X (current version, X11) is defined by standards and contains standardized protocols. The X server is a process that runs on a computer with a bitmapped display, a keyboard, and a mouse. X clients are programs that send commands to open windows and draw in those windows. Although the client and server are typically on the same machine, they can also run on different machines over a TCP/IP network. X typically uses TCP ports 6000 - 6063.
SSH, or the Secure Shell is used for host-to-host networking. It allows secure (encrypted and authenticated) connections between any two devices running SSH. These connections may include terminal (CLI) sessions, file transfers, TCP port forwarding, or X Window System forwarding. SSH supports a wide variety of encryption algorithms, including AES-256 and 3DES. It supports various MAC algorithms, and it can use public-key cryptography for authentication or the traditional username/password. SSH is free, although there are some nice SSH packages for MS Windows that require you to purchase commercial licenses.
X over SSH solves some of the problems inherent to classic X networking. For example, SSH can tunnel X11 traffic through firewalls and NAT, and the X configuration for the session is taken care of automatically. It will also handle compression for low-bandwidth links.
ssh -p 8400 -l gomer -X -v 192.168.1.2
Notes: where -p is the SSH port your SSH server listens to; -p 8400 is only required if your server runs a non-standard TCP port. If yours runs on the default port (TCP port 22), there is no need to add this option.
-l username is only required if you do not have matching usernames on next server yor are logging to.
-X allows X forwarding. This is the default, so it is not required. -x can be used to disable X11 forwarding
-v is verbose. This lets you watch what is going on.
ssh -p 8400 -v -l velson -X -C LAB (where LAB is defined in /etc/hosts, or you can use the IP address here)
What is the -C option for? It tells SSH to compress the data. This improves performance and reduces bandwidth utilization over WAN links.
Since Windows does not support X11 based windowing natively, it is necessary to run a special program called an "X Server" that allows your Windows Workstation to do so. The Lab currently supports a product called Hummingbird Exceed for this purpose. Since X-windows does not provide secure connections itself, it is necessary to use it in conjunction with a separate tool that provides this security. This product (PuTTY) must be installed on your PC and configured correctly to provide secure X-Windows connections.
Before Installing Exceed
If you have our old (no longer supported) X11 package (PCXware by NCD) installed on your system, it must be removed (using the Add/Remove Programs applet in your system's control panel) prior to installing eXceed.
If you have already installed eXceed, but the installed version is older than that shown in the "Supported Windows Applications" table on our Windows Services web page, you need to remove the existing version prior to installing the current version.
Exceed can be configured to work with X11 forwarding by doing the following:
1. Go to the Start Button and select Programs, then Hummingbird Connectivity, then Exceed, then Xconfig.
2. Once at the Xconfig screen, double click on Communication.
3. Under Startup in the area that says Mode select Passive.
4. Click OK.
5. Double Click on Screen Definition.
6. Under Window Mode select Multiple.
7. Click OK.
8. Double click on Security.
9. In the area called Host Access Control List select File.
10. Click Edit to open the file for editing.
11. This file contains some lines that have a # at the beginning. The ONLY line that does not have a # in front of it should say the word localhost. If there is no such line please add it.
12. Now save, and close this file.
13. Click OK.
14. Go to the Start Button and select Programs, then Hummingbird Connectivity, then Exceed, then click on the Exceed icon to start the program.
15. Now you can use an SSH client to connect to the remote system.
16. After connecting, any graphical program that is run from the command prompt will appear on the screen of the local computer.
X11 forwarding using PuTTY.
1. Configure and start your X-windows emulation program for X11 forwarding.
2. Open up the command putty.exe by double-click it. It will brings up the interface. First, setup the connection info in Host Name (or use IP) field and select SSH (SSH is using port 22). In Connection Category, find the Connection tree. In SSH, expand it and you will see Tunnels window. Click "Enable X11 forwarding". It is setting the default to X display at "localhost:0". Now, go back to Session and save this session with a name you like.
3. Now click on Open to open the connection to the remote system.
Now you see the difference is that you do not see all your X Window. You are simply running X application one by one and forwarding via SSH to your local screen. Therefore, you need to know the command for running each X application. All the control are done via SSH client window.
The xauth program is used to provide remote applications with a numerical cookie (a password of sorts) so that your local X server will allow them to directly display and receive keystrokes, mouse clicks, and other events.
To use xauth, the X server must have been started with it enabled.
xauth requires the account on the remote machine to know a secret quantity for your display called an MIT-MAGIC-COOKIE-1. If the remote user knows this quantity it can have complete access to the local display. Without the cookie, the remote application will be refused. In addition to having the proper cookie, the remote applications must be told where the local X server is through the setting of the DISPLAY variable.
SSH will automatically set the DISPLAY variable, provide a temporary xauth cookie, and shuttle the communications through the encrypted connection.
To find out what the cookie is, run the following command:
xauth list
The one that matches your DISPLAY variable is the one you want. To know your DISPLAY variable.
echo $DISPLAY
By default, xauth will use the file specified by the XAUTHORITY environment variable or .Xauthority in the user's home directory.
If you want to use su command to switch user, then you need to add the magic cookie to that user xauthority file. If it is first time then below command will create the file itself and add the cookie.
xauth add
Then you need to set the display for the user too.
export DISPLAY={copy paste the string which is output from the earlier session of echo $DISPLAY}
now the new user will able to use x-applications.
Thanks for your time.
