X-forwarding in slack over SSH - unable to open display
 

Hi all,

Maybe if someone has a good 'Xforward over SSH' link that will solve my problems.

I've been following the LQ tutorial here at http://www.linuxquestions.org/linux/...ssh_mini_howto

Any way...

I'm able to get connection, between two pc's (off my network :D) using pass authentication.

the tutorial kind of loses me when it gets to "user pass phrase". is that supposed to be done on the server or the client? or both?

But that aside for now, as I can connect. I'm just trying to get an X window on the client.

I get the infamous 'Error: Can't open display: 19X.xx.xx.xx"

Now I did go into /etc/ssh_config and uncommented & changed this ForwardX11 to
"ForwardX11 yes". Rebooted to make sure sshd took the change and still no luck.

I'm just typing "startkde" after I get logged in. If I do that the server drops out of kde or if it's in run-level three then it goes into KDE lol.

Thank you.

Ok, so you set up the X11 Forward on the machine that you want to log into, correct? Also, are you doing ssh -Y hostname?

I had done the "-Y" yes, and for hostname I was using the ip address of the server.

Hello All,

Well I never was able to get Slack 10.2 to give me a gui program on my lan with SSH and now I cannot either with 11.0.

On slackware 11 I have:

Server: 192.168.1.1
Client: 192.168.1.2

both computers have no firewall, iptables verified flushed. they can ping each other. i can connect to each other as a normal user by "ssh -X -l fogie IPADDRESS" they are on a lan that is not hooked up to the internet, so security means nothing to me right now, i'm just trying to get this to work :(

i can changed directories on the computers.

but when I type a program name like 'xcalc' I get unable to open display.

both computers are at the run level 3, that is in my /etc/inittab file.

both computers have only the /etc/rc.d/rc.sshd as chmod +x

i have the /etc/rc.d/rc.inetd as chmod -x

Is there anything else that I'm missing?

If someone could please give me even the most insecure way to do this I'd appreciate it, and later add the security later before they get hooked up to the regular lan that is internet enabled.

Works like a charm - ssh client on Slack 10.0 and remote ssh server is Slackware 11.0

On the server side (i.e. on the computer where you login using ssh and subsequently start an X app that should display it's windows on the client machine) make sure your /etc/ssh/sshd_config file contains these lines:
and do not forget to run after saving your changes to that file!

On the client side (the machine where you run the ssh program and where you want to see the remote X app's windows) make sure the file /etc/ssh/ssh_config (note: this is a different file than the one on the server-side!!!) contains these lines:
No need to restart the sshd server on this side, since it is the ssh (no "d") config you modified.
Now, start and after logging in check that the DISPLAY variable is not empty: mine says
Now, run something like "xeyes" in that session and you should see the remote xeyes's window appearing on the local display.

That's all there is to it!

Cheers, Eric

WOO HOO!

Thank you Alien Bob as always :D
edit fix name :D D:D:D:
I didn't realize that I had to actually be in "X" to do this, after all the guides I read...sigh, shrug, kick self in butt :D

Question tho, shouldn't I be able to actually run a full x session using SSH? Or is the SSH to run programs only? If not should I try out the freenx to actually run a full window manager and programs for over lan use then?

The ssh session acts as a tunnel through which the X display data is transfered back to your local machine. You do need to run X Window on the local side (where you started ssh), but you do not need to be running X on the remote side (where you connected to ssh daemon and where you started the X app).
A program like freenx is nice - you run it on the "remote" or server side, and on the local side you need a NXclient program, which is essentially a nicely packaged X with ssh support. The big pro of this - the NXclient program is available for Linux, but also for Windows and other platforms, as well as a web-based version, so that means you can run your Linux apps on many different client machines.

FreeNX does some smart data compression through it's ssh tunnel and additionally has a smart local cache that holds the graphical elements (icons, bitmaps) after it retrieved those from the server, which will reduce network traffic even further when NXclient needs those bitmaps a second time and can fetch them from the local cache. This makes NXclient ideal for remote X sessions over low bamdwidth links (i.e. over the Internet).

Eric

Thanks Eric for the explanation, I wish the /usr/docs were as 'clear' as your explanation.

I'll look into that freenx thanks again.

I'm not sure if I'm actually going over SSH on the vnc
 

Hello all,

Well I got the vnc working, however I'm not sure if I'm doing this right.

I'm able to get SSH & vnc working over a lan.

Now I'm trying to figure out how you run them over the internet but in a safe manner using VNC over SSH.

I'm able to connect to pc's behind a router/gateway/firewall, however only one at a time using port forwarding, and not really sure that I have this correctly here.

Being that a person outside the lan somewhere on the internet typically does not have access to the router/gateway/firewall to change the address ports are forwarded to, I'm trying to get my syntax right.

Is the following possible ? and would it be the correct way to have VNC over SSH from the internet to the lan pc's?

Have router/gateway/firewall forward Inbound Traffic Like This:
Port 22 to computer A (with computer A's /etc/sshd_config set to listen on Port 22)
Port 23 to computer B (with computer B's /etc/sshd_config set to listen on Port 23)
edit fixed type-o

Would a computer on the internet initiate the inbound connection for VNC over SSH this way?
ssh -p 22 -L 5900:localhost:5900 -N -f -l username computerA-lan-IP-address
#then just run vnc but tell it to connect to "localhost" on the internet computer

and then if you wanted to use VNC for computer B , you have to end the vnc with computer A and then:
ssh -p 23 -L 5900:localhost:5900 -N -f -l username computerB-lan-IP-address
#then just run vnc but tell it to connect to "localhost" on the internet computer

Does the above really make traffic from the internet computer calling in use vnc/SSH this way? That's where I'm lost, I'm really not sure if the traffic is really going over port 22/23 or not by looking at the terminal; as the gateway/firewall/router may simply be allowing the traffic since it is "related" to the IP / traffic it see's on ports 22/23 respectively. The gateway/firewall/router does have ports 5900 closed.

Gosh I hope that makes sense :D

Thank you in advance.

I don't ssh with x-forwarding too often, so I had forgotten how to set it up in Slack. This is an old post, but Alien Bob's short tutorial above worked great. Thanks, Eric! :)

Later...

~Eric