SSH Tunneling of X protocol from non-interactive session - Linux

This is a discussion on SSH Tunneling of X protocol from non-interactive session - Linux ; Hallo, I need to forward X terminal through the firewall from non-interactive session. Situation: M - my computer F - firewall C - cluster with application M --- F ---- C The final point is to run a X application ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: SSH Tunneling of X protocol from non-interactive session

  1. SSH Tunneling of X protocol from non-interactive session

    Hallo,

    I need to forward X terminal through the firewall from non-interactive
    session.


    Situation:
    M - my computer
    F - firewall
    C - cluster with application

    M --- F ---- C

    The final point is to run a X application on C from a queuing system and
    display on M.

    First setup simple test. I am sitting at M. I would like to open tunnel
    from C to M tunneling X protocol.

    M> xhost +
    M> ssh -x C
    C> ssh -L6001:localhost:6000 M

    Now I try to run application on C and forward the X protocol to M. Open
    another termimal (still leaving the tunnel opened) and

    M> ssh -x C
    C> export DISPLAY=C:1
    C> xterm

    and error message appear:
    xterm Xt error: Can't open display: C:1

    Does anybody know why? Is there a problem with authorization? On M all
    the connections are allowed (it was xhost +).

    If this would work I would write a script creating tunnel from C to M
    and running the application on C with display C:1 forwarded to M. When
    the script is executed terminal would open on my desktop...


    Thanks for all the help!!!



    Jiri


    P.S.: I use OpenSSH_3.7.1p2, however I don't think it is important...


  2. Re: SSH Tunneling of X protocol from non-interactive session

    Dobes Jiri wrote:

    > Hallo,
    >
    > I need to forward X terminal through the firewall from non-interactive
    > session.
    >
    >
    > Situation:
    > M - my computer
    > F - firewall
    > C - cluster with application
    >
    > M --- F ---- C
    >
    > The final point is to run a X application on C from a queuing system
    > and display on M.
    >
    > First setup simple test. I am sitting at M. I would like to open
    > tunnel from C to M tunneling X protocol.
    >
    > M> xhost +
    > M> ssh -x C
    > C> ssh -L6001:localhost:6000 M
    >
    > Now I try to run application on C and forward the X protocol to M.
    > Open another termimal (still leaving the tunnel opened) and
    >
    > M> ssh -x C
    > C> export DISPLAY=C:1
    > C> xterm
    >
    > and error message appear:
    > xterm Xt error: Can't open display: C:1
    >
    > Does anybody know why? Is there a problem with authorization? On M all
    > the connections are allowed (it was xhost +).
    >
    > If this would work I would write a script creating tunnel from C to M
    > and running the application on C with display C:1 forwarded to M. When
    > the script is executed terminal would open on my desktop...
    >
    >
    > Thanks for all the help!!!
    >
    >
    >
    > Jiri
    >
    >
    > P.S.: I use OpenSSH_3.7.1p2, however I don't think it is important...
    >


    First remark: why exactly do you want to forward the X connection
    manually instead of letting ssh do the dirty work (M>ssh -Y C) ? You
    lose the encryption.
    Second: Are you sure that X is listening on localhost:6000 on M ? It
    might be possible that the X server was launched with the -nolisten flag.

    Mihai

  3. Re: SSH Tunneling of X protocol from non-interactive session

    Mihai Osian wrote:

    > Dobes Jiri wrote:
    >
    >> Hallo,
    >>
    >> I need to forward X terminal through the firewall from
    >> non-interactive session.
    >>
    >>
    >> Situation:
    >> M - my computer
    >> F - firewall
    >> C - cluster with application
    >>
    >> M --- F ---- C
    >>
    >> The final point is to run a X application on C from a queuing system
    >> and display on M.
    >>
    >> First setup simple test. I am sitting at M. I would like to open
    >> tunnel from C to M tunneling X protocol.
    >>
    >> M> xhost +
    >> M> ssh -x C
    >> C> ssh -L6001:localhost:6000 M
    >>
    >> Now I try to run application on C and forward the X protocol to M.
    >> Open another termimal (still leaving the tunnel opened) and
    >>
    >> M> ssh -x C
    >> C> export DISPLAY=C:1
    >> C> xterm
    >>
    >> and error message appear:
    >> xterm Xt error: Can't open display: C:1
    >>
    >> Does anybody know why? Is there a problem with authorization? On M
    >> all the connections are allowed (it was xhost +).
    >>
    >> If this would work I would write a script creating tunnel from C to M
    >> and running the application on C with display C:1 forwarded to M.
    >> When the script is executed terminal would open on my desktop...
    >>
    >>
    >> Thanks for all the help!!!
    >>
    >>
    >>
    >> Jiri
    >>
    >>
    >> P.S.: I use OpenSSH_3.7.1p2, however I don't think it is important...
    >>

    >
    > First remark: why exactly do you want to forward the X connection
    > manually instead of letting ssh do the dirty work (M>ssh -Y C) ? You
    > lose the encryption.


