X11 Forwarding Tutorial

Does anyone Have a walkthrough On how to use/setup X11Forwarding?

I've been doing a little searching and the best thing I can find is this: http://w140.com/kurt/xauth.html

I don't understand what he means when he says in the jail? I've tried a couple different options and other pages but I've not had much luck These are my config files:
sshd_config(Everything Is Completely Default Except the Match user spot its not really question marks) :
Code:
# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server
DenyGroups deniedssh
IgnoreRhosts yes
Banner /root/sshmessage.txt
IgnoreUserKnownHosts no
PrintMotd yes
StrictModes yes
RSAAuthentication yes
PermitRootLogin yes
PermitEmptyPasswords no
PasswordAuthentication yes
UsePrivilegeSeparation yes
#X11Forwarding yes
#X11UseLocalhost no

# Example of overriding settings on a per-user basis
Match User ?????
        X11Forwarding yes
        X11UseLocalhost no
        AllowTcpForwarding yes
#       ForceCommand cvs server

I have checked the enable X11 Forwarding in the putty configuration, but I don't know what to put 'X Display Location' textbox. I have restarted sshd


Code:
blurr-ink# startx
xauth:  creating new authority file /root/.serverauth.1423


X.Org X Server 1.4.2
Release Date: 11 June 2008
X Protocol Version 11, Revision 0
Build Operating System: FreeBSD 7.1-PRERELEASE i386
Current Operating System: FreeBSD blurr-ink.com 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan  1 14:37:25 UTC 
2009     root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys
/GENERIC i386
Build Date: 08 September 2008  12:37:00PM

        Before reporting problems, check http://wiki.x.org
        to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Sat Nov 21 19:36:56 2009
(==) Using config file: "/root/xorg.conf"
(II) Module "ddc" already built-in
(II) Module "i2c" already built-in
(EE) intel(0): No valid modes.
(EE) Screen(s) found, but none have a usable configuration.

Fatal server error:
no screens found
XIO:  fatal IO error 53 (Software caused connection abort) on X server ":0.0"
      after 0 requests (0 known processed) with 0 events remaining.
blurr-ink#

And I get this for KDM:
Code:
$ kdm
Updating KDM configuration
/libexec/ld-elf.so.1: Shared object "libjpeg.so.9" not found, required by "genkdmconf"
/libexec/ld-elf.so.1: Shared object "libjpeg.so.9" not found, required by "kdm-bin"
$

I get the same results if I su first. Any Advice would be grateful.
 
Ok, http://forums.freebsd.org/showthread.php?t=7615, on that page the person says to just link 9 to 10 like this:
Code:
ln -s /usr/local/lib/libjpeg.so.10 /usr/local/lib/libjpeg.so.9

So I did that, and tried to startx again, and received the exact same error, and when trying kdm got this:
Code:
blurr-ink# kdm
Updating KDM configuration
Information: reading current kdmrc /usr/local/share/config/kdm/kdmrc (from kde >= 2.2.x)
Information: current kdmrc is from kde >= 3.1 (config version 2.3)
blurr-ink#

Then Nothing Happens...
 
@Lego: are you trying to fire up a full-on DE over X11? I'm not sure that is possible.

If that's your intention, take a look at something like nx. (Actually, the net/nxserver port seems to be marked Ignore for the amd64 arch. FYI.)

Otherwise, just launch the application you need directly, and that will get forwarded over X11.

e.g.: % xcalc
 
Lego said:
I have checked the enable X11 Forwarding in the putty configuration, but I don't know what to put 'X Display Location' textbox. I have restarted sshd

Have you installed an X server onto your Windows box (PuTTY is a Windows app)? If not, you cannot use X11 forwarding, as there is no X server to display anything.
 
okay, Um yes I'm trying to get a full blown KDE desktop through X. or even a properly working Fluxbox, something that will let me use konsole/firefox/file browser(this being the most important), anything.

I have tried tightvnc server on my bsd box, with the tightvnc viewer installed on my windows box. Problem was KDE/GNOME and all those wouldn't work, ONLY fluxbox/twm would load properly, and even then I couldn't open a konsole/firefox/file browser/anything not x (meaning xclock/xcalc/etc), nothing.

Maybe I'm not understanding what exactly x11 forwarding is....

but I want to be able to (from my windows box) open putty connect to my server, and startx or kde (preferably kde), and see it on my windows box...in my putty window
 
Lego said:
Maybe I'm not understanding what exactly x11 forwarding is....

but I want to be able to (from my windows box) open putty connect to my server, and startx or kde (preferably kde), and see it on my windows box...in my putty window

I'm afraid that will not quite work as you expect it to. For anything to be displayed on your windows box, you need to install an X server on it, to which remote X applications then will forward their display.

