Dear group,

1. My workstation "gar" is running Debian 12 with XFCE.

2. I have another PC "marlin" running Ubuntu 24.04 LTS with XFCE.

3. I recently added a PC "octopus" running Ubuntu 26.04 LTS Server,
without desktop environment.

4. Both "marlin" and "octopus" have a user "localadmin", on "gar" my
username is "cgelinek".

5. I'd like to `ssh -Y localadmin@octopus` from "gar" and then start a
podman container with `xeyes` in it and be able to see it on my screen
on "gar".

6. I can do that with "marlin" (i.e. `ssh -Y localadmin@marlin`), but
not with "octopus".

Some debugging suggests that when I `ssh -Y localadmin@octopus`, on octopus

* $DISPLAY is localhost:10.0,
* /home/localadmin/.Xauthority has the date of connection but
* $XAUTHORITY is empty.
* Unsurprisingly, when I try to run `xeyes` from within a container
(with DISPLAY and XAUTHORITY being forwarded), it stops with `Error:
Can't open display: localhost:10.0`.

I have checked that xauth is installed on octopus and have run out of
ideas what to try next, any ideas?

Thanks for your time,
Christian

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Mon, May 25, 2026 at 03:47:14PM +0930, Christian Gelinek wrote:

Dear group,

1. My workstation "gar" is running Debian 12 with XFCE.

2. I have another PC "marlin" running Ubuntu 24.04 LTS with XFCE.

3. I recently added a PC "octopus" running Ubuntu 26.04 LTS Server, without desktop environment.

4. Both "marlin" and "octopus" have a user "localadmin", on "gar" my
username is "cgelinek".

5. I'd like to `ssh -Y localadmin@octopus` from "gar" and then start a
podman container with `xeyes` in it and be able to see it on my screen on "gar".

(
Here a `ssh -X server` user.
According `man ssh` are `ssh -X` and `ssh -Y` simular.
)


Acknowledge on 'podman container with `xeyes` in it'

6. I can do that with "marlin" (i.e. `ssh -Y localadmin@marlin`), but not with "octopus".

Some debugging suggests that when I `ssh -Y localadmin@octopus`, on octopus

* $DISPLAY is localhost:10.0,
* /home/localadmin/.Xauthority has the date of connection but
* $XAUTHORITY is empty.
* Unsurprisingly, when I try to run `xeyes` from within a container (with DISPLAY and XAUTHORITY being forwarded), it stops with `Error: Can't open display: localhost:10.0`.

I have checked that xauth is installed on octopus and have run out of ideas what to try next, any ideas?

Ideas:

* Compare working and non-working setup further
* Tell more about the actual use case.

Thanks for your time,
Christian

Groeten
Geert Stappers
--
Silence is hard to parse

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 25/5/26 16:33, Geert Stappers wrote:

On Mon, May 25, 2026 at 03:47:14PM +0930, Christian Gelinek wrote:

5. I'd like to `ssh -Y localadmin@octopus` from "gar" and then start a
podman container with `xeyes` in it and be able to see it on my screen on
"gar".

(
Here a `ssh -X server` user.
According `man ssh` are `ssh -X` and `ssh -Y` simular.
)


Acknowledge on 'podman container with `xeyes` in it'

I just tried `ssh -X localadmin@marlin` and it works just as well as
with -Y.

Ideas:

* Compare working and non-working setup further

What would you suggest to compare?

* Tell more about the actual use case.

I have some software with X11 GUI I'd like to run inside podman
containers on machine octopus. The octopus host itself should be as
minimal and as disposable as practical and only be used as a gateway to
the software in the containers. Previously it was enough to have a few
real metal PCs (like marlin) with a full-blown desktop environment but recently the number of OS variants has been increasing and I'd like to
save resources by using containers instead, where I'm hoping that trying
& installing new OS distributions and versions would be less hassle and
costly than dealing with real metal for each combination.

Thanks for your time,
Christian

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Mon, May 25, 2026 at 05:22:42PM +0930, Christian Gelinek wrote:

On 25/5/26 16:33, Geert Stappers wrote:

On Mon, May 25, 2026 at 03:47:14PM +0930, Christian Gelinek wrote:

5. I'd like to `ssh -Y localadmin@octopus` from "gar" and then start a podman container with `xeyes` in it and be able to see it on my screen on "gar".

Acknowledge on 'podman container with `xeyes` in it'

... ideas?

Ideas:

* Compare working and non-working setup further

What would you suggest to compare?

Install packages, running processes, versions.


And I suggest to test with xterm instead of xeyes.

* Tell more about the actual use case.

I have some software with X11 GUI I'd like to run inside podman containers
on machine octopus.

Sounds like a wish.
And if that is the use case, then that is the use case.
It is not an use case I have.

