Re: [SHR] X forwarding: export DISPLAY?
This looks like a pretty comprehensive how-to. Anyone documenting this on the Wiki? Xavier? Niels. From: Xavier Cremaschi omega.xav...@gmail.com Subject: Re: [SHR] X forwarding: export DISPLAY? To: community@lists.openmoko.org Date: Tuesday, August 17, 2010, 4:10 PM Basically, you need a computer with : - a working X server (mainly Xorg) - a working ssh client with -X option (mainly openssh-client) (Note for working X server on cygwin : be sure to launch xterm, not the basic tty) a Freerunner with : - a working X client (the app you want to launch, tangogps for example) - a working ssh server with X11Forwarding yes in its config (for openssh-server it's in /etc/ssh/sshd_config, be sure to restart ssh server after any modification to this file) Then give us any error you can see while doing your ssh -X. On the freerunner, and after a ssh -X, $DISPLAY should NOT be : localhost:0 because it's the X server of the freerunner, but it should be something like : localhost:10.0 which is where ssh server listen to transmit your display data to ssh client. Xavier. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community --Doorgestuurd bericht in de bijlage-- From: omega.xav...@gmail.com To: community@lists.openmoko.org Date: Tue, 17 Aug 2010 16:27:37 +0200 Subject: Re: [SHR] X forwarding: export DISPLAY? To continue : if you want to do it 'old school' without ssh -X doing the job for you, you need to authorize your X server to accept distant X clients To authorize X server of here to display application running on faraway, you need to do (here$ is the prompt) : here$ xhost +faraway Then you need to log yourself on faraway (ssh without -X nor -Y, rsh, telnet, xterm on freerunner...) and launch your application with a good $DISPLAY faraway$ DISPLAY=here:0 my_application If it does not work : - either faraway doesn't allow the X client to go out (firewall ?) - or here has its X server running with -nolisten tcp and therefore refuses any connection If you have -nolisten tcp (check with ps), you can remove it but it depends on how you launch your X server : - if you use startx, check your /etc/X11/xinit/xserverrc (or ~/.xserverrc) - if you use gdm, launch gdmconfig and check security options) - if you use kdm or xdm, I don't know :S If you want to control the freerunner desktop from your PC, you could use vnc. On the freerunner you start x11vnc : faraway$ x11vnc but NOT from a ssh -X, you don't want any redirection here. On your pc you start your vnc client : here$vncviewer faraway:0 Xavier. PS : use ip addresses instead of names like here and faraway --Doorgestuurd bericht in de bijlage-- From: omega.xav...@gmail.com To: community@lists.openmoko.org Date: Tue, 17 Aug 2010 16:28:54 +0200 Subject: Re: [SHR] X forwarding: export DISPLAY? I forgot an important thing : network must work of course (first thing to check) ;) ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
--- On Wed, 8/18/10, Niels Heyvaert nielsheyva...@hotmail.com wrote: This looks like a pretty comprehensive how-to. Anyone documenting this on the Wiki? I benefited most of the conversation, so I had a look on the wiki and searched for ssh $DISPLAY forward, which gave some 40 (not always relevant) results; the $ and capitals are not taken in account. ssh $DISPLAY X11 forwarding narrowed it down to 9 results, still no useful page to update. Since disabling X11 forwarding in the default sshd config seems SHR specific, I had a look in the SHR manual. I'd put it under networking, but the networking chapter is divided into media: USB/Wifi/GPRS (and Bluetooth seperately). Would it be useful to have a chapter deamons defaults? Having just SSH in the middle is not in line with the structure of the manual. I had a look at the USB-networking page, but the issue is not specific to USB networking. A seperate page might lack context, so Any suggestions? Boudewijn ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
