LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-27-2005, 12:27 PM   #1
bronzepiglet
LQ Newbie
 
Registered: Jan 2005
Location: PA, USA
Distribution: Mandrake 10.1
Posts: 5

Rep: Reputation: 0
SSH to UNIX, X forwarding... newbie questions


I am able to connect with SSH to a remote UNIX cluster, no matter which method or client I use, they all work. I am having trouble with X forwarding, though.

I am using a router. I use XP on another box and I got everything to work with an SSH client and an X emulator running. I set the port forwarding of the appropriate port in the router to the XP box and then had to use the command:
%setenv DISPLAY (my IP address):0.0
to get everything working when I was logged in with SSH.

Now I'm trying to do the same thing with the Linux box... I'm not sure what needs to be done. I've searched and found a few threads that have some info, but I may be a little bit too inexperienced to put it all together. A few questions:

1. Do I need anything running locally to display the X stuff? I wouldn't think I would need some kind of X emulator on Linux... maybe I'm wrong. If I need something, what should I get?

2. What port should be forwarded to the Linux box in the router, if any?

3. Do I still need to set environment variables? What syntax do I use?


Thanks for any help!
 
Old 01-27-2005, 12:39 PM   #2
fr_laz
Member
 
Registered: Jan 2005
Location: Cork Ireland
Distribution: Debian
Posts: 384

Rep: Reputation: 32
Hi,

So as to enable X forwarding with ssh you just add the -X option.
As for the port forwarding, it should be same config as for XP... port numbers do not (normally) depend on the OS
And yes, you still need the env variable, since it the way you specify your remote machine where to print the display...

Bye
 
Old 01-27-2005, 01:05 PM   #3
bronzepiglet
LQ Newbie
 
Registered: Jan 2005
Location: PA, USA
Distribution: Mandrake 10.1
Posts: 5

Original Poster
Rep: Reputation: 0
Thanks for the reply fr_laz.

I'm still not getting the windows to come up (and getting "Error: Can't open display" messages).

The port to forward to the XP box with the X emulator was 6000. I tried forwarding this same port to the Linux box. I used the same setenv command. How can I find out what port Linux is checking for X forwarding and if it is currently ready to receive it? Does 6000 sound like a reasonable number it would be using?

Thanks!
 
Old 01-27-2005, 03:50 PM   #4
cstiehl
LQ Newbie
 
Registered: Jan 2005
Location: Pgh, PA
Posts: 1

Rep: Reputation: 0
Not sure of you exact situation but lets assume your sitting in front of a Linux box trying to connect to the UNIX box.

The client machine(Linux) must have a X server running, and must have following line in /etc/ssh/ssh_config

ForwardX11 yes


On the remote machine(UNIX) you must have the following line in /etc/ssh/sshd_config

X11Forwarding yes


The default on my Gentoo box is:

#X11Forwarding no

So just had to uncomment, change no to yes then restart sshd.


When connecting from the linux box use:

ssh -X unixmachine

The -X will configure your DISPLAY env var (so do not change it) and now all X traffic will be forwarded through the secure tunnel (default: port 22) so no other ports need to be opened.

If you have to open another port the the traffic isn't going through the ssh tunnel which would be the case without the -X


from: "man ssh"
----------------
-X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration
file.

X11 forwarding should be enabled with caution. Users with the ability to bypass file permis-
sions on the remote host (for the user's X authorization database) can access the local X11
display through the forwarded connection. An attacker may then be able to perform activities
such as keystroke monitoring.

-x Disables X11 forwarding.

-Y Enables trusted X11 forwarding.
-----------------
 
Old 01-27-2005, 05:57 PM   #5
bronzepiglet
LQ Newbie
 
Registered: Jan 2005
Location: PA, USA
Distribution: Mandrake 10.1
Posts: 5

Original Poster
Rep: Reputation: 0
Thanks cstiehl. I think I'm getting close...

One possibly very, very stupid question:

How do I know if I have an X server running? Is it always running if i'm able to open terminals and GUI and stuff? I tried what I thought was a command to start it and it said:

Fatal server error:
Server is already active for display 0
If this server is no longer running, remove /tmp/.X0-lock
and start again.

Does that mean it was running? I think it was the same message when I typed "xstart" or "XFree86." Hopefully there is just something I am overlooking here because I think everything else is set correctly.

Thanks all!
 
Old 01-27-2005, 09:09 PM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Please read the info ssh file.
Quote:
X11 and TCP forwarding
If the ForwardX11 variable is set to “yes” (or see the description of the
-X and -x options described later) and the user is using X11 (the DISPLAY
environment variable is set), the connection to the X11 display is auto_
matically forwarded to the remote side in such a way that any X11 pro_
grams started from the shell (or command) will go through the encrypted
channel, and the connection to the real X server will be made from the
local machine. The user should not manually set DISPLAY. Forwarding of
X11 connections can be configured on the command line or in configuration
files.

The DISPLAY value set by ssh will point to the server machine, but with a
display number greater than zero
. This is normal, and happens because
ssh creates a “proxy” X server on the server machine for forwarding the
connections over the encrypted channel.

ssh will also automatically set up Xauthority data on the server machine.
For this purpose, it will generate a random authorization cookie, store
it in Xauthority on the server, and verify that any forwarded connections
carry this cookie and replace it by the real cookie when the connection
is opened. The real authentication cookie is never sent to the server
machine (and no cookies are sent in the plain).
If I remember correctly, the display number will be 10 or 11 rather than 0. If you are on a remote linux machine and you run an x-windows program, the program will be displayed on your machine, while it is actually running on the server machine.
 
Old 01-28-2005, 06:46 AM   #7
fr_laz
Member
 
Registered: Jan 2005
Location: Cork Ireland
Distribution: Debian
Posts: 384

Rep: Reputation: 32
Hi,

Quote:
How do I know if I have an X server running? Is it always running if i'm able to open terminals and GUI and stuff? I tried what I thought was a command to start it and it said:
Yes : a x server is needed so as to use GUI. On most distributions xfree is started at boot time when linux goes in runlevel 5. If it does not run, eg if you log in a terminal (tty1, tty2...), you typically type "startx" so as to start your xserver.

it's possible that you've got to enter the command "xhost +" in command line on your linux machine. This command enables remote client to display on your linux box.

The port used by your xserver should be 6000, unless it doesn't has a classical default config which is extremely unlikely.

Last point, as said jschiwal, when I use ssh -X, I do not set the environment variable (I know I told you the opposite on my first post, but I didn't think it could be a problem, sorry).

Bye
 
Old 01-29-2005, 05:47 PM   #8
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Look for an alternative to the 'xhost +' command. It is very unsecure and should never be used.

The 'gdm' session manager allows you to log in to sessions on other machines or even to have two sessions running on the same screen (one in a window). However these features may not be enabled by default due to possible security concerns.

Last edited by jschiwal; 01-29-2005 at 05:49 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH X forwarding krusty_lab AIX 10 01-02-2008 09:36 AM
SSH X forwarding djgerbavore Linux - Networking 1 11-17-2005 09:40 AM
X forwarding via SSH bd1308 Linux - Software 4 08-30-2005 07:13 PM
ssh and X-forwarding Björneborg Linux - Networking 2 02-19-2004 10:50 AM
newbie/ssh/slackware - questions renato167 Slackware 14 12-16-2003 07:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration