| Traditionally X-Windows applications can be started on a remote server and displayed on your local desktop by means of commands like xhost +bohrg.man.ac.uk (on your local machine) and export DISPLAY=mymachine.ch.man.ac.uk (on the remote server). This method is insecure and is blocked on Bohrg and Dominion. Instead, tunnel your display through SSH as described below. |
Following is a simple example in which I begin at my desktop machine as user simonh, ssh into bohrg1 and then storage, and from there start a graphical, X-aware client which displays in a new window on my local desktop.
First, login to bohrg1, note the -X option which enables X-Windows forwarding (not -x, which disables forwarding):
simonh@mctalby:~$ ssh -X bohrg1.man.ac.uk -l mpciish2
Enter passphrase for key '/home/simonh/.ssh/id_dsa':
Warning: No xauth data; using fake authentication data for X11 forwarding.
***************************************************************************
This is the Bohrg gateway, bohrg1.man.ac.uk (aka bohrg.man.ac.uk).
Any questions or problems to Mark Vincent in the first instance.
***************************************************************************
Last login: Fri Apr 15 13:32:12 2005 from mctalby.mc.man.ac.uk
mpciish2@bohrg1:~$
Note the line Warning: No xauth data; using fake authentication data for
X11 forwarding. Now confirm that your SSH client and the SSH server
on bohrg1 are in agreement that X11 traffic should be forwarded:
mpciish2@bohrg1:~$ echo $DISPLAY
localhost:19.0
mpciish2@bohrg1:~$
If, instead of localhost:19.0 or similar (the number will vary),
you see nothing, or something like desktop.ch.man.ac.uk:0, then chances
are that tunnelling is not set up. (In the former case bohrg1 is not
set up to attempt to display any X-Windows application on your desktop; in
the latter case it is attempting to bypass the SSH connection and make
a new connection in the "old fashioned" way --- this will fail.)
Next, login to storage:
mpciish2@bohrg1:~$ ssh -X storage
mpciish2@storage's password:
Rocks 3.1.0 (Matterhorn)
Profile built 17:25 09-Oct-2004
Kickstarted 17:25 09-Oct-2004
-bash-2.05b$
Notice that again I have specified the -X (uppercase) option.
Again it is worth confirming that tunnelling is set before starting a
graphical client in the background:
-bash-2.05b$ echo $DISPLAY
localhost:19.0
-bash-2.05b$ xclock &
[1] 12390
-bash-2.05b$
The clock should appear on your local desktop, perhaps after a few seconds.
At the time of writing (2005 Apr 18) X-Windows applications cannot be tunnelled through SSH on the Dominion cluster. This situation will change in the near future.
| ...previous | up (conts) | next... |