Remote GUI Sessions on Linux
April 10, 2006 12:21 PM   Subscribe

Remote X Server access over SSH. I've got a Linux (Ubuntu) server that I have root access to over SSH and a Windows XP workstation that I'd like to set up as the client. Any good resources and tutorials?

I'm sort of familiar with Linux, I've set up and run headless web and database servers. But this is a bit beyond me, I've never looked at Linux GUI stuff before. I've got SSH set up to allow trusted X11 forwarding, and can connect and get to a remote command prompt fine, but can't start X.

I've got Cygwin and it's X Windows components installed on the XP machine, but there are obviously some configuration steps I'm overlooking. I'm hoping someone knows of a good tutorial or howto that would walk me through some of the steps.

The Cygwin documentation seems to assume some knowledge of X Windows that I don't have. I just need a shove in the right direction.
posted by voidcontext to Computers & Internet (25 answers total) 2 users marked this as a favorite
Like you, I had a devil of a time at first getting a remote X application to show up on my Win2K PC screen. Did you use the -Y option when you connected with ssh, e.g. from your XP box, invoke ssh with

ssh -Y -lusername machine

(change username and machine to whatever are appropriate in your case). For some reason, running ssh -X etc. didn't work for me.
posted by hangashore at 12:36 PM on April 10, 2006

Also, if anyone can recommend any good O'Reilly book that would cover this sort of thing, I can look it up through their Safari service.
posted by voidcontext at 12:39 PM on April 10, 2006

This actually isn't hard at all. You just have to edit the remote /etc/ssh/sshd_config file to allow X11 forwarding. (it's off by default). For convenience, you can also list that in the ssh_config on your client machines; this allows you to skip the -X argument.

Once you've edited the sshd_config and restarted the ssh server, start XWindows on your local machine. Under cygwin, that's done with (you may want to edit that file to set things appropriately for your local machine.)

In the XTerm that pops up, type:

ssh -X username@host

The -X means to forward X11 packets. In that window, which is now connected to the remote machine, any X-enabled programs you run will display on your local screen.

I use Cygwin for the X server, but I actually connect with the payware program SecureCRT. It's a very powerful terminal emulator that I prefer for day-to-day usage. It supports X11 forwarding with a configuration checkbox. Note that you still have to configure the server's /etc/ssh/sshd_config file to allow X11 forwarding, or it won't work.

Oh! This will also fail if you don't have the program 'xauth' installed on the server. In Debian, this file is in the xbase-clients package, so it's probably the same with Ubuntu. Without xauth, the X connections just won't work, and you won't get any kind of explanation why.
posted by Malor at 1:01 PM on April 10, 2006

OReilly has an SSH book which probably (I'm too lazy to check) covers this. Things to beware of:

--X reverses the usual sense of "server" and "client", which can baffle you if you aren't prepared for it:
"In all other client/server relationships, the server is the remote machine that runs the applications (i.e. the server provides services, such as a database service or computation service). For some perverse reason that's better left to the imagination, X insists on calling the program running on the remote machine "the client." This program displays its windows on the "window server." We're going to follow X terminology when discussing graphical client/servers. So when you see "client" think "the remote machine where the application is running" and when you see "server" think "the local machine that displays output and accepts user input." (The UNIX-HATERS Handbook)
That is, in the situation described by you, the client (remote Ubuntu machine) is connecting to the X server (your local Cygwin machine) to display things. I hope your brain doesn't explode.

--both the machine on the far end and machine on your end have settings to allow X forwarding to occur, and both default to "no" initially.
--See the xhost command.

I believe you'll need to issue an xhost command - that tells your local X server (Cygwin) to accept incoming connections from host X. Then you'll need to ssh -X to the remote machine - that tells the remote machine that this ssh connection can be used to forward X.
posted by jellicle at 1:03 PM on April 10, 2006

This all helps a lot. I haven't gotten it working yet, but I can begin to see the shape of my misery.
posted by voidcontext at 1:09 PM on April 10, 2006

The important thing to do when using Cygwin is the -Y flag, not the -X. It fixes the xauth problems you may have.
posted by unixrat at 1:16 PM on April 10, 2006

void, if you follow the instructions as I gave them to you, you should be up and running. It's really not hard. If it's not working, post back with where you're stuck. You literally should need no more than ten minutes to get this running.