Try installing Cygwin/X on your windows box. This will get you an X server. Then you may either forward single applications to your X display, or open up a full X session, provided you have some XDMCP capable display manager running on the FreeBSD box, like xdm, gdm or kdm(?).
 
I have gnome2/kde3.5/kde4/twm/fluxbox and one more installed I believe, I'm installing cygwin/X on my windows box now, I have so many installed on my BSD box from when I was trying to get tightvnc to work with anything other then twm.... So after this installs, where do I go from there??
 
Lego said:
So after this installs, where do I go from there??

After installing Cygwin/X you should find a Cygwin Icon on your desktop, which will open up a shell window. For a start you might try the following:

  • in the cygwin shell window, enter X. This will start a local X server on windows. You should see a fullscreen window with the well known gray background.
  • Assuming you have already setup and saved a putty session, for connecting to your FreeBSD box, load the session from the session menu, navigate the tree to Connection->SSH->X11. Check the Enable X11 forwarding checkbox, and enter into the X display location field: ":0.0". Now click the Open button, to open the session.
  • Log into your FreeBSD box, using your password/passphrase/whatever.
  • Now logged into your remote FreeBSD box, try to start some X application, like xterm for example. You should see the applications window appearing on your cygwin/X window.
You will notice, that the window of the remote application, that appears on your windows display, will not have any decorations, or handles, as there is no local window manager running.

This is only a simple test case, where an application forwards it's display to a remote X server, by tunneling it through SSH.

For a workable more advanced setup, you will probably need to setup XDMCP, meaning you will have to configure xdm/gdm/kdm, or whichever display manager you are using on your FreeBSD box, to listen for and allow XDMCP requests from the remote windows machine.

Then you would use someting like X -query <hostname> on cygwin, to open an XDMCP session to your remote display manager.
 
phoenix said:
Cool, didn't know it was available for non-Windows. Don't know why anyone would run it on a non-Windows box, considering every Unix-like system out there comes with OpenSSH.

From http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html

A.3.3 What's the point of the Unix port? Unix has OpenSSH.

All sorts of little things. pterm is directly useful to anyone who prefers PuTTY's terminal emulation to xterm's, which at least some people do. Unix Plink has apparently found a niche among people who find the complexity of OpenSSL makes OpenSSH hard to install (and who don't mind Plink not having as many features). Some users want to generate a large number of SSH keys on Unix and then copy them all into PuTTY, and the Unix PuTTYgen should allow them to automate that conversion process.

There were development advantages as well; porting PuTTY to Unix was a valuable path-finding effort for other future ports, and also allowed us to use the excellent Linux tool Valgrind to help with debugging, which has already improved PuTTY's stability on all platforms.

However, if you're a Unix user and you can see no reason to switch from OpenSSH to PuTTY/Plink, then you're probably right. We don't expect our Unix port to be the right thing for everybody.
 
Okay mickey, The installation has finished, and yes after opening the Cygwin shortcut from the desktop I did get a shell window, but X does not work. Also how do I change it from Bash to tsch or which ever is the default for a BSD install. I prefer that shell.
This is what I get:

Code:
L3G0@L3G0-PC ~
$ x
bash: x: command not found

L3G0@L3G0-PC ~
$ X
bash: X: command not found

L3G0@L3G0-PC ~
$ startx
bash: startx: command not found

Also, I cannot find the startxwin.bat file anywhere... I Think I may have mucked the install, so I'm re-installing, and selecting all->install instead of default....

And I have been reading through the user guide http://x.cygwin.com/docs/ug/using.html
 
Ok installation of Everything is done, and this time when I opened Cygwin and # X It opened the New Window and As you said The Normal Test Gray Full Screen. Closed all the windows, opened cygwin again, # startx, Opened putty and connected, put password in and tried a couple x apps:
cygwin_ss.jpg


Startx opened the Login Terminal and Xterm and Clock. No commands I put into putty worked as you can see. Im missing something.

LOL what?
 
From the screenshot, I take it, you are running Vista or Windows 7?
Which version of cygwin/X did you download? Maybe you should try to get the latest 1.7 beta.
Recently there has been another problem with X authentication with the older cygwin release, that does not seem to appear on W2k/XP.

As for tcsh:
  • Start cygwin setup program
  • Select tcsh from the shells subtree
  • Install
  • Voila
 
Yes, Windows 7, Love it! way better then vista. I installed all the shells from the setup app... I did a install ALL for everything. As for the version I downloaded, http://x.cygwin.com/ scroll to the very bottom under downloading and Installing and clicked the very first setup.exe link. What ports do I need forwarded? Because I'm not running ssh on default port 22. So that would clash wouldn't it?
 
hmm nope haven't seen anything on any info sites about that, and I haven't added or heard of it, so what do I put in my sshd_config:
Code:
ForwardX11Trusted yes

??

