Help:SSH tunneling for X

From MMAE

<<Back to help:Unix help <<Back to Help:SSH <<Back to Category:Unix software

The X Window System allows access to graphics applications over the network. The ssh protocol creates an encrypted path between two hosts on the network.

ssh is more secure than just copying the display and Xauth records, because the entire session including password and X authority records are encrypted. Also, ssh sets up its own X Authority records, so that your real session's records don't have to be transmitted over even the local network.

Contents 1 From Windows 2 From Windows Using Cygwin or Xming 3 From Unix 4 Remote X With SSH and LBX

[edit] From Windows

If you are looking for a free X software to run under Microsoft Windows, you could try Xming or Cygwin; other free and commercial alternatives are available, including Exceed.

If you are using a windows X server, check and see if it has ssh built in. If it does, you should be able to just turn it on and use it. This is frequently an option under X session creation, or in remote connect options.

If your windows X software does not support ssh, you can try starting it, and then use putty to establish the ssh connection. putty version 0.52 or later supports this. Enable it by looking under Connection / SSH / Tunnels and check Enable X11 forwarding.

[edit] From Windows Using Cygwin or Xming

As an alternative to installing linux, you can try Cygwin, which is a unix environment for windows, or Xming which is only the X11 portion of cygwin. This is a port of the unix API libraries and many unix commands, including the X Window System. Help is available for installing Cygwin, especially if you want to use X with it.

To use putty with Cygwin:

1. Start your Cygwin X session. To do this double click on your cygwin icon (or click on cygwin.exe in your cygwin directory, which defaults to c:\cygwin). The Cygwin window should come up and you should be presented with a command prompt.
2. At the command prompt, type XWin.exe -multiwindow and press return.
3. Once you stop seeing text scrolling (and assuming you don't see an error), minimize cygwin and run putty.
4. Enable SSH tunneling: connection -> ssh -> tunnels -> Enable X11 forwarding (checkbox)
5. log in to the remote host.

Commands run from the putty window should be able to open new windows.

If you are having trouble starting Cygwin X with putty, you might want to try these bare bones helper files:

• Xssh.lnk icon
• Xssh.bat batch file

Right click on these and save in the C:\cygwin directory. (You might want to copy the icon to your start menu and/or desktop.) You may need to edit one or both of these to match how cygwin is installed on your system and which host you want to connect to. (Edit the batch file and change the server hostname if you want to use a server other than the MMAE primary server (carnot).)

[edit] From Unix

By default, the ssh command automatically forwards X connections if run from within an X session.

If your ssh is correctly configured, nothing special is necessary for this to work. You should be able to just ssh to the remote host and start running X applications. If you want to check first, you could try checking the value of the $DISPLAY environment variable. If it is forwarding, it will set this automatically to something like localhost:11. If not, then $DISPLAY will probably be left unset.

[edit] Remote X With SSH and LBX

LBX (Low Bandwidth X) is a protocol specifically designed to speed up X connections over low bandwidth and high latency connections. LBX speeds up remote connections using three methods: caching static information, compressing data, and short circuiting round trip negotiations. This seems to help with interactive performance even over broadband connections. For a deeper discussion on the dubious benefits of LBX, see this paper. (Note that their tests are limited, and do not adequately measure interactive performance, but their conclusions are otherwise fairly true -- LBX doesn't seem to help much more than just compression alone.)

LBX requires two parts to work: the LBX extension in your X server, and the lbxproxy program. To check if your X server supports LBX, type (from unix)

xdpyinfo | grep LBX

or (in windows) look through your server options to see if it is listed as an extension. (The grep command will print nothing if it is not supported.) The lbxproxy command must be run on the remote host after an X connection (via ssh) has already been set up; by default, it will proxy your current X session, and set up the proxy display as :63 or localhost:63 (see below). If this is already used, it will fail; you can pick a different display number by giving it on the lbxproxy command line.

Unfortunately, lbxproxy does not seem completely compatible with ssh. It works, but the local ssh X authority is not correctly recognized. You need to copy your actual Xauthority records from your local system to the remote system as described here, but replace the display name with localhost:63 or whatever you have used for your lbxproxy display number. Once you have correctly copied the Xauthority records, run xterm -display :63 (or whatever) on the remote host to start the first client under LBX, and then run everything else from the new window.

(This is messy, ask for a demo if you can't figure it out.) I found that LBX gives some slight interactive performance improvement with I-DEAS over my DSL connection, especially with pull down menus, but dynamic view was still totally unusable. (Motion event and repeat key throttling would probably help significantly.) Your results may be more dramatic or less noticeable, depending on the latency and bandwidth of your connection. You may want to experiment with turning on or off compression for either ssh or lbxproxy. (Check the respective man pages for details.)