You shouldn't need xhost. Xhost is used to give remote clients access to your screen, but when you're running over SSH, everything looks local. The remote machine thinks it's displaying locally, more or less, and your client machine thinks the connections are local as well. So it should just work.

(I think that's why you need xauth... I believe SSH copies the X credentials from your local machine and puts them in some kind of file on the remote computer... that gives the remote programs the 'key' to get access to your local X server.)
posted by Malor at 1:16 PM on April 10, 2006

Wow, that's a timely post. I just spent a relatively short time today installing FreeNX on a Gentoo machine, together with the free NX client on my windows laptop, and it is hands down the best and most responsive remote X tool I've ever seen. Forget about VNC and old school X forwarding. Trust me.

link to freenx
link to NX client

(note: the NX client is produced by a commercial company, but the client software is free. Together with freenx as your server, you will not need to pay for any software)
posted by mcstayinskool at 1:16 PM on April 10, 2006

I wrote a primer on SSH (+X) for my LUG about a year ago. You may find it helpful. (PDF)
posted by unixrat at 1:17 PM on April 10, 2006

If you install xbase-clients, cygwin works fine with just the -X flag. I just double-checked.
posted by Malor at 1:24 PM on April 10, 2006

I'm getting this error:

Server is already active for display 0
posted by voidcontext at 1:25 PM on April 10, 2006

You'll more than likely need to do an "xhost +" on the machine you're trying to access remotely in-order to get X11 Forwarding to work. "xhost +" removes access restrictions on X connections.

You shouldn't need xhost. Xhost is used to give remote clients access to your screen, but when you're running over SSH, everything looks local

I still think you'll need to do an "xhost +" on the remote machine. The XAuth files can be sometimes hard to deal with, and some misconfiguration may be your problem. "xhost +" tells Linux to allow anyone to forward X11 regardless of XAuth rules.

I say this only because it's worked for me a bunch of times when I contemplated throwing laptops against the wall due to X11 Forwarding issues.

Server is already active for display 0

It thinks you're on localhost... You'll need to set your env variable $DISPLAY to your Window's box's IP address (something like "export DISPLAY=", where is the ip of your windows box..)
posted by SweetJesus at 1:27 PM on April 10, 2006

I just reviewed the -Y argument... it works by disabling the entire xauth protocol, which was invented for a reason. If you use -Y to connect to a machine, you are opening your display to anyone else logged into that machine.

This may or may not be a security issue for you, but it's a bad habit, and I suggest not using it.
posted by Malor at 1:27 PM on April 10, 2006

void, you're trying to run a window manager, like KDE. Cygwin provides its own window manager that integrates with Windows. You'll need to edit the file if you want to use a remote desktop manager, or you'll need to set the remote windowing system to run in 'rootless' mode.
posted by Malor at 1:30 PM on April 10, 2006

SweetJesus, you don't really understand how this works. Xhost on the remote machine won't do a damn thing, because the X server isn't running there. There's nothing on that machine to check authorizations. And running xhost + is hazardous anyway, because you're saying 'let anyone on the planet access my X server'. Running that on the remote host won't matter, but if you run that locally and you're not behind a firewall, you're just asking for trouble.

The only time you'd use xhost is when you're trying to connect directly over the network, not when you're tunneling over SSH.

The display error he's getting is because he's trying to run a window manager. SSH will set his DISPLAY variable automatically. If the DISPLAY variable is messed up, you'll get the error "cannot connect to X server", not "X server is already active".
posted by Malor at 1:35 PM on April 10, 2006

I am trying to run Gnome. I can't find the script in the c:\cygwin directory though. Searching for it now.
posted by voidcontext at 1:37 PM on April 10, 2006

SweetJesus, you don't really understand how this works. Xhost on the remote machine won't do a damn thing, because the X server isn't running there. There's nothing on that machine to check authorizations. And running xhost + is hazardous anyway, because you're saying 'let anyone on the planet access my X server'.

