X11 Forwarding Tutorial

I might be wrong, but VNC is probably not what you want. You have to understand, that there are subtle differences in how both solutions work.

A solution like VNC requires that on the server there is a desktop environment of some sort running locally, which you can then access remotely. This is in essence, copying the screen contents from monitor A to monitor B, and sending the mouse position to the server. In the windows world, this might make some sense, as there is no windows without a graphical desktop, even on so called servers ;)

With X11 forwarding, each X application running on the server, displays on a remote display. There is no need for a graphical display on the server side, it could even be headless with just a serial console attached. It doesn't even need to have an X server installed. And there can be multiple users, working on remote displays, all using the same server for running the actual applications.
 
I do understand that, and your right I want true forwarding and not VNC but i thought I would try it....(at this point though i will take what I can get... as long as i dont' have to do every single thing in a xterm/terminal), in fact that brings me to my next question.... Because I don't have a monitor/keyboard/mouse hooked up to my server but I do have an xserver/kde/gnome2/twm/fluxbox and all that stuff installed and works if I hook a monitor/keyboard/mouse up.

If hook a monitor/keyboard/mouse up to my server I MUST $ su before I can # startx or # kdm. It would never let me start either as a normal user, is that possibly what is causing the issue here?
 
Lego said:
I do understand that, and your right I want true forwarding and not VNC but i thought I would try it....(at this point though i will take what I can get... as long as i dont' have to do every single thing in a xterm/terminal), in fact that brings me to my next question....
Click to expand...

As I said earlier, bringing up some xterm on your windows X display is only a test, to verify that X11 forwarding between the two machines works in general. To get the real thing (tm), you will probably want to setup some display manager, to get a full graphical login, session management, and all the other good stuff.

If you are going to use KDE, then kdm would be the program of choice. A quick google suggests, that XDMCP configuration of kdm is quite similar to that of xdm, which I have been using quite a while. So why not give it a try?

Lego said:
If hook a monitor/keyboard/mouse up to my server I MUST $ su before I can # startx or # kdm. It would never let me start either as a normal user, is that possibly what is causing the issue here?
Click to expand...

I don't think so. Did you by chance uncheck the Install X server setuid config option, when installing the Xorg server port? That could explain such behaviour, but should be irrelevant as it only matters when using startx. Any display manager (xdm, gdm, kdm, ...) should take care of starting the X server with a privileged uid. The other thing is, you don't need an X server running on that machine, when you are going to access it via a remote display.
 
No Default install of Freebsd 7.1-R and install X and all sources option...

And If I can't even get xcalc(or an xterm for that matter) to boot in twm/X why try kdm... something is definitely wrong.... :( I just don't see the reason to try and get kdm to boot when I can't even get any x application to run remotely....

Okay so I have tried using just X now and still I'm getting the same errors...
I'm getting very frustrated, why is it doing this to me..... I've tried a bunch of different little things i found on other sites... nothing works All I keep getting is the refused by server error , authentication error.... I even just tried to use Xming, Same result...

Okay So I click the Cygwin shortcut from the desktop it opens the terminal, I type X and hit enter and it opens the X server (big grey background), then I open putty and connect to the blurr-ink server.... is that the right order??

Another thing why does it say refused by 'blurr-ink.com:10.0' shouldn't it say blurr-ink.com:0.0 ???

Cygwin_ss3.jpg
 
Lego said:
Okay So I click the Cygwin shortcut from the desktop it opens the terminal, I type X and hit enter and it opens the X server (big grey background), then I open putty and connect to the blurr-ink server.... is that the right order??
Click to expand...
It is.
Lego said:
Another thing why does it say refused by 'blurr-ink.com:10.0' shouldn't it say blurr-ink.com:0.0 ???
Click to expand...

Actually neither. It is supposed to say something like 'localhost:10.0'.

What is in your /etc/hosts file?
 
/etc/hosts:
Code: 
::1             localhost blurr-ink.com
127.0.0.1       localhost blurr-ink.com
192.168.0.194   localhost blurr-ink.com

it has other stuff.... obviously, but this is the only un-hashed stuff..

Okay, I did a little more research, and I guess I have those wrong.... They might still be wrong but this is what I changed them too....

Code: 
::1             localhost.blurr-ink.com localhost
127.0.0.1       localhost.blurr-ink.com localhost
192.168.0.194   localhost.blurr-ink.com localhost

Now when I open the X server then putty, instead of getting the refused connections it just does nothing.....
 
