssh session export DISPLAY=:0.0
  2. Just use the -Y flag with ssh
  3. Once you have the ssh tunnel open do not set DISPLAY. It is automatically set for you.

Then you can set xhost - on your CygwinX side and the tunneled in connection still works fine.