Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A better way...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A better way...
Authored by: gospodin_david on Jan 14, '03 11:12:50AM

I'm assuming that this works everywhere, it has for me so far...

An easier and more secure way to do this is to ssh to the host on which you want to run a remote session on with the -X flag. "ssh -X hostname" will enable X11 forwarding over a secure connection. You can then run graphical applications on the remote machine (just type the name of the executable that you want to run in the secure shell window) with the display being on your own. This, of course, assumes that the host to which you want to connect supports ssh sessions. Then again, would you want to use a host that didn't even have that?



[ Reply to This | # ]
A better way...
Authored by: PeterPan on Jan 14, '03 12:29:45PM

Note that you need to manually edit your /private/etc/sshd_config and your /private/etc/ssh_config files to allow X-Fowarding (remove the # from the start of the line X-Forwarding No, and change the No to Yes).

You will need to restart the sshd (using terminal kill -9 pid, then run /usr/sbin/sshd) or restart the OS X box.

This has great advantages in terms of remote monitoring, network monitoring etc. or even editing word docs on your home machine (with Open Office etc..) and is nice and secure....

Hope this helps.



[ Reply to This | # ]
A better way...
Authored by: dieter on Jan 15, '03 05:39:46AM

just some more unix lore: instead of explicitly killing and re-starting sshd (or other daemons), sudo kill -HUP <pid> causes the daemon to read its configuration files without terminating.



[ Reply to This | # ]
set up your ~/.ssh/config
Authored by: awk on Jan 14, '03 12:34:27PM
Yes, this is probably the ONLY proper way to run X11 apps remotely. I wouldn't even think of opening port 6000, no matter what the access controls are set to! Of course if you're just on your own private LAN, behind your firewall, you could run direct for maximum speed but the best thing is to set up SSH to forward your X11 sessions by default. Instead of -X you can also add ForwardX11 yes to your ~/.ssh/config (create it if it doesn't exist), and then you'll have X11 port forwarding as the default. You can verify that your connection is secure by logging into a remote host with SSH and checking the DISPLAY variable: echo $DISPLAY .. it should return "localhost:10" or something similar. This means the X11 stuff is going to the remote host and transported via SSH over to your local display. You might have to set X11Forwarding yes in the remote host's /etc/sshd_config (or equivalent). I believe this is off by default on Darwin. Be sure to restart the sshd daemon (a reboot will do the trick). You can set this up for certain hosts only, and you can also set it system-wide for all users. Read the man pages on SSH for more info.

[ Reply to This | # ]
set up your ~/.ssh/config
Authored by: bogen2 on Jan 15, '03 11:47:55AM

I just don't see how this works. First of all, even with a firewall in front of the X client, I can set the display variable in a normal ssh session and then run any X app successfully, as the firewall will permit all outbound connections and only ssh inbound. Because you are running the app from inside the firewall, it can reach out and connect to port 6000. But I still wanted to make it work, so I used ssh -X host to connect, but nothing changed. I tried setting the display to 0.0 and leaving it blank - didn't work at all. Tried settiing X11Forwarding in both ssh_config and sshd_config and connections work the same as with a normal ssh session. Doing an echo $DISPLAY always shows the address of the X server, not localhost. And netstat on the server shows a connection to port 6000 from the client. Sigh.

What am I doing wrong? I would like to run these sessions inside the ssh tunnel to make sure they are encrypted.



[ Reply to This | # ]
set up your ~/.ssh/config
Authored by: geltmar on Jan 19, '03 06:37:26AM

Try to login with ssh -v -X other.unix.system and watch the extensive debugging information.
I had some similar problem and found out, that xauth was not installed on other.unix.system and the DISPLAY environment was not forwarded because I could not be authenticated.
But maybe the debugging information will point you in another direction. Give it a try.



[ Reply to This | # ]
set up your ~/.ssh/config
Authored by: badragoo on Aug 19, '03 10:21:41PM

So, it's months later. I came across your question because I was having the same problem. My solution was this: Before you get too far in, first make sure you can type the name of a local X11 application (something like xclock) into a prompt in your Terminal.app window and have it appear locally on your X11 desktop.

If you get a "can't open display" error when doing that, then you'll never get it working across a remote connection. So you first need to do something like this (assuming you're using the default csh shell):

setenv DISPLAY :0

This tells Terminal.app to display X11 applications in your local X11 server. Once you get that working, go ahead with your ssh connection to the Unix machine:

ssh -C -X unix.machine.here

Then try to run something simple like xclock remotely (assuming it's installed on your remote unix box. That's all I did to get it working.

-bpd



[ Reply to This | # ]
Another ssh method
Authored by: apparissus on Jan 14, '03 12:39:34PM
Instead of typing ssh -X unix.machine.name every time, you can use pico, emacs, etc. and edit ~/.ssh/config. Here's the procedure using pico:

In a terminal:
pico ~/.ssh/config

At the very top of the file, add the following 2 lines:
Host unix.machine.name

ForwardX11 yes

You can also replace "unix.machine.name" with "*" in the Host line to enable it for all hosts you ssh to. This is the way I have mine set up.

[ Reply to This | # ]
2 Steps to enable X11 forwarding
Authored by: harpdog on Jan 14, '03 04:01:13PM

I already have SSH configured securley and use it only with public keys and not passwords.

After insalling apple X11 I just change the line in my sshd_config on my server

to

X11 Forwarding yes


Then on my client machine I engage the tunnel

ssh -2X username@serverip


That is all I needed to do, nothing else.



[ Reply to This | # ]
I mean 3 Steps to enable X11 forwarding
Authored by: harpdog on Jan 14, '03 04:04:57PM

just to add I forgot to mention after change the sshd_config you have to restart SSH

sudo SystemStarter -v restart SSH

:-)



[ Reply to This | # ]