Using SSH For Your Remote X11 Applications
Note: Was tested (and passed!)in both 3.3.6 and 4.01_3 ver. of XFree86
The true power of BSD lies in networking. At some point in time, you may need to access a remote machine. For administration, you'll probably need a client to access the machine. SSH is the choice of many for this usage. It's more secure than telnet because it uses encryption and cannot be "sniffed", or intercepted, like the telnet application can be.
From the ssh manpage, we can find a clear description of what ssh is:
DESCRIPTION
ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands on a remote machine. It is intended to replace rlogin
and rsh, and provide secure encrypted communications between two untrust-
ed hosts over an insecure network. X11 connections and arbitrary TCP/IP
ports can also be forwarded over the secure channel.
The description mentions using it for X11 connections. For one reason or another, you might want to run X11 applications on a machine that has it already installed. Maybe you want
to keep your personal info on a machine behind another which has a direct link to the internet.
As of FreeBSD 4.0, Open SSH comes bundled with the rest of the OS without having to go searching for an SSH client or daemon.
Assuming you have administrative privledges on both the local and remote machines, or know someone who does and is willing to set it up for you, it is possible to run a graphical
application on your local desktop, which is actually installed on the remote machine. All you need is an X server running locally and an sshd configured properly on the server side.
Your /etc/ssh/sshd_config file has several different features you can use, but only the ones pertinent to this task will be discussed. On the server side, make sure your sshd_config has the following:
X11Forwarding yes
I also commented out the offset because of strange errors I was getting. Things seem to be working normally now. It should look like this:
#X11DisplayOffset 10
Keep in mind that the other lines still apply. We're just making sure these are set for *THIS* use.
Now you can restart your ssh daemon by doing:
killall -HUP sshd
This will/should restart the ssh daemon and make your changes to the sshd_config take effect.
Since most of my work remote is on a command line, we can use the -X flag so that ssh will/should automatically forward X11 data.
ssh -X <host>
It will prompt you for your login and password, which should be done as it would normally. Upon successfully lofgging into the remote machine, you can start any graphical apps you need to run from the command line.
kashmir% xchat &
[2] 20052
kashmir%
Being on one of the other machines here, zoso, I see the app run from kashmir running on this machine's desktop interface. Keep in mind that this may not be desirable for slow or
busy networks, but it is simple to setup and functional when necessary. Using a 10/100 switch here with 100M network cards make this an acceptable fix until I decide whether or not
I want to setup natd on the outside machine. Enjoy!
-christopher.holden@sbt.siemens.com
|