ADDED: nope I'm wrong.....lol not suprised :p
Code:
blurr-ink# /etc/rc.d/sshd stop
Stopping sshd.
blurr-ink# /etc/rc.d/sshd start
Starting sshd.
/etc/ssh/sshd_config: line 134: Bad configuration option: ForwardX11Trusted
/etc/ssh/sshd_config: terminating, 1 bad configuration options
blurr-ink#
 
This is my sshd_config:
Code:
#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
#       $FreeBSD: src/crypto/openssh/sshd_config,v 1.47.2.2.2.1 2008/11/25 02:59:29 kensmith Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20080901

Port ?????
#Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
#PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server
DenyGroups deniedssh
IgnoreRhosts yes
Banner /root/sshmessage.txt
IgnoreUserKnownHosts no
PrintMotd yes
StrictModes yes
RSAAuthentication yes
PermitRootLogin yes
PermitEmptyPasswords no
PasswordAuthentication yes
UsePrivilegeSeparation yes
X11Forwarding yes
X11UseLocalhost no
AllowTcpForwarding yes
ForwardX11Trusted yes

# Example of overriding settings on a per-user basis
Match User ????????
       X11Forwarding yes
       X11UseLocalhost no
       AllowTcpForwarding yes
#       ForceCommand cvs server

How exactly does putty (on my windows box) give the command to my BSD box, and then the BSD box passing that information to the Cygwin (on my windows box)... Without any configuring BSD to talk to cygwin or even for putty to talk to cygwin.

Like say I have cygwin open(used startx), then I open putty (both on my windows box), log into my BSD box with putty, and use the command xcalc. So my BSD box would normally open the xcalc on my bsd box monitor(which doesn't actually exist). But because we have X11 in putty set to forward x11 and sshd_config to forward x11, don't we need to configure some sort of connection between the putty and cygwin running on my windows machine or between my bsd box, and cygwin running in windows??? .... Not sure if that all makes sense, but it seems to me like I'm missing some configuration.....
 
Ok I just tried something for poops and giggles....

opened cygwin $ startx, and from the xterm $ ssh [email=?????@blurr-ink.com]?????@blurr-ink.com[/email], and then from the xterm in cygwin, tried to start xcalc and got this error:
Code:
blurr-ink# xcalc
Error: Can't open display
Blurr-ink#

Also when I just closed my cygwin window (twm), it said are you sure you want to close this connection and there was 6 clients connected...... very odd....
 
I don't think there's anything wrong with your SSH X11 forwarding. Looking at the output in your screenshot, the messages seem to indicate that there's something wrong with X authentication. Also they indicate, that SSH has correctly setup a tunnel for X11 forwarding and has setup the DISPLAY environment accordingly.

You should deinstall cygwin, and get the 1.7 beta setup.exe here: http://cygwin.com/#beta-test

Chances are, that this problem then simply vanishes.
 
Ok I've finished installing the new beta version, same result:
cygwin_ss2.jpg


So How or Why is this authentication error happening & how do you suggest I try to fix it?
 
Now that I see it in the screenshot... you used startx to bring up the X server on your windows machine. Try using X instead.

I guess the problem is simply that your FreeBSD box is not authorized to make a connection to your windows X display, when you use startx to bring it up.

Another possibility is to disable access control for your cygwin/X display, by issuing the following command in one of the xterms that pop up when using startx to bring up cygwin:
Code:
xhost +
 
Ok I will give that stuff a try, Now I did some more research and found this: http://www.karlrunge.com/x11vnc/ Now I installed it, and started it with # x11vnc -find and got this as a result:

Code:
24/11/2009 19:14:59 x11vnc version: 0.9.6 lastmod: 2008-12-08
24/11/2009 19:14:59 wait_for_client: WAIT:cmd=FINDDISPLAY
24/11/2009 19:14:59 initialize_screen: fb_depth/fb_bpp/fb_Bpl 24/32/2560
24/11/2009 19:14:59
24/11/2009 19:14:59 Autoprobing TCP port
24/11/2009 19:14:59 Autoprobing selected port 5900

The VNC desktop is:      blurr-ink.com:0
PORT=5900

when I opened TightVNC viewer to connect I got this (in the putty shell that I used to -find, basically right below it....):
Code:
24/11/2009 19:16:44 Got connection from client 216.8.133.228
24/11/2009 19:16:44   other clients:
24/11/2009 19:16:44 wait_for_client: got client
24/11/2009 19:16:44 wait_for_client: running: env X11VNC_SKIP_DISPLAY=''  /bin/sh /tmp/x11vnc-find_display.xlSsBc
xauth:  creating new authority file /var/lib/kdm/A:0-crWk72
24/11/2009 19:16:45 wait_for_client: find display cmd failed
24/11/2009 19:16:45 wait_for_client: bad reply '
'
blurr-ink#
 
Back
Top