On Wed, Aug 18, 2010 at 12:35, W. B. Kranendonk wankelwan...@yahoo.com wrote: --- On Wed, 8/18/10, Niels Heyvaert nielsheyva...@hotmail.com wrote: This looks like a pretty comprehensive how-to. Anyone documenting this on the Wiki? I benefited most of the conversation, so I had a look on the wiki and searched for ssh $DISPLAY forward, which gave some 40 (not always relevant) results; the $ and capitals are not taken in account. ssh $DISPLAY X11 forwarding narrowed it down to 9 results, still no useful page to update. Since disabling X11 forwarding in the default sshd config seems SHR specific, I had a look in the SHR manual. I'd put it under networking, but the networking chapter is divided into media: USB/Wifi/GPRS (and Bluetooth seperately). Would it be useful to have a chapter deamons defaults? Having just SSH in the middle is not in line with the structure of the manual. I had a look at the USB-networking page, but the issue is not specific to USB networking. A seperate page might lack context, so Any suggestions? Boudewijn Maybe we should enable it by default? Are there any disadventages? -- Sebastian Krzyszkowiak dos ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
On Wed, Aug 18, 2010 at 2:08 PM, Sebastian Krzyszkowiak d...@dosowisko.net wrote: Maybe we should enable it by default? Are there any disadventages? +5 for this. I think OM20x distros had it enabled by default, possibly also debian based distros. And it was good. Enabling it by default sound's like a good idea to me. Risto -- | risto h. kurppa | risto at kurppa dot fi | http://risto.kurppa.fi ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
--- On Wed, 8/18/10, Risto H. Kurppa ri...@kurppa.fi wrote: Sebastian Krzyszkowiak d...@dosowisko.net wrote: Maybe we should enable it by default? Are there any disadventages? +5 for this. I think OM20x distros had it enabled by default, possibly also debian based distros. And it was good. Enabling it by default sound's like a good idea to me. There's my excuse for not checking the sshd config upfront: it never required any sweat from my side to have X forwarded via SSH. I agree with enabling it as default. Does it cause perhaps some overhead in day-to-day SSH usage, when not making use of the forwarding? Boudewijn ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
Le 18/08/2010 13:08, Sebastian Krzyszkowiak a écrit : Maybe we should enable it by default? Are there any disadventages? Some security issues (some side effects) but I don't think it's relevant for us. Basically on your computer when $DISPLAY is :0.0 your X server is listening to a UNIX socket (/tmp/.X11-unix/X0 indeed, you can check your /tmp) When you do some X11 forwarding there are 2 things : - a network connection between X client (on faraway machine) and X server (on here machine) - an authentication With the 'old school' system (cf. my previous message) you do : faraway$ DISPLAY=here:0 my_application to establish the (non-encrypted) connection between faraway and here For the authentication, your X server usually accepts the X client from faraway because you did a : here$ xhost +faraway But that's for the 'old school' system. Now what about ssh -X ? While doing ssh -X to go on your Freerunner, you can see your Freerunner's $DISPLAY is :10.0, which corresponds to a local TCP socket (local on Freerunner) opened by the ssh server. faraway$ lsof -ni TCP:6010 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME sshd15663 root9u IPv4 437835 TCP 127.0.0.1:6010(LISTEN) Any connection to 127.0.0.1:6010/TCP will be redirected through ssh from your freerunner to your computer's /tmp/.X11-unix/X0 socket. That's for the (encrypted) connection. For authentication, there is a secret shared between X server and X clients called magic-cookie and managed by the xauth application. You can do xauth list $DISPLAY on your computer to see it. This secret is stored in ~/.Xauthority (be careful with permission on this file) If you do a ssh -X -vv (verbose) you will see your ssh client calling xauth to get this magic-cookie (something like debug2: x11_get_proto: /usr/bin/X11/xauth list :0.0 . 2/dev/null) So why some distributions set X11Forwarding to 'no' ? Because if your Freerunner is *compromised*, someone can control the Xauthority file and therefore he can connect to the 6010/TCP socket. Which is linked to your computer's UNIX socket. == he has a kind a back channel to access to your computer's X server. Xavier. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
[SHR] X forwarding: export DISPLAY?