OPPSSS!!!!

okay it didn't work:
Code: 
blurr-ink# xcalc
Error: Can't open display: blurr-ink.com:10.0
blurr-ink#

But atleast we aren't getting the connection error, and authentication error anymore :S
 
Well I fixed it.... Mostly, Not sure Which thing did it but I'll list what I've done.

Installed Cygwin 4 times....LOL yes I was having some issues.... because there is issues if you mess up half way through, so I have on my windows box c: \cygwin1 through c: \cygwin4 (and c: \cygwin download files\1 through 4).... LOL 1&3 are stable version 2&4 are 1.7, 4 is the working version, During the Install when you select the apps to install I selected ALL -> Install not default. Also, Im having issues getting the old versions out.... the setup app doesn't remove the files properly when you change it to Uninstall.... and I just did a right-click delete on cygwin1 which deleted all the files except a "C: \cygwin\dev\nul" file which gives me an error message popup stating:
Code: 
Invalid MS-DOS function.
nul
Type:file
Size:0bytes
date modified:etc...
Try again, cancel
try again fails every time....

Anyway, Back to BSD:
Changed /etc/ssh/sshd_config to:
Code: 
DenyGroups deniedssh
IgnoreRhosts yes
Banner /root/sshmessage.txt
IgnoreUserKnownHosts no
PrintMotd yes
StrictModes yes
RSAAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication yes
UsePrivilegeSeparation yes
GatewayPorts yes
KeepAlive yes
AllowAgentForwarding yes
AllowTcpForwarding yes
X11Forwarding yes

Changed /etc/ssh/ssh_config to:
Code: 
Host L3G0@L3G0-PC (this is my cygwin shell host name I guess)
	ForwardX11 yes
	ForwardAgent yes
	StrictHostKeyChecking ask

Changed /etc/hosts to:
Code: 
::1             localhost.blurr-ink.com localhost
127.0.0.1       localhost.blurr-ink.com localhost
192.168.0.194   localhost.blurr-ink.com localhost

That is the only way it would work for me Not sure why. I was under the impression that the word following localhost.blurr-ink.com was a nickname for the server, but thats the only way it would work for me.

So I reboot the bsd box, open cygwin and $ sh /usr/bin/startxwin.sh, open putty log in and it works.. xcalc konqueror, minesweeper all worked... firefox doesn't want to open but Epiphany browser works fine. Um weird thing with konqueror I can use it to navigate/open files but if i try to open a web page with it, it closes....

So Anyway, I can Log in and it works now, But How do I use root? cuz to install apps or change stuff, I need to be root. When I su'd to root in the putty window then tried to open something it gave the same error as before:
Code: 
blurr-ink# xcalc
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
Error: Can't open display: localhost:10.0
blurr-ink#
 
Lego said:
Well I fixed it.... Mostly, Not sure Which thing did it but I'll list what I've done.
Click to expand...
Congratulations.
Lego said:
Changed /etc/ssh/sshd_config to ...
Click to expand...
Um, how is it now different than before?

Lego said:
Changed /etc/hosts to:
Code: 
::1             localhost.blurr-ink.com localhost
127.0.0.1       localhost.blurr-ink.com localhost
192.168.0.194   localhost.blurr-ink.com localhost

That is the only way it would work for me Not sure why. I was under the impression that the word following localhost.blurr-ink.com was a nickname for the server, but thats the only way it would work for me.
Click to expand...

To be honest, I never changed /etc/hosts from the default, that gets installed with FreeBSD. The hostname gets set in /etc/rc.conf, and for everything else, I have an operable DNS server :p

Lego said:
So I reboot the bsd box, open cygwin and $ sh /usr/bin/startxwin.sh, open putty log in and it works.. xcalc konqueror, minesweeper all worked... firefox doesn't want to open but Epiphany browser works fine. Um weird thing with konqueror I can use it to navigate/open files but if i try to open a web page with it, it closes....
Click to expand...

I guess web browsers are a beast of it's own kind. Personally I use firefox only. Started epiphany one time, had a short look, case closed.

Maybe these days, I will find the time, to install cygwin on another machine, so I could test it against my workstation, while it is running FreeBSD. Then I could tell you how well firefox works for me over X11 forwarding. My server has only very basic X stuff installed. So, no browsers, no Gnome, ...

Lego said:
So Anyway, I can Log in and it works now, But How do I use root? cuz to install apps or change stuff, I need to be root. When I su'd to root in the putty window then tried to open something it gave the same error as before:
Code: 
blurr-ink# xcalc
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
Error: Can't open display: localhost:10.0
blurr-ink#
Click to expand...
Not sure, how the SSH tunneled X11 forwarding reacts to a change of the UID. But what happens, if you start an xterm from your putty login, and use su within that xterm instead?
 