    Ah, sorry. I was dreaming - please ignore the "missing encryption".

    > Second: Are you sure that X is listening on localhost:6000 on M ? It
    > might be possible that the X server was launched with the -nolisten flag.
    >
    > Mihai



  4. Re: SSH Tunneling of X protocol from non-interactive session

    Crosspost deleted and followups set to comp.windows.x

    In comp.windows.x Dobes Jiri wrote:

    > M> ssh -x C


    This disables X fordwarding not enables it.

    You need

    M> ssh -Y C

    This enables trusted X11 forwarding.

    Using -X enables untrusted forwarding and things like copy and paste won't
    work.

    You do not need xhost+ and you do not need to se the display environment
    variable and you do not need to explictly forward the X ports.

    On C you should get something like

    C> echo $DISPLAY
    localhost:18.0

    If you then do

    C> xterm &

    It should display on the X server running on M.

    -p
    --
    "What goes up must come down, ask any system administrator"
    --------------------------------------------------------------------

  5. Re: SSH Tunneling of X protocol from non-interactive session

    Mihai Osian wrote:
    > Mihai Osian wrote:
    >
    >> Dobes Jiri wrote:
    >>
    >>> Hallo,
    >>>
    >>> I need to forward X terminal through the firewall from
    >>> non-interactive session.
    >>>
    >>>
    >>> Situation:
    >>> M - my computer
    >>> F - firewall
    >>> C - cluster with application
    >>>
    >>> M --- F ---- C
    >>>
    >>> The final point is to run a X application on C from a queuing system
    >>> and display on M.
    >>>
    >>> First setup simple test. I am sitting at M. I would like to open
    >>> tunnel from C to M tunneling X protocol.
    >>>
    >>> M> xhost +
    >>> M> ssh -x C
    >>> C> ssh -L6001:localhost:6000 M
    >>>
    >>> Now I try to run application on C and forward the X protocol to M.
    >>> Open another termimal (still leaving the tunnel opened) and
    >>>
    >>> M> ssh -x C
    >>> C> export DISPLAY=C:1
    >>> C> xterm
    >>>
    >>> and error message appear:
    >>> xterm Xt error: Can't open display: C:1
    >>>
    >>> Does anybody know why? Is there a problem with authorization? On M
    >>> all the connections are allowed (it was xhost +).
    >>>
    >>> If this would work I would write a script creating tunnel from C to M
    >>> and running the application on C with display C:1 forwarded to M.
    >>> When the script is executed terminal would open on my desktop...
    >>>
    >>>
    >>> Thanks for all the help!!!
    >>>
    >>>
    >>>
    >>> Jiri
    >>>
    >>>
    >>> P.S.: I use OpenSSH_3.7.1p2, however I don't think it is important...
    >>>

    >>
    >> First remark: why exactly do you want to forward the X connection
    >> manually instead of letting ssh do the dirty work (M>ssh -Y C) ?



    I cannot use -X or -Y option, because I have to run *noninteractivelly*
    from computer C to display M. I plan to sumbmit script like

    export DISPLAY=C:1
    xterm -e gdb my_executable

    while there is a open tunnel from C:6001 to M:6000.

    It is because C is a 50 nodes cluster and I need to run debuging job in
    a parallel enviroment. I don't sit on front of the C, but at terminal M,
    it is 1000 km away [700 miles]. Normally, you have to prepare script on
    C, submit the script using PBS system and when the cluster is free
    [usually imediatelly] the job starts. When the job starts, I would like
    it to open terminal with the debugger on my computer M and I can start
    to debug interactivelly. I was doing that, but there is a firewall now
    and I don't know how to work it out.

    >> Second: Are you sure that X is listening on localhost:6000 on M ? It
    >> might be possible that the X server was launched with the -nolisten

    flag.