Hi list and readers, I am trying to figure out how to export my display when using ssh -Y (or X). The only hint I found was a thread (exactly) a year ago (let's celebrate and make 15-8 ssh -Y-day ;-) ): X forwarding doesn't work (*) I have been fiddling with it time and again over the past months, but I still can not get my applications to export to my laptop. Some things I tried: - take the whole export DISPLAY in /etc/profile away - connect only to start the application - old fashioned xhost + and export DISPLAY on Freerunner At best (or worst) the application opens on the Freerunner. Then there are various degrees of stranding on the way to the display of my laptop The output is quite clear: (vala-terminal:2759): Gtk-WARNING **: cannot open display: There is no display set. This is with the default /etc/profile (DISPLAY=:0). I tried setting it manually to point to the freerunner, to no avail. Xauth does not list any displays, while there is a display on my laptop (how handy..) Any suggestion? Boudewijn (*) http://www.mail-archive.com/community@lists.openmoko.org/msg51198.html PS: after sending the mail and not receiving it in my mailbox, I delved into that first. It turns out I have been subscribed to the devel-list for years, while I thought I was reading the community list. Also explains why I was surprised at the subjects in the community-archives that escaped my attention by mail. So much for detective skills... ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
Hi, On Tue, Aug 17, 2010 at 9:40 AM, W. B. Kranendonk wankelwan...@yahoo.comwrote: At best (or worst) the application opens on the Freerunner. Then there are various degrees of stranding on the way to the display of my laptop The output is quite clear: (vala-terminal:2759): Gtk-WARNING **: cannot open display: There is no display set. This is with the default /etc/profile (DISPLAY=:0). I tried setting it manually to point to the freerunner, to no avail. Xauth does not list any displays, while there is a display on my laptop (how handy..) Any suggestion? One thing would be more information in your problem report. I think you are trying to start an X client on your FR and have the output come to your desktop, but that isn't 100% clear. Always describe what you are trying to do, in simple terms (eg: I'd like to start xmines on my FR and have it show up on my Desktop). Next, I'm unclear how you are connecting between your FR and your Desktop. USB cable? Ethernet? Intervening device(s)? Wifi? Mind meld? :) You reference DISPLAY, and even give us a pretty good error message. But without some of the above info, it'll be harder to know what is going on. It would also help if you let us know your approx. skill level. (eg: While I'm a Ubuntu GUI guru, I'm a newbie at getting X working between different machines). Now, I have the older 1973 (pre-FR), and it's been a while since I hacked on it. But if memory serves, I was able to get X working with the right settings. I'll assume a few things -- that you are directly connecting to the FR (no other devices in the middle), and that there is no encryption. In that case, you probably need 2 things. First, is the correct DISPLAY setting. This is usually DISPLAY=hostname:0.0, where hostname = desktop's hostname. Second, you have to either xhost or xauth your FR, something like xhost +freerunnerhostname. Now, I don't know if there is some FR specific issue or distro problem that might be affecting the FR/FR OS, so your mileage may vary. But, feel free to try out the above suggestion and let us know if it works, and if it doesn't, please answer some of the other questions above. Hope this helps, Gerald ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
Basically, you need a computer with : - a working X server (mainly Xorg) - a working ssh client with -X option (mainly openssh-client) (Note for working X server on cygwin : be sure to launch xterm, not the basic tty) a Freerunner with : - a working X client (the app you want to launch, tangogps for example) - a working ssh server with X11Forwarding yes in its config (for openssh-server it's in /etc/ssh/sshd_config, be sure to restart ssh server after any modification to this file) Then give us any error you can see while doing your ssh -X. On the freerunner, and after a ssh -X, $DISPLAY should NOT be : localhost:0 because it's the X server of the freerunner, but it should be something like : localhost:10.0 which is where ssh server listen to transmit your display data to ssh client. Xavier. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
