LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   SSH to UNIX, X forwarding... newbie questions (https://www.linuxquestions.org/questions/linux-networking-3/ssh-to-unix-x-forwarding-newbie-questions-282934/)

bronzepiglet 01-27-2005 12:27 PM
SSH to UNIX, X forwarding... newbie questions
 
I am able to connect with SSH to a remote UNIX cluster, no matter which method or client I use, they all work. I am having trouble with X forwarding, though.

I am using a router. I use XP on another box and I got everything to work with an SSH client and an X emulator running. I set the port forwarding of the appropriate port in the router to the XP box and then had to use the command:
%setenv DISPLAY (my IP address):0.0
to get everything working when I was logged in with SSH.

Now I'm trying to do the same thing with the Linux box... I'm not sure what needs to be done. I've searched and found a few threads that have some info, but I may be a little bit too inexperienced to put it all together. A few questions:

1. Do I need anything running locally to display the X stuff? I wouldn't think I would need some kind of X emulator on Linux... maybe I'm wrong. If I need something, what should I get?

2. What port should be forwarded to the Linux box in the router, if any?

3. Do I still need to set environment variables? What syntax do I use?


Thanks for any help!

fr_laz 01-27-2005 12:39 PM
Hi,

So as to enable X forwarding with ssh you just add the -X option.
As for the port forwarding, it should be same config as for XP... port numbers do not (normally) depend on the OS
And yes, you still need the env variable, since it the way you specify your remote machine where to print the display...

Bye

bronzepiglet 01-27-2005 01:05 PM
Thanks for the reply fr_laz.

I'm still not getting the windows to come up (and getting "Error: Can't open display" messages).

The port to forward to the XP box with the X emulator was 6000. I tried forwarding this same port to the Linux box. I used the same setenv command. How can I find out what port Linux is checking for X forwarding and if it is currently ready to receive it? Does 6000 sound like a reasonable number it would be using?

Thanks!

cstiehl 01-27-2005 03:50 PM
Not sure of you exact situation but lets assume your sitting in front of a Linux box trying to connect to the UNIX box.

The client machine(Linux) must have a X server running, and must have following line in /etc/ssh/ssh_config

ForwardX11 yes


On the remote machine(UNIX) you must have the following line in /etc/ssh/sshd_config

X11Forwarding yes


The default on my Gentoo box is:

#X11Forwarding no

So just had to uncomment, change no to yes then restart sshd.


When connecting from the linux box use:

ssh -X unixmachine

The -X will configure your DISPLAY env var (so do not change it) and now all X traffic will be forwarded through the secure tunnel (default: port 22) so no other ports need to be opened.

If you have to open another port the the traffic isn't going through the ssh tunnel which would be the case without the -X


from: "man ssh"
----------------
-X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration
file.

X11 forwarding should be enabled with caution. Users with the ability to bypass file permis-
sions on the remote host (for the user's X authorization database) can access the local X11
display through the forwarded connection. An attacker may then be able to perform activities
such as keystroke monitoring.

-x Disables X11 forwarding.

-Y Enables trusted X11 forwarding.
-----------------

bronzepiglet 01-27-2005 05:57 PM
Thanks cstiehl. I think I'm getting close...

One possibly very, very stupid question:

How do I know if I have an X server running? Is it always running if i'm able to open terminals and GUI and stuff? I tried what I thought was a command to start it and it said:

Fatal server error:
Server is already active for display 0
If this server is no longer running, remove /tmp/.X0-lock
and start again.

Does that mean it was running? I think it was the same message when I typed "xstart" or "XFree86." Hopefully there is just something I am overlooking here because I think everything else is set correctly.

Thanks all!

jschiwal 01-27-2005 09:09 PM
Please read the info ssh file.
Quote:
X11 and TCP forwarding
If the ForwardX11 variable is set to “yes” (or see the description of the
-X and -x options described later) and the user is using X11 (the DISPLAY
environment variable is set), the connection to the X11 display is auto_
matically forwarded to the remote side in such a way that any X11 pro_
grams started from the shell (or command) will go through the encrypted
channel, and the connection to the real X server will be made from the
local machine. The user should not manually set DISPLAY. Forwarding of
X11 connections can be configured on the command line or in configuration
files.

The DISPLAY value set by ssh will point to the server machine, but with a
display number greater than zero. This is normal, and happens because
ssh creates a “proxy” X server on the server machine for forwarding the
connections over the encrypted channel.

ssh will also automatically set up Xauthority data on the server machine.
For this purpose, it will generate a random authorization cookie, store
it in Xauthority on the server, and verify that any forwarded connections
carry this cookie and replace it by the real cookie when the connection
is opened. The real authentication cookie is never sent to the server
machine (and no cookies are sent in the plain).
If I remember correctly, the display number will be 10 or 11 rather than 0. If you are on a remote linux machine and you run an x-windows program, the program will be displayed on your machine, while it is actually running on the server machine.

fr_laz 01-28-2005 06:46 AM
Hi,

Quote:
How do I know if I have an X server running? Is it always running if i'm able to open terminals and GUI and stuff? I tried what I thought was a command to start it and it said:
Yes : a x server is needed so as to use GUI. On most distributions xfree is started at boot time when linux goes in runlevel 5. If it does not run, eg if you log in a terminal (tty1, tty2...), you typically type "startx" so as to start your xserver.

it's possible that you've got to enter the command "xhost +" in command line on your linux machine. This command enables remote client to display on your linux box.

The port used by your xserver should be 6000, unless it doesn't has a classical default config which is extremely unlikely.

Last point, as said jschiwal, when I use ssh -X, I do not set the environment variable (I know I told you the opposite on my first post, but I didn't think it could be a problem, sorry).

Bye

jschiwal 01-29-2005 05:47 PM
Look for an alternative to the 'xhost +' command. It is very unsecure and should never be used.

The 'gdm' session manager allows you to log in to sessions on other machines or even to have two sessions running on the same screen (one in a window). However these features may not be enabled by default due to possible security concerns.


All times are GMT -5. The time now is 10:00 AM.