SSH and remote apps

[Don Benot]

I have a question about using SSH to remotely run apps. I've deduced from some of the threads here, that using X11, it is possible to run an app on a linux box and have the window show up on my mac. I tried doing this as follows:

Quote: [Dons-iBook:~] church% ssh -X don@192.168.1.100 don@192.168.1.100's password: [don@localhost ~]$ mahjongg Gtk-WARNING **: cannot open display: localhost:10.0 [don@localhost ~]$ lynx [don@localhost ~]$ vi [don@localhost ~]$ pan Gtk-WARNING **: cannot open display: localhost:10.0 [don@localhost ~]$

lynx and vi both ran in the xterm window, so I know I'm connecting okay, but I get the GTK-WARNING on non-console apps. I'm too new at this to know if it's a Mac X11 problem or a linux problem. The linux box is running a stock version of Mandrake just for learning purposes.

Many thanks,
Don

[yellow]

While the X flag is supposed to automatically negotiate the proper display privs maybe it's failing here. Try setting them the old way.

>> on localhost:

xhost 192.168.1.100

>> on 192.168.1.100:

setenv DISPLAY whatevertheIPaddressoflocalhostis:0.0

See if this will allow you to open your X11 apps properly.

[Don Benot]

Thanks Yellow, but no luck yet.
Here's where I'm at.

Quote: [Dons-iBook:~] church% xhost 192.168.1.100 192.168.1.100 being added to access control list [Dons-iBook:~] church% ssh -X don@192.168.1.100 don@192.168.1.100's password: [don@localhost ~]$ setenv DISPLAY 192.168.1.102:0.0 [don@localhost ~]$ pan Gtk-WARNING **: cannot open display: 192.168.1.102:0.0 [don@localhost ~]$ exit logout Connection to 192.168.1.100 closed. [Dons-iBook:~] church% ssh -X don@192.168.1.100 don@192.168.1.100's password: [don@localhost ~]$ pan Gtk-WARNING **: cannot open display: localhost:10.0 [don@localhost ~]$ setenv DISPLAY 192.168.1.102:0.0 [don@localhost ~]$ mahjongg Gtk-WARNING **: cannot open display: 192.168.1.102:0.0

What shall I try next?

Don

[yellow]

Well, it appears that libraries that it needs to display such graphics locally aren't there on the host machine you're trying to display them on. Perhaps installing the gtk+package locally would make it happen? Fink is an excellent source to install gtk+.

try running something simple and cross-platformy like emacs. Does that display locally? Hell, even opening an xterm from your remote local might help narrow down the trouble.

[Don Benot]

GTK+ is already installed via Fink and The GIMP works locally so it must be iworking. I tried running emacs at your suggestion and got the following:

Quote: [don@localhost ~]$ emacs emacs: Cannot connect to X server 192.168.1.102:0.0. Check the DISPLAY environment variable or use `-d'. Also use the `xhost' program to verify that it is set to permit connections from your machine. [don@localhost ~]$

A little different this time.

Don

[yellow]

Odd. Are you using Apple's X11 beta or Xdarwin? As you can see, ssh -X isn't doing it's work properly. I've never encountered it failing. Now is setting the display properties manually.

Just to be 100% sure, you are doing this from inside either X11 or XDarwin, right?

Oh, a thought. Are you using a firewall? Are the X11 ports allowed? Ports 6000-6063 should be allowed.

[sao]

Please read the "X11: Frequently Asked Questions" forum:

28- Reflections on Firewall rule for X11 usage

about allowing Ports 6000-6063.

[Don Benot]

I read that Sao and I'm still confused. First it says to open port 6000, not that I know how to do that offhand, and then, 2 paragraphs later, it says I don't need to do that if SSH is working, which I think it is.

[sao]

Yes, these are commentaries by different people (reflections...)

Obviously several ways are discussed, and you must make your own conclusion of what works best for you.

I would choose to use 'Xforwarding' with ssh.