    It should be listening. The X is running with
    /usr/X11R6/bin/X vt7 -auth /var/lib/xdm/authdir/authfiles/A:0-qCOhba
    I can go to another machine, point display to M:0.0 and open a terminal.
    How can I recognise on which port does it listen (it should be 6000
    normally). netstat -a gives me this line:
    tcp 0 0 *:x11 *:* LISTEN

    Any idea?

    Jiri

  6. Re: SSH Tunneling of X protocol from non-interactive session

    Dobes Jiri wrote:

    > Mihai Osian wrote:
    >
    >> Mihai Osian wrote:
    >>
    >>> Dobes Jiri wrote:
    >>>
    >>>> Hallo,
    >>>>
    >>>> I need to forward X terminal through the firewall from
    >>>> non-interactive session.
    >>>>
    >>>>
    >>>> Situation:
    >>>> M - my computer
    >>>> F - firewall
    >>>> C - cluster with application
    >>>>
    >>>> M --- F ---- C
    >>>>
    >>>> The final point is to run a X application on C from a queuing
    >>>> system and display on M.
    >>>>
    >>>> First setup simple test. I am sitting at M. I would like to open
    >>>> tunnel from C to M tunneling X protocol.
    >>>>
    >>>> M> xhost +
    >>>> M> ssh -x C
    >>>> C> ssh -L6001:localhost:6000 M
    >>>>
    >>>> Now I try to run application on C and forward the X protocol to M.
    >>>> Open another termimal (still leaving the tunnel opened) and
    >>>>
    >>>> M> ssh -x C
    >>>> C> export DISPLAY=C:1
    >>>> C> xterm
    >>>>
    >>>> and error message appear:
    >>>> xterm Xt error: Can't open display: C:1
    >>>>
    >>>> Does anybody know why? Is there a problem with authorization? On M
    >>>> all the connections are allowed (it was xhost +).
    >>>>
    >>>> If this would work I would write a script creating tunnel from C to
    >>>> M and running the application on C with display C:1 forwarded to M.
    >>>> When the script is executed terminal would open on my desktop...
    >>>>
    >>>>
    >>>> Thanks for all the help!!!
    >>>>
    >>>>
    >>>>
    >>>> Jiri
    >>>>
    >>>>
    >>>> P.S.: I use OpenSSH_3.7.1p2, however I don't think it is important...
    >>>>
    >>>
    >>> First remark: why exactly do you want to forward the X connection
    >>> manually instead of letting ssh do the dirty work (M>ssh -Y C) ?

    >>

    >
    >
    > I cannot use -X or -Y option, because I have to run
    > *noninteractivelly* from computer C to display M. I plan to sumbmit
    > script like
    >
    > export DISPLAY=C:1
    > xterm -e gdb my_executable
    >
    > while there is a open tunnel from C:6001 to M:6000.
    >
    > It is because C is a 50 nodes cluster and I need to run debuging job
    > in a parallel enviroment. I don't sit on front of the C, but at
    > terminal M, it is 1000 km away [700 miles]. Normally, you have to
    > prepare script on C, submit the script using PBS system and when the
    > cluster is free [usually imediatelly] the job starts. When the job
    > starts, I would like it to open terminal with the debugger on my
    > computer M and I can start to debug interactivelly. I was doing that,
    > but there is a firewall now and I don't know how to work it out.
    >
    > >> Second: Are you sure that X is listening on localhost:6000 on M ? It
    > >> might be possible that the X server was launched with the -nolisten

    > flag.
    >
    > It should be listening. The X is running with
    > /usr/X11R6/bin/X vt7 -auth /var/lib/xdm/authdir/authfiles/A:0-qCOhba
    > I can go to another machine, point display to M:0.0 and open a
    > terminal. How can I recognise on which port does it listen (it should
    > be 6000 normally). netstat -a gives me this line:
    > tcp 0 0 *:x11 *:* LISTEN
    >
    > Any idea?
    >
    > Jiri




    Humm... One question, regarding the following line:
    C> export DISPLAY=C:1
    "C:1" might refer to C's external IP address, while the ssh tunnel is
    made to the loopback address (localhost:6000 on C). Once the tunnel is
    setup, can you run "telnet localhost:60001" on C and get a successful
    connection ? If you can not, then try this:
    C> export DISPLAY=localhost:1
    and see what happens.

