What packages do I need to run X applications over ssh forwarding ?
 

I am trying to configure a minimal RHEL6 linux box optimized for running high memory consuming applications. To make the OS itself have minimal memory footprint, I did not install GUI on it and have kept only essential packages. However some applications like IBM installation manager or oracle database installer require a display, and for that I had planned to run Xming X11 server on my local windows desktop and connect to the remote box over ssh with X11 forwarding. This idea works fine when I connect to another linux box with full gui. If I connect to that box over ssh with X11 forwarding, applications like xclock and gedit are displaying their window on my local desktop, but the same is not happening on the minimal box. I am guessing I am missing some essential X11 libraries, and I want to install just enough packages so that I can work with the local Xming method. Can anyone help with this ? Thanks in advance.

Run "who -r" and see what run level you're in. 3 is standard multiuser mode on RHEL but 5 is the run level that starts X applications. It may be you already have what you need but haven't started in run level 5 - you change the default run level in /etc/inittab.

A minimal install will not install the GUI libraries, or the utilities that use the GUI.

Using ssh to forward X windows requires the libraries and utilities, but nothing else. No changes to run level, no desktop package groups (these have a dependency on the X server, and don't work over ssh anyway).

In fact, if you try to run a level requiring the GUI without the GUI will only end in disaster - either the system will fail, or it will report a mass of startup errors...

And the current RH/Centos doesn't use run levels anymore - they are systemd based, and won't let you try to set the graphical target as that isn't installed.

Identify the utilities you want, then the package those utilities are in. Install the package. With RH/Centos this will normally add any dependent packages it calls for.

You CAN install the desktop (one or more for that matter), but for most purposes the desktops are useless unless you plan on running remote desktop services... Which is not necessary for a server.

I finally got it working. I found two solutions

Method 1. Manually set the display variable either in cli or bash_profile

export DISPLAY=<My Workstation IP>:0.0

Method 2. Install package "xauth" which creates Xauthority file once connected over X11 forwarded ssh and can run graphical apps when called from cli.

"forwarding" by using a TCP connection is known to be insecure - without an authentication anyone can connect to your X server, and can take over your session.

xauth (nor the shared libraries needed) are installed in a minimal installation. So the "graphical applications" have to be static linked or they won't work either.

ah well, Glad you got it fixed.

I had the impression that ssh traffic is encrypted. Did you mean using DISPLAY with IP by forwarding over tcp ? And I chose the basic server option in RHEL package selection and didn't choose to customize it, and I had to install xauth seperately. I am trying to make this box as secure as possible and plan to keep selinux in enforcing mode with only opening port 22 and database listeners. Since the IBM installation manager and oracle universal installer needs a display, what would you recommend that I should do ?

Yes, I was referring to the tcp connection. I quit using the TCP connection around 1995 (one local department had such fun when they tested their example capture tool... at the same time I was demonstrating why not to use the TCP connection to a manager...).
Use the added xauth utility and sshd forwarding...

I forgot that sshd doesn't have an internal implementation of xauth. I've always used ssh for forwarding X, and the X libraries (and the minimal applications - xorg-x11-apps, xorg-x11-utils) have always been installed on the remote servers (no X server anywhere). Evidently the IBM/Oracle installers have the X libraries built in. I also forgot that xauth had been separated from the utilities.

I liked having the apps/utils if for nothing else than testing. Xeyes most often :) It is one of the simplest tools to test a display, then there is xterm which good to make sure the fonts are accessible, and SOMETIMES I find that a remote server doesn't quite define an xterm properly (or is a bit buggy in the ncurses library). Being able to use xterm running on the same system that uses the buggy library has seemed to fix most such compatibility problems (even though it does impose a higher overhead.

What is insecure is the standard X traffic going over ports in the 6000 range.

What The Xauth discussion means you use X forwarding over ssh so the traffic is encrypted like any other traffic.

To use that you do NOT hard code the DISPLAY variable or the XAUTHORITY variable. The former gets set when you establish the connection and the Xauth is updated in the user's $HOME/.Xauthority directory.

You can enable the forwarding in ssh with "ssh -X". ("ssh -x" disables it.)

You can enable the forwarding in PuTTY by going to settings and expanding Session then SSH and selecting X11.

The DISPLAY variable it sets will get overwritten if it is in one your profile files so you should NOT hard set it as noted above. The DISPLAY variable will usually show as relative to the system you just opened ssh to as opposed to absolute back to the IP of the system you started from (which is different than the default port 6000 range X setup.).

Using Xauth also allows you to avoid using things like xhost+ which make the default even more insecure.