[yellow]

He is using X forwarding (-X flag) and it's not working. In order to eliminate the possible problems here the best course of action is to allow those ports to be open and test to see if you can open Xapps the traditional way. If it does work, that narrows the problem down, if it doesn't work, it also narrows the problems down.

The points in the FAQ are correct, straight connections through ports 6000-6063 do send all information as clear text.

It seems to me that he's on a personal network behind a personal router of some kind (Linksys perhaps). Typically these routers have firewalls built into them so you should be protected from the outside world. Provided the firewall is up and running, you shouldn't have security concerns about your machines on your personal network when testing the X11 ports. While I wouldn't suggest keeping them open forever (there are exploits aimed at X11), it will be fine to open them for testing your problems.

[sao]

Quote: Yellow wrote: Provided the firewall is up and running, you shouldn't have security concerns about your machines on your personal network when testing the X11 ports. While I wouldn't suggest keeping them open forever (there are exploits aimed at X11), it will be fine to open them for testing your problems.

That's right. And it might help very well to find his problem.

Silly question, did he switched on "Remote login" in the "Sharing" System Preferences pane?

And, in case he has the "Firewall" activated in the same 'preferences pane', make sure the port "Remote login - SSH (22)" is enabled.

[Don Benot]

Okay, "Remote Login" is on, "Firewall" is off. I am behind a firewall from the outside world so I'm willing to make the individual computers non-secure, at least for the moment. If you'll tell me how, I'll open up ports 6000 - 6063.

For a little less confusion, I renamed my linux box "mandrake".

Here's the latest console stuff:

Quote: [don@mandrake ~]$ emacs Xlib: connection to "192.168.1.102:0.0" refused by server Xlib: No protocol specified emacs: Cannot connect to X server 192.168.1.102:0.0. Check the DISPLAY environment variable or use `-d'. Also use the `xhost' program to verify that it is set to permit connections from your machine. [don@mandrake ~]$

Thanks,
Don

[yellow]

Greetings,

I need to clear up some details first.

How did you connect to mandrake? May I assume that you're sitting at your OS X box and ssh -X to mandrake? What version of LINUX is running on mandrake? Have you updated it's version of ssh to reflect the vulnerabilites found v3.3 and before? It could be possible that your version of the sshd running on mandrake doesn't support Xforwarding. You should take a look at the sshd man page on mandrake.

Which are you using? Apple's X11 or XDarwin?

On a side note:
As far as I know a personal router should act as a repeater and pass all information that comes from your side of the network to all other network connections it is supporting thru it's jacks. I really don't think that the built in firewall is blocking any traffic, at least it shouldn't.

[sao]

Don't you need to edit /etc/sshd_config?

Change to:

X11_Forwarding yes


Then, sshd needs to restart, the easiest way is to reboot the machine.

[yellow]

Yep, that's a possibility on his LINUX box. Still trying to get enough info. Newer versions of *NIX come with it on by default.

[Don Benot]

I am sitting at my OS 10.2.3 box and ssh -X to mandrake.
Linux box is version 8.XX of Mandrake Linux. I don't know what kernal # that uses.
I installed openssh on it. I'm presuming its a newer version of it.
I'm using Apple's X11.

I checked /etc/ssh/sshd_config on mandrake and x11_forwarding is set to yes.

Thanks for your patience with me.
Don

[yellow]

Hey no worries, if we can help, we will!

Let's start off keeping it simple.

xhost ipaddressofmandrake

ssh ipaddressofmandrake (don't use the -X flag yet)
[now at mandrake's prompt in the same window]
setenv DISPLAY ipaddressofmac:0.0

xterm

And what happens? This should open an xterm from mandrake to your Mac. If it does, then we're on the right track.

[Don Benot]

We are on the right track. A mandrake xterm window opened on the Mac.

Don

[yellow]

Excellent. Now try and open whatever it was that you wanted to open before, xmahjong was it?

[Don Benot]

mahjong opened correctly as did pan. At the moment I'm trying to open OpenOffice on it. The problem there is command not found. Any way, will I need to go through that process every time or is there some way to make it/them hold those settings?

Don