LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-05-2014, 08:53 AM   #1
anindyameister
Member
 
Registered: Oct 2012
Posts: 47

Rep: Reputation: Disabled
What packages do I need to run X applications over ssh forwarding ?


I am trying to configure a minimal RHEL6 linux box optimized for running high memory consuming applications. To make the OS itself have minimal memory footprint, I did not install GUI on it and have kept only essential packages. However some applications like IBM installation manager or oracle database installer require a display, and for that I had planned to run Xming X11 server on my local windows desktop and connect to the remote box over ssh with X11 forwarding. This idea works fine when I connect to another linux box with full gui. If I connect to that box over ssh with X11 forwarding, applications like xclock and gedit are displaying their window on my local desktop, but the same is not happening on the minimal box. I am guessing I am missing some essential X11 libraries, and I want to install just enough packages so that I can work with the local Xming method. Can anyone help with this ? Thanks in advance.
 
Old 08-05-2014, 09:20 AM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,577
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
Run "who -r" and see what run level you're in. 3 is standard multiuser mode on RHEL but 5 is the run level that starts X applications. It may be you already have what you need but haven't started in run level 5 - you change the default run level in /etc/inittab.
 
Old 08-05-2014, 05:13 PM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,604

Rep: Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241
A minimal install will not install the GUI libraries, or the utilities that use the GUI.

Using ssh to forward X windows requires the libraries and utilities, but nothing else. No changes to run level, no desktop package groups (these have a dependency on the X server, and don't work over ssh anyway).

In fact, if you try to run a level requiring the GUI without the GUI will only end in disaster - either the system will fail, or it will report a mass of startup errors...

And the current RH/Centos doesn't use run levels anymore - they are systemd based, and won't let you try to set the graphical target as that isn't installed.

Identify the utilities you want, then the package those utilities are in. Install the package. With RH/Centos this will normally add any dependent packages it calls for.

You CAN install the desktop (one or more for that matter), but for most purposes the desktops are useless unless you plan on running remote desktop services... Which is not necessary for a server.

Last edited by jpollard; 08-05-2014 at 05:17 PM.
 
Old 08-06-2014, 05:19 AM   #4
anindyameister
Member
 
Registered: Oct 2012
Posts: 47

Original Poster
Rep: Reputation: Disabled
I finally got it working. I found two solutions

Method 1. Manually set the display variable either in cli or bash_profile

export DISPLAY=<My Workstation IP>:0.0

Method 2. Install package "xauth" which creates Xauthority file once connected over X11 forwarded ssh and can run graphical apps when called from cli.
 
Old 08-06-2014, 06:51 AM   #5
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,604

Rep: Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241
Quote:
Originally Posted by anindyameister View Post
I finally got it working. I found two solutions

Method 1. Manually set the display variable either in cli or bash_profile

export DISPLAY=<My Workstation IP>:0.0

Method 2. Install package "xauth" which creates Xauthority file once connected over X11 forwarded ssh and can run graphical apps when called from cli.
"forwarding" by using a TCP connection is known to be insecure - without an authentication anyone can connect to your X server, and can take over your session.

xauth (nor the shared libraries needed) are installed in a minimal installation. So the "graphical applications" have to be static linked or they won't work either.

ah well, Glad you got it fixed.
 
Old 08-06-2014, 08:31 AM   #6
anindyameister
Member
 
Registered: Oct 2012
Posts: 47

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jpollard View Post
"forwarding" by using a TCP connection is known to be insecure - without an authentication anyone can connect to your X server, and can take over your session.

xauth (nor the shared libraries needed) are installed in a minimal installation. So the "graphical applications" have to be static linked or they won't work either.

ah well, Glad you got it fixed.
I had the impression that ssh traffic is encrypted. Did you mean using DISPLAY with IP by forwarding over tcp ? And I chose the basic server option in RHEL package selection and didn't choose to customize it, and I had to install xauth seperately. I am trying to make this box as secure as possible and plan to keep selinux in enforcing mode with only opening port 22 and database listeners. Since the IBM installation manager and oracle universal installer needs a display, what would you recommend that I should do ?
 
Old 08-06-2014, 09:47 AM   #7
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,604

Rep: Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241
Quote:
Originally Posted by anindyameister View Post
I had the impression that ssh traffic is encrypted. Did you mean using DISPLAY with IP by forwarding over tcp ?
Yes, I was referring to the tcp connection. I quit using the TCP connection around 1995 (one local department had such fun when they tested their example capture tool... at the same time I was demonstrating why not to use the TCP connection to a manager...).
Quote:
And I chose the basic server option in RHEL package selection and didn't choose to customize it, and I had to install xauth seperately. I am trying to make this box as secure as possible and plan to keep selinux in enforcing mode with only opening port 22 and database listeners. Since the IBM installation manager and oracle universal installer needs a display, what would you recommend that I should do ?
Use the added xauth utility and sshd forwarding...

I forgot that sshd doesn't have an internal implementation of xauth. I've always used ssh for forwarding X, and the X libraries (and the minimal applications - xorg-x11-apps, xorg-x11-utils) have always been installed on the remote servers (no X server anywhere). Evidently the IBM/Oracle installers have the X libraries built in. I also forgot that xauth had been separated from the utilities.

I liked having the apps/utils if for nothing else than testing. Xeyes most often It is one of the simplest tools to test a display, then there is xterm which good to make sure the fonts are accessible, and SOMETIMES I find that a remote server doesn't quite define an xterm properly (or is a bit buggy in the ncurses library). Being able to use xterm running on the same system that uses the buggy library has seemed to fix most such compatibility problems (even though it does impose a higher overhead.
 
Old 08-07-2014, 11:25 AM   #8
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,577
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
What is insecure is the standard X traffic going over ports in the 6000 range.

What The Xauth discussion means you use X forwarding over ssh so the traffic is encrypted like any other traffic.

To use that you do NOT hard code the DISPLAY variable or the XAUTHORITY variable. The former gets set when you establish the connection and the Xauth is updated in the user's $HOME/.Xauthority directory.

You can enable the forwarding in ssh with "ssh -X". ("ssh -x" disables it.)

You can enable the forwarding in PuTTY by going to settings and expanding Session then SSH and selecting X11.

The DISPLAY variable it sets will get overwritten if it is in one your profile files so you should NOT hard set it as noted above. The DISPLAY variable will usually show as relative to the system you just opened ssh to as opposed to absolute back to the IP of the system you started from (which is different than the default port 6000 range X setup.).

Using Xauth also allows you to avoid using things like xhost+ which make the default even more insecure.
 
  


Reply

Tags
rhel 6, ssh, x11 forwarding


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Synaptic Unable to remove packages and applications Ztcoracat Debian 13 12-01-2012 12:44 PM
Remove all packages except those used by applications Ulysses_ Linux - Desktop 3 12-22-2010 01:41 PM
If all applications came in their separate self-contained packages chessonly General 10 05-20-2009 11:27 PM
wine software can it run all applications which can run in windows linusunis Linux - Software 4 06-14-2008 04:34 PM
SSH won't run X forwarding raypen Linux - Software 2 05-17-2008 06:35 PM


All times are GMT -5. The time now is 10:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration