# X11 Remote



## pl_bear (Feb 19, 2006)

The threads in this forum seem to be focused on using X11 on the Mac to run applications on the Mac.

My issue is slightly different.

How do I run X11 to access my Linux box applications?

Basicially, I'm looking for something that will give a graphical (X11) rather than text (Telnet) terminal on another computer.

Thanks in advance for any suggestions.

Steve


----------



## eric2006 (Feb 19, 2006)

Have you looked into RealVNC? I don't have multiple linux boxes anymore, but when I did, thats what I used to control the computers downstairs..


----------



## symphonix (Feb 19, 2006)

I have done what you descibe. Open up an xterm in X11 on the Mac, remote into the machine you want using SSH, and then run whatever app you want and it should appear on your own display. Its been a few years since I needed to do this, but I'm pretty sure it didn't require much more than that.


----------



## joe_burban (Feb 19, 2006)

I have found that using either the -X or the -Y option with ssh is quick way to get display securely routed to my local terminal.


----------



## tomdkat (Feb 22, 2006)

symphonix said:
			
		

> I have done what you descibe. Open up an xterm in X11 on the Mac, remote into the machine you want using SSH, and then run whatever app you want and it should appear on your own display. Its been a few years since I needed to do this, but I'm pretty sure it didn't require much more than that.


Yep, it should be as simple as that.  If, by some fluke, the app on the Linux box doesn't connect to your X server, make sure the DISPLAY variable is set up on the Linux box and all should work fine.

I do this all the time on my Windows machine, running apps on Linux, Solaris, and HP-UX.

Peace...


----------



## fsainsbu (Mar 6, 2006)

I got these:
1. NO -X gives a display error
ssh cor
frank@cor's password: 
check gecg.000251 
Error: Can't open display: 
[frank@Cor]#logout
Connection to cor closed.
2. -X gives crash of openGL application
plm307frank:~/Documents/Programming frank$ ssh -X cor
frank@cor's password: 
[frank@Cor]#check gecg.000251 
Xlib:  extension "GLX" missing on display "localhost:13.0".
Couldn't create double Buff
Xlib:  extension "GLX" missing on display "localhost:13.0".
No singlBuff

3.  xhost + cor
ssh cor
frank@cor's password: 
Permission denied, please try again.
frank@cor's password: 
[frank@Cor]#setenv DISPLAY plm307frank:0.0
[frank@Cor]#check gecg.000251 
in FRead
in fread
s = 244
 good toconfigs = 256
ie works welll.  Needed apple key for right click behaviour.


----------



## lurk (Mar 7, 2006)

That is odd.  How about 'ssh -Y'


----------



## nixgeek (Mar 7, 2006)

Have you looked at the sshd_config file in /etc?  You might have to uncomment out the X11Forwarding option and change the No to Yes on the Linux box and then from the X11 xterm use the "ssh -X" command (if you're going to be using a different username than what's on the Mac, then you have to also give the "-l" option (that's a letter "L" in lowercase) along with the username resident on the Linux box that you want to access.  This is how I do it on my machines.


----------



## fsainsbu (Mar 7, 2006)

oops, this is from os x 10.4 to fedora core .
well :
2 was option ssh -X
and that gives an xdisplay but not openGL support

option 4:
ssh -Y cor
frank@cor's password: 
#check gecg.000251 
works  Yay!, and thanks.


----------



## fsainsbu (Mar 7, 2006)

option 2 was ssh -X, could get an xterm but no openGL support.

option 4:Note from os x 10.4 to linux, Fedora core.
ssh -Y cor 
worked !  Thanks,
NB option not in 10.3


----------



## tomdkat (Mar 7, 2006)

Here is info from the OpenSSH man page on ssh:



			
				OpenSSH manpage said:
			
		

> *-X      Enables X11 forwarding.  This can also be specified on a per-host
> basis in a configuration file.
> 
> X11 forwarding should be enabled with caution.  Users with the
> ...


 I wasn't aware of the "-Y" option, until I found this thread.  I hope all who use it are aware of the security implications of using it.

Peace...


----------



## lurk (Mar 8, 2006)

Well in practice -Y is the new -X, all it is saying is basically that you trust the admin on the box you are connecting to, that the host itself is trusted.  This is certainly nothing like the old issue of things like 'xhost +' and the like.  Unless I am missing something, the new -Y is no less secure than the old -X that we have been using up to this point.


----------



## tomdkat (Mar 8, 2006)

lurk said:
			
		

> Unless I am missing something, the new -Y is no less secure than the old -X that we have been using up to this point.


The warning given in the -X description is enough for me and something I think should be considered.

I'm *not* saying don't use -Y but only be aware of the implications of doing so, that's all.  

As for using "xhost +", I think that's something I would never do.  I always use "xhost +localhost" to make sure no remote connections will be accepted, unless they are permitted by me.    

Peace....


----------



## nixgeek (Mar 8, 2006)

I didn't know about -Y either.....good to know.  I knew that X11 forwarding was a little risky but I wasn't too concerned yet, but if using the -Y gives me some added security, I'll use that instead.


----------



## tomdkat (Mar 8, 2006)

nixgeek said:
			
		

> but if using the -Y gives me some added security, I'll use that instead.


I think it does the opposite. "-Y" means the remote X clients are trusted so local X security extension restrictions are bypassed.  This will be fine if the remote system is known to be trusted, but if "-Y" is being viewed as similar to "xhost +", then I would consider it unsafe, in general.

Anywho, I just wanted to make those using "-Y" aware of the security implications.  

Peace...


----------

