Testing environment: Redhat Enterprise Linux 5 i386.

Things you should know first:

Q: Which is server and which is client in the X Window System?

A: In the case:

• "X" running on host1.example.org;
• "xclock" running on host2.example.org, but displayed on host1.example.org.

"X" on host1.example.org is the server; "xclock" on host2.example.org is the client.

Server side

Open a terminal and execute command "gdmsetup". Select "Security" tab. Uncheck "Deny TCP connections to Xserver".

Or you can just manually edit /etc/gdm/custom.conf, add the following line under [security]:

DisallowTCP=false

Then close the window and restart the X server.

When the X server has restarted, open a terminal and execute the following command:

$ xhost +

However, the above method is relatively insecure. The more secure way is using xauthority cookies.

Get the cookie used by X server:

$ xauth list :0 | sed -n "s/.*:0[[:space:]*].*[[:space:]*]//p"
bfb20e06fe62e3dc42905b577e7086ca

$ ssh user@host2.example.org xauth -q add host1.example.org:0 . bfb20e06fe62e3dc42905b577e7086ca

Open a terminal and execute the following command:

$ xclock -display host1:0

Reference

1. Remote X Apps mini-HOWTO.