--- On Tue, 8/17/10, Xavier Cremaschi omega.xav...@gmail.com wrote: From: Xavier Cremaschi omega.xav...@gmail.com Subject: Re: [SHR] X forwarding: export DISPLAY? To: community@lists.openmoko.org Date: Tuesday, August 17, 2010, 4:10 PM Basically, you need a computer with : - a working X server (mainly Xorg) - a working ssh client with -X option (mainly openssh-client) (Note for working X server on cygwin : be sure to launch xterm, not the basic tty) a Freerunner with : - a working X client (the app you want to launch, tangogps for example) - a working ssh server with X11Forwarding yes in its config (for openssh-server it's in /etc/ssh/sshd_config, be sure to restart ssh server after any modification to this file) Then give us any error you can see while doing your ssh -X. On the freerunner, and after a ssh -X, $DISPLAY should NOT be : localhost:0 because it's the X server of the freerunner, but it should be something like : localhost:10.0 which is where ssh server listen to transmit your display data to ssh client. Xavier. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
To continue : if you want to do it 'old school' without ssh -X doing the job for you, you need to authorize your X server to accept distant X clients To authorize X server of here to display application running on faraway, you need to do (here$ is the prompt) : here$ xhost +faraway Then you need to log yourself on faraway (ssh without -X nor -Y, rsh, telnet, xterm on freerunner...) and launch your application with a good $DISPLAY faraway$ DISPLAY=here:0 my_application If it does not work : - either faraway doesn't allow the X client to go out (firewall ?) - or here has its X server running with -nolisten tcp and therefore refuses any connection If you have -nolisten tcp (check with ps), you can remove it but it depends on how you launch your X server : - if you use startx, check your /etc/X11/xinit/xserverrc (or ~/.xserverrc) - if you use gdm, launch gdmconfig and check security options) - if you use kdm or xdm, I don't know :S If you want to control the freerunner desktop from your PC, you could use vnc. On the freerunner you start x11vnc : faraway$ x11vnc but NOT from a ssh -X, you don't want any redirection here. On your pc you start your vnc client : here$vncviewer faraway:0 Xavier. PS : use ip addresses instead of names like here and faraway ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
I forgot an important thing : network must work of course (first thing to check) ;) ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
--- On Tue, 8/17/10, Gerald A geraldabli...@gmail.com wrote: (an elaborate help on asking help, as below) Thanks Gerald for your extensive suggestions! I think my problem is solved, but for the record I'll update my problem description. One thing would be more information in your problem report. I think you are trying to start an X client on your FR and have the output come to your desktop, but that isn't 100% clear. Always describe what you are trying to do, in simple terms (eg: I'd like to start xmines on my FR and have it show up on my Desktop). I'm trying to configure claws mail, but the resolution of the FR is too low to see where I make a mistake. If I could export it to my laptop, I can see what I am typing. Next, I'm unclear how you are connecting between your FR and your Desktop. USB cable? Ethernet? Intervening device(s)? Wifi? Mind meld? :) Without actually using different connections as a way of troubleshoot, I have in the meantime tried it over GPRS, Wifi and a direct USB connection (Wifi and USB with two laptops each). Each time it was an encrypted connection (using ssh -Y or ssh -X from the laptop to the phone). You reference DISPLAY, and even give us a pretty good error message. But without some of the above info, it'll be harder to know what is going on. I see that now. It would also help if you let us know your approx. skill level. (eg: While I'm a Ubuntu GUI guru, I'm a newbie at getting X working between different machines). Both are about average I guess (mostly while in my direct surroundings there's noone to compare to). Now, I have the older 1973 (pre-FR), and it's been a while since I hacked on it. But if memory serves, I was able to get X working with the right settings. I used to have it running fine, quite a while ago. (My memory does serve so far, but does not have any date (or year, for that matter) related to it.) I'll assume a few things -- that you are directly connecting to the FR (no other devices in the middle), and that there is no encryption. In that case, you probably need 2 things. First, is the correct DISPLAY setting. This is usually DISPLAY=hostname:0.0, where hostname = desktop's hostname. Second, you have to either xhost or xauth your FR, something like xhost +freerunnerhostname. Now, I don't know if there is some FR specific issue or distro problem that might be affecting the FR/FR OS, so your mileage may vary. But, feel free to try out the above suggestion and let us know if it works, and if it doesn't, please answer some of the other questions above. I think it turned out (see Dirk's mail) that the default settings in SHR are no X forwarding for sshd. Hope this helps, It does, in some sort of meta-manner. If you can spare the time, would the updated problem definition provide enough information or should it contain something else? My current problem is solved, but it might help me describe another in the future. Thanks again! Boudewijn ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Fw: Re: [SHR] X forwarding: export DISPLAY?
