Welcome to the MacNN Forums.

kman42 · May 7, 2004, 01:22 PM

I want to be able to run some X11 apps on my home desktop from my laptop at work. I have the apps running fine locally and I can ssh into my home machine. What do I need to do to configure X11 to send the window data to my laptop at work from my desktop (I know there is some terminology that I am missing here)? Do I just do 'ssh -X xxx.xxx.xxx.xxx' to get into my home machine (this works fine) and then do the usual 'export DISPLAY=:0'? For some reason I think I remember this is an insecure way to do it.

thanks,
kman

utidjian · May 7, 2004, 10:25 PM

Originally posted by kman42:
I want to be able to run some X11 apps on my home desktop from my laptop at work. I have the apps running fine locally and I can ssh into my home machine. What do I need to do to configure X11 to send the window data to my laptop at work from my desktop (I know there is some terminology that I am missing here)? Do I just do 'ssh -X xxx.xxx.xxx.xxx' to get into my home machine (this works fine) and then do the usual 'export DISPLAY=:0'? For some reason I think I remember this is an insecure way to do it.

No, it is no more nor less secure than the ssh session the X is tunneling through. Even better, if you are allowed to, is to just run the X11 apps locally at work. Through an ssh tunnel the issue isn't security so much as it is performance.

kman42 · May 8, 2004, 09:11 AM

Originally posted by utidjian:
No, it is no more nor less secure than the ssh session the X is tunneling through. Even better, if you are allowed to, is to just run the X11 apps locally at work. Through an ssh tunnel the issue isn't security so much as it is performance.

Well, I can run the apps on my laptop at work, but the performance hit in the apps is in the calculations. Sometimes it takes 5 minutes for my 12" PB and it runs much faster on my G5 desktop. I am less concerned about the performance of transmitting the final result as it is just a relatively small amount of text (as is the input).

kman

kvm_mkdb · May 8, 2004, 05:53 PM

Originally posted by kman42:
I want to be able to run some X11 apps on my home desktop from my laptop at work. I have the apps running fine locally and I can ssh into my home machine. What do I need to do to configure X11 to send the window data to my laptop at work from my desktop (I know there is some terminology that I am missing here)? Do I just do 'ssh -X xxx.xxx.xxx.xxx' to get into my home machine (this works fine) and then do the usual 'export DISPLAY=:0'? For some reason I think I remember this is an insecure way to do it.

thanks,
kman

Yeah, that's quite insecure. The secure way is something like: (first make sure X11 is running on your local machine)

local$ export DISPLAY=:0
local$ ssh -X remote
password:
remote$ echo $DISPLAY
localhost:10.0
remote$ xterm &

kman42 · May 9, 2004, 09:29 AM

Originally posted by kvm_mkdb:
Yeah, that's quite insecure. The secure way is something like: (first make sure X11 is running on your local machine)

local$ export DISPLAY=:0
local$ ssh -X remote
password:
remote$ echo $DISPLAY
localhost:10.0
remote$ xterm &

Thanks. Can you explain to me why the difference in order of the ssh and export display commands is important? I'd like to understand this on a deeper level since security is involved.

kman

kvm_mkdb · May 9, 2004, 02:52 PM

Originally posted by kman42:
Thanks. Can you explain to me why the difference in order of the ssh and export display commands is important? I'd like to understand this on a deeper level since security is involved.

'ssh -X' needs 2 things to do its magic: a 'cookie', normally stored in ~/.Xauthority, and the DISPLAY environment variable set on your local machine.
If those two things are present, the sshd daemon on the remote machine will create a tunnel and set the DISPLAY accordingly.

Look at the 'ssh' and 'sshd' manpages for a more in-depth explanation.