Well the sshd_config and ssh_config, I toasted, and used webmin to generate new files for both.

LOL, well as for the hosts file, You asked so I told, Then believed something was wrong with it.... Which resulted in about 15 different configurations until I got this one working :p

As for the Firefox thing, If I hook the monitor/keyboard/mouse up firefox/kde/gnome2 all works fine, I'm wondering if its the base memory for cygwin causing the firefox to crash, its a more resource heavy browser compared to Epiphany. My Server was doubling as a Work Station/Server when I was at my old apartment... bigger desk room for 2 monitors/keyboards/mice; its been a server only since I moved...much smaller apartment/desk.

I tried using the putty to open an xterm then su, Same Error. But I found a work around... I had changed my port back default as so I could eliminate that as and issue, and well overnight I had a crazy amount of hack attempts.... so sshguard is not working again ARGH!!!! But back to the point, I had root logins disabled, but I again changed my Port to a very obscure port and enabled root logins again, and If I log in as root with putty it allows me to use the xapps as root. problem solved!

I've done a few google searches like you suggested to use KDM instead of startx or just X, and everything talks about XDMCP or something, but Configuring for it all seems to be related to mandrake, linux, ubuntu, etc... so How would I try and get that working on BSD?
 
Lego said:
Well the sshd_config and ssh_config, I toasted, and used webmin to generate new files for both.
Click to expand...
*igh*

Lego said:
LOL, well as for the hosts file, You asked so I told, Then believed something was wrong with it.... Which resulted in about 15 different configurations until I got this one working :p
Click to expand...
When it doesn't say 'localhost', where it is supposed to say 'localhost', this smells like something must be wrong with /etc/hosts :e
The comments in this file aren't very helpful either. And why would I want 'localhost.my.domain' ?

Lego said:
As for the Firefox thing, If I hook the monitor/keyboard/mouse up firefox/kde/gnome2 all works fine, I'm wondering if its the base memory for cygwin causing the firefox to crash, its a more resource heavy browser compared to Epiphany.
Click to expand...

Sure, but it should run anyways. Does firefox give you some error message when it crashes?

Lego said:
I tried using the putty to open an xterm then su, Same Error. But I found a work around... I had changed my port back default as so I could eliminate that as and issue, and well overnight I had a crazy amount of hack attempts.... so sshguard is not working again ARGH!!!! But back to the point, I had root logins disabled, but I again changed my Port to a very obscure port and enabled root logins again, and If I log in as root with putty it allows me to use the xapps as root. problem solved!
Click to expand...
By definition, you should not execute X apps as root anyway ;)

Lego said:
I've done a few google searches like you suggested to use KDM instead of startx or just X, and everything talks about XDMCP or something, but Configuring for it all seems to be related to mandrake, linux, ubuntu, etc... so How would I try and get that working on BSD?
Click to expand...

For a start you need to locate, where kdm keeps the corresponding configuration files. What I found on kdm and XDMCP suggested, that these are similar in structure and contents to that of xdm, so I presume, these will be called Xservers, Xaccess, and probably some more like Xsession and a kdm configuration file.

If they copied that stuff from xdm, those files should be commented quite well.

What you want to do next is three things:
  1. Comment out any X server line in the Xservers file, so that kdm will not start an X server on the local display.
  2. Allow XDMCP access from your windows machine, by configuring the Xaccess file.
  3. Make sure kdm will open and listen on the XDMCP port (177) at all.
Now you should be able to test, if it works. I guess kdm will also have some commandline flag, to not daemonize it, but run it in the foreground with debugging output enabled. For a test run, this would come in handy, so you can see whats happening on the server side.

On windows, start the cygwin shell as usual, then try to connect with [CMD=""]X -query <your_server_hostname>[/CMD].
 
http://www.freebsd.org/doc/en/books/handbook/configtuning-configfiles.html I was looking at that... it uses localhost and localhost.my.domain... I simply copied that... mind you mine are backwards now that I think about it... but none the less I was following that.

LOL must have been a glitch.... Firefox is working fine now.

Yes, I know that you shouldn't run Xapps as root, but if you wanted to edit /etc/rc.conf or /etc/hosts or any system file, not to mention all my website files are owned by root.... you have 2 choices (as I see it) su and edit them in a putty window (ee), or open kedit as root and make my life easier. I dunno I always had to su before starting X or kdm when I had a monitor/keyboard/mouse hooked up to it anyway.. so that doesn't bother me.