    Mihai

  7. Re: SSH Tunneling of X protocol from non-interactive session

    : Dobes Jiri
    : I cannot use -X or -Y option, because I have to run
    : *noninteractivelly* from computer C to display M. I plan to sumbmit
    : script like
    :
    : export DISPLAY=C:1 xterm -e gdb my_executable
    :
    : while there is a open tunnel from C:6001 to M:6000.

    But all -X or -Y do, when going from M to C, is open
    a tunnel from (typically) C:6010 to (typically) M:6000.
    Plus handle xauth protocol; without that, you'd need
    to do xauth processing "by hand".

    So, since you will be running an ssh session to keep
    the tunnel open, why not just run an ssh session and keep
    the same tunnel open with -X?

    Possibly, because you don't want to have a shell left running on C? You
    could use some other innocuous process rather than a shell; that might
    not work with -N, though.

    In any event, if you are launching the debug by a non-interactive
    process, and then rendezvousing with it later, I'd suggest using
    Xvnc, (or Xvfb with x11vnc or the like), so that the debugging session
    could launch its own X server, rather than just a proxy. This has
    the advantage that if the network goes down, you can reconnect to
    your debugging session.

    So. On C, to start the debugger, something like

    Xvnc :1 &
    env DISPLAY=:1 xterm -e gdb my_executable &

    (though possibly you may also want to run a window manager),
    and then on M, you use vncviewer with -via, or an explicit ssh tunnel
    and vncviewer to localhost, to rendezvous with the debugger. You may
    also want to use some other Xvnc options, such as -auth and -rfbauth for
    authentication and passwords, and -localhost to encourage use of
    tunneling and encryption. Or possibly use the vncserver script to
    launch the Xvnc.

    Pros: you can reconnect, you can collaborate, you don't need to launch
    the debugger while you have the tunnel running, your X services are done
    locally with much lower latency.

    Cons: the server must have Xvnc installed, what's transported to
    the remote site is a bitmap, you are consuming more resources on C.

    Note, of course, that if you are using gdb, you could launch it
    under "screen" also, and wouldn't need X at all; depends on what
    else you'd be using X for, but if you run an xterm on M, then an
    ssh session to reach M, then screen -r to attach to the existing
    gdb session, you'd have the same capabilities as if you
    were running the xterm on M displaying to C, but less data
    would be going between M and C.


    Wayne Throop throopw@sheol.org http://sheol.org/throopw

  8. Re: SSH Tunneling of X protocol from non-interactive session

    Dobes Jiri wrote:
    > Hallo,
    >
    > I need to forward X terminal through the firewall from non-interactive
    > session.
    >
    >
    > Situation:
    > M - my computer
    > F - firewall
    > C - cluster with application
    >
    > M --- F ---- C
    >
    > The final point is to run a X application on C from a queuing system and
    > display on M.
    >
    > First setup simple test. I am sitting at M. I would like to open tunnel
    > from C to M tunneling X protocol.
    >
    > M> xhost +
    > M> ssh -x C
    > C> ssh -L6001:localhost:6000 M
    >
    > Now I try to run application on C and forward the X protocol to M. Open
    > another termimal (still leaving the tunnel opened) and
    >
    > M> ssh -x C
    > C> export DISPLAY=C:1
    > C> xterm
    >
    > and error message appear:
    > xterm Xt error: Can't open display: C:1
    >
    > Does anybody know why? Is there a problem with authorization? On M all
    > the connections are allowed (it was xhost +).
    >
    > If this would work I would write a script creating tunnel from C to M
    > and running the application on C with display C:1 forwarded to M. When
    > the script is executed terminal would open on my desktop...
    >
    >
    > Thanks for all the help!!!
    >
    >
    >
    > Jiri
    >
    >
    > P.S.: I use OpenSSH_3.7.1p2, however I don't think it is important...
    >


    I remember my network admin having to alter the router configuration to
    get X to work through the router. I'm not sure if this is an intranet or
    internet solution. Mine was a intranet solution and I had to get the
    network admin to enable the route of the "xdmcp" protocol for it to
    work! I assume you firewall has to be setup to pass this protocol as well!

    After that it worked with the xhost and DISPLAY solutions. Here are the
    services in question;

    xdmcp 177/tcp # X Display Mgr. Control Proto
    xdmcp 177/udp



+ Reply to Thread