Wednesday, 21 March 2012

How to enable X11 Forwarding with SSH on Mac OS X

The aim of this blog post is to discuss how to display an X window from a target machine on our local system.

A good example here would be the Oracle installer for linux... when the installer is executed, it utilises the windowing system configured to display the installer via. SSH. Lets see how we can set this up...


What is the X windowing system (or X11)
The X window system (commonly X Window System or X11, based on its current major version being 11) is a computer software system and network protocol that provides a basis for graphical user interfaces (GUIs) and rich input device capability for networked computers.

Advantages of using SSH for X11 Traffic
- No problems with firewalls, as long as they let SSH pass through (No need to allow access to tcp-port 6000+)
- Communication is encrypted


Note to other OS users [Windows etc]
As long as your software/OS implements the X windowing system, you will be able to display X windows. For windows users, I recommend PuTTY


Mac OS X Configuration

Enable X11 Forwarding in sshd_config
In order to allow X11 forwarding to pass through SSH, we need to enable X11 Forwarding in our config for SSH. This is located in a file called sshd_config and found typically here: /etc/sshd_config or /etc/ssh/sshd_config

Uncomment out the line "# X11Forwarding no" and set it to "yes" (If this hasn't been done already. You will be left with this configuration...

Code Snippet
  1. X11Forwarding yes
End of Code Snippet

Save the file, and restart the sshd service...


Add your target system to the access control list
So our windowing system on our local machine has an access control list (We cant let anybody in as and when we please!)... So we need to allow our target system access to our windowing system.

Code Snippet
  1. xhost fullyqualified.server.name
End of Code Snippet

You will then see this message to confirm...
fullyqualified.server.name being added to access control list


SSH onto our target machine (with the apps using the windowing system. I.e. Oracle Installer)
We can now SSH onto our target machine...

Code Snippet
  1. ssh -X user@fullyqualified.server.name
End of Code Snippet


Ensure the DISPLAY environment variable is configured correctly
On the machine we just SSH'd onto, we need to make sure the DISPLAY environment variable is configured correctly. Our apps will use this to find out where our target machine that supports the X windowing system is located.

Code Snippet
  1. DISPLAY=fullyqualifiedaddressforourhostmachine:0.0
End of Code Snippet

Ensure this has been set correctly...
Code Snippet
  1. echo $DISPLAY
End of Code Snippet

Now lets test to see if our X apps can use our host windowing system via. SSH...
Code Snippet
  1. xclock &
End of Code Snippet

If you do not have xclock, or maybe your trying to execute an installer for Oracle or something, then try and execute the installer.


Gotchas
- Do not set the DISPLAY variable in any login scripts (I.e. bashrc, bash_profile etc...)

No comments: