Displaying Remote X-Windows Applications

qintel

Displaying Remote X-Windows Applications
GNU/Linux
Last Updated: 2006, August 23 - 4:50pm
Suppose that you are working on the machine local_client and would like to use an X Windows application which resides on another machine remote_server. There are several ways you can achieve this, and here are the popular ones.
Native Method
This method is native because it uses only 'pure' X windows system to accomplish the task. Note that no security has been taken care! Nonetheless, the method is still useful in many circumstances and it serves as the basis of some other more sophisticated techniques.
First, on the remote machine, set the environment variable DISPLAY to point to the display of the local machine. If you use bash:
[remote_server] $ export DISPLAY=local_client:0.0
Or, if you use C shell:
[remote_server] $ setenv DISPLAY local_client:0.0
The local_client argument here is the IP address of the local client. It can also be the hostname of the client if the lookup for host names has been set up properly. (Play with /etc/nsswitch.conf, /etc/resolv.conf, /etc/hosts, ...) The trailing 0.0 is in the form of D.S, which means that the application is to be displayed on screen S of display D. Generally you need 0.0, unless you've set up multiple screens or multiple displays.
Second, allow the remote applications to access the local display:
[local_client] $ xhost remote_server
Similarly, the remote_server argument here is the IP address of the remote X server. It can also be the hostname of the server if the lookup for host names has been set up properly.
That's all! Start the X applications as usual and they should work properly. E.g.,
[remote_server] $ xclock &
Troubleshooting
Connection error is probably the most common problem you'll encounter. You may see some of the following messages if you encounter such error:
xclock: Cannot connect to X server local_client:0.0.
Check the DISPLAY environment variable or use `-d'.
Also use the `xhost' program to verify that it is set to permit connections from your machine.
Xlib: connection to "local_client:0.0" refused by server
Xlib: No protocol specified
Error: Can't open display: local_client:0.0
A cause of such error is due to the firewall settings on the local machine. For this method to work, the remote machine needs to talk to the TCP port 6000 of the local machine. (In general, TCP port 6000+D for display D.) Make sure that the firewall does not block the port.
Another cause of error is due to the use of GDM on the local machine, . By default, GDM blocks the TCP communication required for this method. It is done so for security reason. If you know what you are doing, you can run gdmsetup to modify the setting. In Ubuntu, gdmsetup can be launched with Applications->System->Login Window. Select the [Security] tab and uncheck the option 'Deny TCP connections to Xserver'. If you want to modify the configuration file manually (which is not advisable), first find out where gdm.conf is located (usually under /etc/X11/gdm/ or /etc/gdm/). Then, modify (or create) gdm.conf-custom on the same directory to include the following setting:
[security]
DisallowTCP=false
You can avoid these tedious steps if you choose to use gdmsetup. That's why use it if possible.
Secure X11 Forwarding
You can do X forwarding over ssh. With SSH you don't have to worry much that somebody will know what you are doing. Simply connect to the remote machine with -X switch:
[local_client] $ ssh -X remote_server
Start the X applications as usual and they should work properly. E.g.,
[remote_server] $ xclock &
You can enable X11 forwarding by default by modifying the local ssh configuration file, usually at /etc/ssh/ssh_config. Specify the following:
ForwardX11 yes
ForwardX11Trusted yes
If it does not work, then probably the remote server has not enabled X11 forwarding. To enable it, modify the remote sshd configuration file, usually at /etc/ssh/sshd_config. (Note that we have (a) ssh_config for the ssh client, and (b) sshd_config for the sshd daemon.) Specify the following:
X11Forwarding yes
Remarks
There are always security impacts when you open more ports or enable more communication channels. So be careful if you use these techniques in a 'risky' environment. For more information, refer to the manual pages of ssh_config and sshd_config. For more techniques on displaying remote X applications, refer to
Remote X Apps mini-HOWTO
.


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/553/showart_231494.html