You're right, I have that backwards. I'll back out, because you've got this handled.
posted by SweetJesus at 1:39 PM on April 10, 2006

OK found it, it's called startxwin.bat and it's in c:\cygwin\usr\x11r6\bin
posted by voidcontext at 1:42 PM on April 10, 2006

void, I have a virtual Ubuntu machine here, I'm working on piecing together exactly how to do this.

That bat file is another way to do the same thing.... I normally run cygwin and do from within that. The BAT file may be better, I haven't used it yet. Gimme a little bit here and I'll figure out how to run GNOME remotely.
posted by Malor at 1:45 PM on April 10, 2006

the following is all that is necessary on win2k with cygwin:

XWin -multiwindow &
ssh -Y address

the remote machine is my own workstation, so no-one else has access and there are no security worries with -Y. it's possible there's some additional once-only config i had to do years ago, though.
posted by andrew cooke at 1:55 PM on April 10, 2006

I had to leave work for the day. I will try again tomorrow. Thanks for all the help!
posted by voidcontext at 2:36 PM on April 10, 2006

Ok, void, I have KDE running properly, but GNOME is not working right for some reason. Why don't you test this method and see if it's something unique to my config... I'm running GNOME on a virtual machine with no sound, and that might be why it's not quite working.

It appears you may have to run X via the command from within Cygwin, rather than the .bat file. The X server crashes if I run it from the BAT and then try to connect to it... but if I run it via the .sh command, it works fine. (This may also be related to my setup, as I'm running a slightly-strange Windows config where I purposely don't have admin privs on the machine.) You can try this with the BAT if you prefer, but if it crashes, revert to the .sh approach.

First, open a Cygwin prompt, and edit your .bash_profile. At the end of this file, insert a line that says:

export DISPLAY=

Next, edit your file. In Cygwin, it's in /usr/X11R6/bin. Change the line that says "XWin -multiwindow ..." to "XWin -fullscreen .." You're just changing multiwindow into fullscreen...don't mess with the other stuff on that line.

A few lines down, it says 'xterm -e /usr/bin/bash -l &'. Just comment that line out. (put a # mark at the start). Save and exit.

Now run from Cygwin. Your X server will start; you'll get a fullscreen window with nothing on it. Alt-tab back to the desktop.

Hit enter in the Cygwin window to get a prompt back. Type ssh -X username@remotehost. Type your password if necessary.

Once you're connected, type 'startkde' to get KDE running. This works perfectly for me. In theory, you're supposed to be able to type 'gnome-session' to start GNOME, but when I try that, it kinda starts, but then throws an error about a daemon starting too many times, and won't do anything when I click on stuff. It's in VMWare on a remote machine, and it's Kubuntu, so god knows where the problem is. Just try gnome-session and see if it starts correctly for you. If it's busted for you too, I'll keep troubleshooting.

You will see a buttload of errors when you start either window system... this is normal, albeit very sloppy, IMO. As soon as you see error and info messages start to scroll by, alt-tab back to your Unix desktop, and you should see your desktop in all its glory.

To quit your XWindows session, log out of GNOME or KDE; this will leave a blank screen. Then hit control-alt-backspace, which will kill the X server. (That's your emergency bailout key if you have trouble, too.) Then type exit a few times in your Cygwin window, until it goes away, and you're back to where you started.

note well: if you close the Cygwin window on your desktop, your X session and all the programs you have open on your remote machine will be instantly killed. So be careful with that window. You may be able to avoid this issue by using the startxwin.bat file instead of (do the same two edits to that file, but use REM instead of # for commenting). When I tried the .BAT, however, it locked up, and I had to kill it through the task manager.
posted by Malor at 3:07 PM on April 10, 2006

Malor: you are both awesome and supremely helpful. This isn't the first time, either.

posted by voidcontext at 3:58 PM on April 10, 2006

Gnome worked for me. I'm using Ubuntu and not Kubuntu.
posted by voidcontext at 4:06 PM on April 10, 2006

Also, looking into FreeNX, FreeNX is pretty sweet. Especially over a WAN.
posted by voidcontext at 11:18 AM on April 25, 2006

« Older 30d or d200? (camera suggestions)   |   Creative works by people with OCD? Newer »
This thread is closed to new comments.