Re: X forwarding from Mac to Mac
Re: X forwarding from Mac to Mac
- Subject: Re: X forwarding from Mac to Mac
- From: Jerry Talkington <email@hidden>
- Date: Mon, 29 Sep 2003 10:10:14 -0700
- Mail-followup-to: email@hidden
On Mon, Sep 29, 2003 at 09:07:25AM -0700, Kevin Stevens wrote:
> On Mon, 29 Sep 2003, mario ruggiero wrote:
>
> > I am attempting to access a Mac remotely via X11. I have turned on X11
> > forward in both sssh_config & sshd_config on the host Mac. My command
> > path is as follows:
> >
> > /usr/X11R6/bin/xhost +;ssh -v -X -l host.name:email@hidden
> > "setenv DISPLAY 111.111.1.112:0; /Applications/Calculator"
In addition to all of the other (correct) comments, I'd like to add a
a few things about this command line.
1) Do *not* use xhost +. Since you are using ssh, this gives
absolutely no benifit, while creating a huge security hole. Also,
I'm not sure if this has any effect when the "Allow connections from
network clients" checkbox in the prefs is not checked. Speaking of
which, that checkbox should be clear also.
2) Do not set the DISPLAY on the remote host. ssh takes care of that
for you, and setting it actually breaks the ssh forwarding.
3) You should set up public key authentication, or type your password
when prompted. Putting your password on the command line makes it
visible to anybody running `ps', which defeats the purpose. A
tutorial on public key auth can be found here:
http://cfm.gs.washington.edu/security/ssh/client-pkauth/
To make this even more seemless on MacOS X, get a copy of SSH Agent,
which will allow keychain access to your keys when set up properly:
http://www.phil.uu.nl/~xges/ssh/
For completeness' sake, here is a step by step guide to setting up
remote X11 over ssh on MacOS X. The same instructions work on any
remote system, but the sshd_config file will most likely be in
/etc/ssh/:
On the remote server (as root):
1) Edit /etc/sshd_config. Change the line that
says
#X11Forwarding no
to
X11Forwarding yes
2) Make sshd reread the configuration:
kill -HUP `cat /var/run/sshd.pid`
On the client (your desktop):
1) Run the command
ssh -X user@remotehost /path/to/x11/program
This will prompt you for the password (unless you have public key
auth set up.) If you haven't already connected via ssh (which you
should do before trying to get X11 working,) it will also ask you to
accept the remote host's public key.
It really is that simple. To make the command line even less
complicated, you can add an entry for the remote host in your
~/.ssh/config:
Host remotehost
ForwardX11 yes
User remote_user_name
Hostname real_host_name_or_ip_address
The Host name can be anything you want, such as an alias or nickname for
the machine, it's just something to identify the set of preferences. If
you use the real host name of the remote machine, you can omit the
Hostname entry.
I'll make this into HTML and put it on my website in the next couple of
days, and post the URL when it's up.
--
GPG public key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x9D5B8762
_______________________________________________
x11-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/x11-users
X11 for Mac OS X FAQ: http://developer.apple.com/qa/qa2001/qa1232.html
Report issues, request features, feedback: http://developer.apple.com/bugreporter
Do not post admin requests to the list. They will be ignored.