Thursday, 20 March 2008

Leveraging your XWindows

One of the fine things about using Linux is having a real XWindows Server. Why is that do you think? As an Oracle Specialist it occurs from time to time that I have to do an installation on a unix or linux server. Since it is a server usually it does not have a graphical environment. But the Oracle Installer is a graphical application.
So either you have to reroute the graphical output of your application to your XServer or you have to use a remote desktop application like VNC.
If you server does not support a VNCServer you are stuck to the first option (having to reroute the x-output to an xserver on your desktop). On a windows-machine you have to use an X-Windows emulater like cygwin. But on Linux you could do with your native XServer.

But I whished it would be as simple as that. In fact it is quite simple, but it turned out not by default. There are a few prerequisites to be met.

1. Your remote-server, which actually is the X-Client, should be setup to forward X.
You can verify this in the file /etc/ssh/sshd_config. There you should find the option:
X11Forwarding yes
In the wiki http://gentoo-wiki.com/HOWTO_X-forwarding you can find more info about that. But unfortunately you might not have the rights even to look into the file. So you probably need to consult your system's administrator.
2. Now you could try to log on to the server with a terminal session from your Linux (or XWindows emulator).
Run:
ssh -X user@remote-host
or
ssh -Y user@remote-host
The difference is that -Y is not secure while -X is. Be aware that -X is capital. Using the lower-case -x turns the X-forwarding off on your ssh-tunnel. To speed things up you could put a C after -Y or -X.
3. Verify your DISPLAY.
Step 2 actually should do the trick. But trust everything though verify your trust, by:
echo $DISPLAY
This should give you a line like:
localhost:10.0
The -X or -Y option should have set the DISPLAY for you. To test it you could run xclock on the terminal. It should display a graphical clock on your desk.
If your DISPLAY is not set then set it using the following:
export DISPLAY=your-desktop-ip:0.0
The ip of your desktop can be found by running
who am i
in the terminal. Also you could find it by opening a terminal on your local desktop and running ifconfig.
Retry running xclock.
4. Shields up eh.. Shields down
You might turn in to an error like:
Error: Can't open display:
Or another message that denotes that it can't get a connection to your Display.
The latter is simply solved by issuing:
xhost +
This allows all incomming X-requests. In stead of the '+' you could narrow it down by specifying the particular host-name.
Mark that when "ssh -X yourname@remotehost" did set your Display right, your working with X over an ssh tunnel and you should not need to have 'xhost +' issued.
5. Hey, put this shield down
I encountered that this still did not work in my case. I use a Ubuntu distibution using Gnome. And for distributions counts that the [xdmcp] functionality is turned off. XCMCP is the protocol that allows remote login via X. This is recommended since normally you do not want to have 'bad guys' hacking into your XServer. So every X-request is denied.
I solved this by editing my /etc/gdm/gdm.conf by:
sudo gedit /etc/gdm/gdm.conf
Find [xdmcp] and modify the Enabled property:
Enable=true
Then you need to restart GDM, either by logging off or restarting your machine.
Please do not forget to turn it to false after your finished your job!.
Try to do the ssh -X and set your display on your-ip-address:0.0.
Then xclock should work.
6. Hey, I said: put this shield down
After this it worked for me. But I turned of login-security in an earlier stage. So in Ubuntu (7.10 Gutsy Gibbon) goto System/Administration/Login Window. Go to the Security tab and switch of 'Deny TCP connections to Xserver' and the related checkboxes. This did not do the trick for me in the first place. But maybe this was because I did not restart GDM.
Also for this point counts: for your own safety please recheck the boxes afterwards.

Conclusion

At the end I got it working with a little help of my Google-friend. And then it turns out to be simple. So for your convenience and mine I put these steps together in one article.

2 comments :

Unknown said...

Hi martien! Are you the one who was developing at T-Mobile quite a while ago?

See http://frits.homelinux.com/wordpress/?p=23
For a description how to do this using putty & the Xming Xserver for windows!

Martien van den Akker said...

Hey Frits,

Indeed that's me.

Regards,
Martien