Thanks for all the help, I'll try the XDMCP in the morning, gotta get some zZzz... good night.
 
Lego said:
http://www.freebsd.org/doc/en/books/handbook/configtuning-configfiles.html I was looking at that... it uses localhost and localhost.my.domain... I simply copied that... mind you mine are backwards now that I think about it... but none the less I was following that.
Click to expand...
I always first edit the config files, and read the documentation later :p

Lego said:
Yes, I know that you shouldn't run Xapps as root, but if you wanted to edit /etc/rc.conf or /etc/hosts or any system file, not to mention all my website files are owned by root.... you have 2 choices (as I see it) su and edit them in a putty window (ee), or open kedit as root and make my life easier.
Click to expand...

You should see to it that you get used to a decent editor that runs in a terminal :e
Personally, I couldn't bear it, if I had to move my hands away from the keyboard, everytime an extra editor window opens *somewhere*.

Lego said:
Thanks for all the help, I'll try the XDMCP in the morning, gotta get some zZzz... good night.
Click to expand...

np, keep me updated, how it works out.
 
Okay, Sorry it's been so long since a response, but funny thing happened.. well not funny I'm extremely upset...

Landlord came to fix the stove well I was not home, and my girlfriend forgot to power down my computers... Well to make a long story short The CPU fan in my Server has been finicky lately and I've not had the time to change it. So When the Landlord decided he'd flip every single breaker off in my apartment, he killed power to my server, and because my girlfriend didn't know I was having issues with my fan, she didn't know not to let the computer turn itself back on (see the fan ran fine it was the start up spin it was having trouble with).... So Basically my system overheated beeped a bunch and shut off..... I opened the Case and the Fan was completely dead now... I've still not had time to get to the store and buy a replacement and see if the overheating was fatal to the system, so I took my girlfriends computer (she doesn't use it anymore) and installed FreeBSD-8.0, and ALL the trimmings.

I was able to get:
freebsd 8.0
->xorg 7.4 & twm
->gnome2
ssh
->sshguard 1.4.4
bind
apache22
->php5
->php5-extensions
->awstats
->webalizer
->logrotate
mysql-client5
mysql-server5
sendmail
->imap-uw
->procmail
->p5-mail-SpamAssassin using Spamhaus reject list
->->spamass-milter
->clamav
->->clamav-milter
->Roundcube
proftpd
Webmin
Virtualmin

All Installed first shot all working 100% and I don't know if its just because a few of the programs (eg webmin/virtualmin/sshguard/spamassassin/procmail) are all newer versions and all work better together now, but DAMN! system is hot now! lol I have control over more options in webmin, virtualmin is working perfectly (it wasn't before), everything just pieced together perfectly!

Anyway, I just wanted to give you and Update Where I stood with the XDMCP, I have xforwarding working perfect I don't have to mess around anymore to get apps to work. I've still not tried XDMCP as I've been more busy getting everything else up and running.

But I intend to try it tomorrow. But since I went the Gnome2 route instead of kde I'll be using gdm instead of kdm so will that pose a more troublesome route to get it working??

I just had a couple off topic questions, Where did all the Xapps go?? like xclock/xeyes

I installed awstats and the cron job setup (i presume correctly), and I have the Link to view those stats.. but how do I see the webalizer stats? ADDED: NEVERMIND! rescanned for usable modules...

1 last thing, will installing horde or squirrel mail conflict with roundcube in anyway? or can I install as many webmail clients as I want? for that matter anyone tried Usermin for webmail?
 
Lego said:
So Basically my system overheated beeped a bunch and shut off..... I opened the Case and the Fan was completely dead now... I've still not had time to get to the store and buy a replacement and see if the overheating was fatal to the system, ...
Click to expand...
If the system has shut itself down, chances are it could still be operable.

Lego said:
All Installed first shot all working 100% and I don't know if its just because a few of the programs (eg webmin/virtualmin/sshguard/spamassassin/procmail) are all newer versions and all work better together now, but DAMN! system is hot now! lol I have control over more options in webmin, virtualmin is working perfectly (it wasn't before), everything just pieced together perfectly!
Click to expand...
Yup, 8.0 is impressive as far as I can tell for now. I am still in the process of updating all my machines, and can't wait to play with the new wlan stuff :)

Lego said:
But since I went the Gnome2 route instead of kde I'll be using gdm instead of kdm so will that pose a more troublesome route to get it working??
Click to expand...

I guess not. Configuration is a bit different, but XDMCP is supported in gdm (although I never tried it).
The gdm daemon configuration file is located in /usr/local/etc/gdm/custom.conf. The relevant section for XDMCP is described here.