excuse me for going through the mailing lists for dummies stage... This mail is for community, not just for Dirk :-) From: W. B. Kranendonk wankelwan...@yahoo.com Subject: Re: [SHR] X forwarding: export DISPLAY? To: Dirk Gassen shrd...@dirkgassen.com Date: Tuesday, August 17, 2010, 4:32 PM --- On Tue, 8/17/10, Dirk Gassen shrd...@dirkgassen.com wrote: Can you check your sshd config? Seems like the current default doesn't have X forwarding enabled. In /etc/ssh/sshd_config change the line #X11Forwarding no to X11Forwarding yes Indeed! The option is not active. I've enabled it and set it to yes, but no opportunity to test at the moment, other than ssh -Y localhost, which actually opens another vala-terminal on my FR ;-) echo $DISPLAY gives me localhost:10.0 so that seems in order. Thanks! Boudewijn ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
... and this one should have some answer, before sending it.. (do I already have a monopoly on this list? Sorry for spamming) --- On Tue, 8/17/10, Xavier Cremaschi omega.xav...@gmail.com a computer with : - a working X server (mainly Xorg) - a working ssh client with -X option (mainly openssh-client) OK a Freerunner with : - a working X client (the app you want to launch, tangogps for example) - a working ssh server with X11Forwarding yes in That was the culprit! On the freerunner, and after a ssh -X, $DISPLAY should NOT be : localhost:0 It is 10.0 now :-) Thankyou and the others for the quick replies! Boudewijn ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
--- On Tue, 8/17/10, Xavier Cremaschi omega.xav...@gmail.com wrote: - if you use kdm or xdm, I don't know :S I recall having edited /etc/kde/kdmrc to set XDMCP to true instead of false, and Xacces (in /etc/X11?) to get XDMCP between laptop and desktop, but too long ago to recall the details ;-) If you want to control the freerunner desktop from your PC, you could use vnc. On the freerunner you start x11vnc : faraway$ x11vnc but NOT from a ssh -X, you don't want any redirection here. I thought about that, but I am not sure how to use VNC at a higher resolution than the host. My goal was to use the higher resolution of the laptop screen, so VNC was not an option. Still, thanks for the suggestion :-) Boudewijn ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
Hi, On Tue, Aug 17, 2010 at 10:47 AM, W. B. Kranendonk wankelwan...@yahoo.comwrote: Without actually using different connections as a way of troubleshoot, I have in the meantime tried it over GPRS, Wifi and a direct USB connection (Wifi and USB with two laptops each). Each time it was an encrypted connection (using ssh -Y or ssh -X from the laptop to the phone). Just from my experience, I'd go from the easiest to the hardest to troubleshoot, so: USB - wifi -GPRS. Get the easy one to work, then you can be assured it's not a configuration or other issue with the more difficult ones. I think it turned out (see Dirk's mail) that the default settings in SHR are no X forwarding for sshd. Glad to hear that! :) Hope this helps, It does, in some sort of meta-manner. If you can spare the time, would the updated problem definition provide enough information or should it contain something else? My current problem is solved, but it might help me describe another in the future. I think the biggest helpful piece of info was that you were trying to use ssh x-forwarding. Other things that would assist are version #'s of the various software pieces (although they didn't play a factor in this case). One thing, which you've already done, is to explain what the underlying issue and solution was. This way, people who are looking through the archives can see what worked for you. Thanks, Gerald ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: [SHR] X forwarding: export DISPLAY?
O Martes, 17 de Agosto de 2010, W. B. Kranendonk escribiu: --- On Tue, 8/17/10, Xavier Cremaschi omega.xav...@gmail.com wrote: - if you use kdm or xdm, I don't know :S I recall having edited /etc/kde/kdmrc to set XDMCP to true instead of false, and Xacces (in /etc/X11?) to get XDMCP between laptop and desktop, but too long ago to recall the details ;-) XDMCP has only to do with remote login, not display exporting. 99% of times you only need display export, so XDMCP is not needed -- David Garabana Barro jabber google talk ID:da...@garabana.com Clave pública PGP/GPG: http://davide.garabana.com/pgp.html signature.asc Description: This is a digitally signed message part. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
