Traditionally X-Windows applications can be started on a remote server and displayed on your local desktop by means of commands like xhost +bohrg.man.ac.uk (on your local machine) and export DISPLAY=mymachine.ch.man.ac.uk (on the remote server). This method is insecure and is blocked on Bohrg and Dominion. Instead, tunnel your display through SSH as described below. |
Following is a simple example in which I begin at my desktop machine as user simonh, ssh into bohrg1 and then storage, and from there start a graphical, X-aware client which displays in a new window on my local desktop.
First, login to bohrg1, note the -X option which enables X-Windows forwarding (not -x, which disables forwarding):
simonh@mctalby:~$ ssh -X bohrg1.man.ac.uk -l mpciish2 Enter passphrase for key '/home/simonh/.ssh/id_dsa': Warning: No xauth data; using fake authentication data for X11 forwarding. *************************************************************************** This is the Bohrg gateway, bohrg1.man.ac.uk (aka bohrg.man.ac.uk). Any questions or problems to Mark Vincent in the first instance. *************************************************************************** Last login: Fri Apr 15 13:32:12 2005 from mctalby.mc.man.ac.uk mpciish2@bohrg1:~$Note the line Warning: No xauth data; using fake authentication data for X11 forwarding. Now confirm that your SSH client and the SSH server on bohrg1 are in agreement that X11 traffic should be forwarded:
mpciish2@bohrg1:~$ echo $DISPLAY localhost:19.0 mpciish2@bohrg1:~$If, instead of localhost:19.0 or similar (the number will vary), you see nothing, or something like desktop.ch.man.ac.uk:0, then chances are that tunnelling is not set up. (In the former case bohrg1 is not set up to attempt to display any X-Windows application on your desktop; in the latter case it is attempting to bypass the SSH connection and make a new connection in the "old fashioned" way --- this will fail.)
Next, login to storage:
mpciish2@bohrg1:~$ ssh -X storage mpciish2@storage's password: Rocks 3.1.0 (Matterhorn) Profile built 17:25 09-Oct-2004 Kickstarted 17:25 09-Oct-2004 -bash-2.05b$Notice that again I have specified the -X (uppercase) option. Again it is worth confirming that tunnelling is set before starting a graphical client in the background:
-bash-2.05b$ echo $DISPLAY localhost:19.0 -bash-2.05b$ xclock & [1] 12390 -bash-2.05b$The clock should appear on your local desktop, perhaps after a few seconds.
At the time of writing (2005 Apr 18) X-Windows applications cannot be tunnelled through SSH on the Dominion cluster. This situation will change in the near future.
...previous | up (conts) | next... |