X11 Remote

[pl_bear]

The threads in this forum seem to be focused on using X11 on the Mac to run applications on the Mac.

My issue is slightly different.

How do I run X11 to access my Linux box applications?

Basicially, I'm looking for something that will give a graphical (X11) rather than text (Telnet) terminal on another computer.

Thanks in advance for any suggestions.

Steve

 

[eric2006]

Have you looked into RealVNC? I don't have multiple linux boxes anymore, but when I did, thats what I used to control the computers downstairs..

 

[symphonix]

I have done what you descibe. Open up an xterm in X11 on the Mac, remote into the machine you want using SSH, and then run whatever app you want and it should appear on your own display. Its been a few years since I needed to do this, but I'm pretty sure it didn't require much more than that.

 

[joe_burban]

I have found that using either the -X or the -Y option with ssh is quick way to get display securely routed to my local terminal.

 

[tomdkat]

I have done what you descibe. Open up an xterm in X11 on the Mac, remote into the machine you want using SSH, and then run whatever app you want and it should appear on your own display. Its been a few years since I needed to do this, but I'm pretty sure it didn't require much more than that.

Yep, it should be as simple as that. If, by some fluke, the app on the Linux box doesn't connect to your X server, make sure the DISPLAY variable is set up on the Linux box and all should work fine.

I do this all the time on my Windows machine, running apps on Linux, Solaris, and HP-UX.

Peace...

 

[fsainsbu]

I got these:
1. NO -X gives a display error
ssh cor
frank@cor's password:
check gecg.000251
Error: Can't open display:
[frank@Cor]#logout
Connection to cor closed.
2. -X gives crash of openGL application
plm307frank:~/Documents/Programming frank$ ssh -X cor
frank@cor's password:
[frank@Cor]#check gecg.000251
Xlib: extension "GLX" missing on display "localhost:13.0".
Couldn't create double Buff
Xlib: extension "GLX" missing on display "localhost:13.0".
No singlBuff

3. xhost + cor
ssh cor
frank@cor's password:
Permission denied, please try again.
frank@cor's password:
[frank@Cor]#setenv DISPLAY plm307frank:0.0
[frank@Cor]#check gecg.000251
in FRead
in fread
s = 244
good toconfigs = 256
ie works welll. Needed apple key for right click behaviour.

 

[lurk]

That is odd. How about 'ssh -Y'

 

[nixgeek]

Have you looked at the sshd_config file in /etc? You might have to uncomment out the X11Forwarding option and change the No to Yes on the Linux box and then from the X11 xterm use the "ssh -X" command (if you're going to be using a different username than what's on the Mac, then you have to also give the "-l" option (that's a letter "L" in lowercase) along with the username resident on the Linux box that you want to access. This is how I do it on my machines.

 

[fsainsbu]

oops, this is from os x 10.4 to fedora core .
well :
2 was option ssh -X
and that gives an xdisplay but not openGL support

option 4:
ssh -Y cor
frank@cor's password:
#check gecg.000251
works Yay!, and thanks.

 

[fsainsbu]

option 2 was ssh -X, could get an xterm but no openGL support.

option 4:Note from os x 10.4 to linux, Fedora core.
ssh -Y cor
worked ! Thanks,
NB option not in 10.3

 

[tomdkat]

Here is info from the OpenSSH man page on ssh:

-X Enables X11 forwarding. This can also be specified on a per-host
basis in a configuration file.

X11 forwarding should be enabled with caution. Users with the
ability to bypass file permissions on the remote host (for the
user's X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able
to perform activities such as keystroke monitoring.

For this reason, X11 forwarding is subjected to X11 SECURITY ex-
tension restrictions by default. Please refer to the ssh -Y op-
tion and the ForwardX11Trusted directive in ssh_config(5) for
more information.

-x Disables X11 forwarding.

-Y Enables trusted X11 forwarding. Trusted X11 forwardings are not
subjected to the X11 SECURITY extension controls.

I wasn't aware of the "-Y" option, until I found this thread. I hope all who use it are aware of the security implications of using it.

Peace...

 

[lurk]

Well in practice -Y is the new -X, all it is saying is basically that you trust the admin on the box you are connecting to, that the host itself is trusted. This is certainly nothing like the old issue of things like 'xhost +' and the like. Unless I am missing something, the new -Y is no less secure than the old -X that we have been using up to this point.

 

[tomdkat]

Unless I am missing something, the new -Y is no less secure than the old -X that we have been using up to this point.

The warning given in the -X description is enough for me and something I think should be considered.

I'm not saying don't use -Y but only be aware of the implications of doing so, that's all.

As for using "xhost +", I think that's something I would never do. I always use "xhost +localhost" to make sure no remote connections will be accepted, unless they are permitted by me.

Peace....

 

[nixgeek]

I didn't know about -Y either.....good to know. I knew that X11 forwarding was a little risky but I wasn't too concerned yet, but if using the -Y gives me some added security, I'll use that instead.

 

[tomdkat]

but if using the -Y gives me some added security, I'll use that instead.

I think it does the opposite. "-Y" means the remote X clients are trusted so local X security extension restrictions are bypassed. This will be fine if the remote system is known to be trusted, but if "-Y" is being viewed as similar to "xhost +", then I would consider it unsafe, in general.

Anywho, I just wanted to make those using "-Y" aware of the security implications.

Peace...