The octopus host itself should be as minimal and as
disposable as practical and only be used as a gateway to the software in the containers. Previously it was enough to have a few real metal PCs (like marlin) with a full-blown desktop environment but recently the number of OS variants has been increasing and I'd like to save resources by using containers instead, where I'm hoping that trying & installing new OS distributions and versions would be less hassle and costly than dealing with real metal for each combination.

In RFC 1925 is: Good, Fast, Cheap. Pick two, you can't have all three.


Thing I'm trying to tell: Rethink the goal.

Thanks for your time,
Christian

Groeten
Geert Stappers
--
Silence is hard to parse

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-05-25 07:17, Christian Gelinek wrote:

Dear group,

1. My workstation "gar" is running Debian 12 with XFCE.

2. I have another PC "marlin" running Ubuntu 24.04 LTS with XFCE.

3. I recently added a PC "octopus" running Ubuntu 26.04 LTS Server,
without desktop environment.

4. Both "marlin" and "octopus" have a user "localadmin", on "gar" my username is "cgelinek".

5. I'd like to `ssh -Y localadmin@octopus` from "gar" and then start a podman container with `xeyes` in it and be able to see it on my screen
on "gar".

6. I can do that with "marlin" (i.e. `ssh -Y localadmin@marlin`), but
not with "octopus".

Some debugging suggests that when I `ssh -Y localadmin@octopus`, on
octopus

* $DISPLAY is localhost:10.0,
* /home/localadmin/.Xauthority has the date of connection but
* $XAUTHORITY is empty.
* Unsurprisingly, when I try to run `xeyes` from within a container
(with DISPLAY and XAUTHORITY being forwarded), it stops with `Error:
Can't open display: localhost:10.0`.

I have checked that xauth is installed on octopus and have run out of
ideas what to try next, any ideas?

Thanks for your time,
Christian

I don't know what a podman container is.
You can export X from marlin but not from octopus?
I'd compare the sshd config file on octopus with the one on marlin

mick

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Mon, May 25, 2026 at 15:47:14 +0930, Christian Gelinek wrote:

1. My workstation "gar" is running Debian 12 with XFCE.

3. I recently added a PC "octopus" running Ubuntu 26.04 LTS Server, without desktop environment.

5. I'd like to `ssh -Y localadmin@octopus` from "gar" and then start a
podman container with `xeyes` in it and be able to see it on my screen on "gar".

I have checked that xauth is installed on octopus and have run out of ideas what to try next, any ideas?

If octopus doesn't have a desktop environment, does it at least have
the basic X11 client programs and libraries? You verified that xauth
is present. How about xinit, xeyes, xterm?

I would skip the "podman" (whatever that is) layer initially. Just
try "ssh -Y myuser@octopus" and then "xterm" or "xeyes" at the
interactive shell.

If that doesn't work, check the ssh server configs (usually in /etc/ssh/sshd_config) on octopus and make sure X11Forwarding is enabled.

Once you get basic X11Forwarding working, then you can try to add this
podman thing.

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 5/25/26 2:52 AM, Christian Gelinek wrote:

I have some software with X11 GUI I'd like to run inside podman
containers on machine octopus. The octopus host itself should be as
minimal and as disposable as practical and only be used as a gateway
to the software in the containers.ÿ Previously it was enough to have a
few real metal PCs (like marlin) with a full-blown desktop environment
but recently the number of OS variants has been increasing and I'd
like to save resources by using containers instead, where I'm hoping
that trying & installing new OS distributions and versions would be
less hassle and costly than dealing with real metal for each combination.

Not sure if the following would serve your purpose; it probably takes
more resources than your attempted method. What I've been doing:
Headless server running virsh virtual machines. The hardware is a 10
year old dual-CPU rack server with 256GB RAM and ~30TB hard drive pool
so all kinds of capacity to play with.

I used boxes and virtualbox al long time ago but those had various
problems, I don't recall all the details, I think boxes was randomly
crashing for me and virtualbox kept fighting my preference of monitor
size in the vm. With both of those I was running the server with a
desktop environment. Virsh I administrate entirely via ssh to the
headless host.

I run virtual machines: Windows 10, multiple versions of Ubuntu and
Debian, and a couple other odd distros, all at once, and connect to
their desktop via vnc over my internal lan. I've learned to start
including the vnc port in the vm name to help myself remember for
example, that vm ReactOs5915 has its gui on port 5915.

A server with much less resources should handle the same virtual
machines if you only run one or a few at a time. As long as the cpu
supports virtualization, I've run a vm on a host with 4GB RAM.

I used to think virtual machines take a huge performance hit compared to
real hardware, but that seems to have significantly improved in recent
years.



--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)