Lego said:
I just had a couple off topic questions, Where did all the Xapps go?? like xclock/xeyes
Click to expand...
Those are all in the ports, so if you like them, you can install them from the ports. They are just not part of the xorg-apps port anymore. Guess things like xeyes were not considered necessary, to run a basic xorg install :)
 
Roundcube and Squirrelmail can co-exist just fine, and can be used simultaneously. Don't know about Horde.
 
I ended up installing Usermin, And I can't get XDMCP working.. and I constantly see people saying don't do it unless your absolutely need to... so I'm just going to be happy using normal xforwarding...
 
There sure are some security considerations, one should keep in mind when using XDMCP, but there's nothing generally wrong with using it.

I got it working with gdm and am successfully logged in via XDMCP from my notebook. Here's what I have put into /usr/local/etc/gdm/custom.conf:

Code: 
# GDM configuration storage

[xdmcp]

DisplaysPerHost=1
Enable=True
HonorIndirect=true
MaxPending=4
MaxSessions=4
MaxWait=30
MaxWaitIndirect=30
PingIntervalSeconds=15
Port=177
#Willing=/usr/local/etc/gdm/Xwilling

[chooser]

[security]

DisallowTCP=false

[debug]

At first I was having the issue, that gdm would not start when XDMCP was enabled, printing a message to the console like 'socket: hostname nor servername provided'. Recompiling gdm with the IPv6 option disabled seems to have solved this.
 
Okay, I had the Exact same as what you have only I didn't have Willing Commented out, and I didn't have DisallowTCP=false under security. I just made the changes to my files to reflect yours, and tried $ X -query blurr-ink.com. I ended up with a big black screen with the x crosshair. I received no errors on the console(server PC monitor) or in the cygwin terminal. How do I recompile gdm without IPv6??

is port 177 the only port I need forwarded to my server?
 
Lego said:
Okay, I had the Exact same as what you have only I didn't have Willing Commented out, and I didn't have DisallowTCP=false under security. I just made the changes to my files to reflect yours, and tried $ X -query blurr-ink.com. I ended up with a big black screen with the x crosshair. I received no errors on the console(server PC monitor) or in the cygwin terminal. How do I recompile gdm without IPv6??
Click to expand...

I guess you wont need to recompile gdm without IPv6, if it's starting up at all. The reason I had to do it seems to be, that I have no IPv6 support compiled into my (custom) kernel.

The Willing line is commented, cause that script doesn't actually exist, so it is pointless to have it in there, without actually creating the script. By default gdm uses something like the OS version for the willing message.

I presume the DisallowTCP should not really make a difference, as it only changes the way the local X server is started.

Lego said:
is port 177 the only port I need forwarded to my server?
Click to expand...

So I take it, you are passing that traffic through a router? You will probably also need these:
Code: 
x11             6000/tcp   #6000-6063 are assigned to X Window System
x11             6000/udp

Be aware that you shouldn't do XDMCP over the internet without a protective layer, such as IPSEC wrapped around it, as XDMCP by itself does not employ encryption.
 
Lego said:
okay those have been added same result
Click to expand...

mh, any chance to test whether it works from a client within the same LAN, i.e. no routers/firewalls in between?

I didn't have the chance to test it with cygwin yet. Client was FreeBSD 7.2 with Xorg over a wireless link. So the question is whether your firewall/router or cygwin cause the problem.
 
well both computers I'm using are on the same network. I have tried $ X -query local.ip.address from cygwin, same result, the first time the Black window opens I have no cross hair when it refreshes the connection I get the cross hair, and every time after, but that's it.

The Router is setup properly, I have all needed ports forwarded through the router to the server, and never really intended to you xdmcp over the internet, I always prefer staying local. even with ssh I rarely connect over the internet, I try to use local ips when ever possible
 
I've set up a fresh install of cygwin/X on my notebook, running w2k. Configured gdm on my desktop to enable XDMCP, this time I left the DisallowTCP flag commented out, doesn't make any difference.

Result:





I wonder, what's going wrong in your setup.

BTW: The connection goes over a wireless link through my router, I do no port forwarding though.

How did you set up your port forwarding? Looking at the output of [cmd=""]netstat -a -f inet[/cmd], I see a bunch of tcp connections, originating on random ports of the server machine, destined to port 6000 on the cygwin client machine.
 
okay, my port forwarding is set up the only way I know how to. Choose the port number (obvious), choose the type (tcp/udp/both), choose where you want it to go (local.ip.of.server).
 
You must log in or register to reply here.
Back
Top