Convoluted problem - X windows remote via SSH

Hi All,

I have set up two slackware boxen, one that handles SSH logins and one
running X-Windows.
I would like to set up a Windows workstation to access the X-Windows
remotely. I am using putty to establish the connection and I have
enabled tunneling to the X-Windows box for SSH - I can log on to the
remote session, X-Windows will not play.

I am using xwinlogon - http://www.calcmaster.net/visual-c++/xwinlogon/

I have set the server to localhost:6005 (the redirected port) with a
connection type of SSH.

I have set the sshd_config file to allow X11Forwarding on the X-Windows
server.

I'm guessing I'm missing something simple but I'm at a loss as to what.
Any pointers?

TIA

On Sat, 12 Feb 2011 17:10:10 +0000, Bilbo Warble wrote:

> I would like to set up a Windows workstation to access the X-Windows
> remotely. I am using putty to establish the connection and I have
> enabled tunneling to the X-Windows box for SSH - I can log on to the
> remote session, X-Windows will not play.
>
> I am using xwinlogon - http://www.calcmaster.net/visual-c++/xwinlogon/
>
Are you sure you should use PuTTY with that? A quick glance suggests that
you wouldn't because (1) Putty's xterm display is text only and I'm
pretty sure it doesn't handle X11 forwarding and (2) you should start the
Xwinlogon Xterm server and then login using its ssh client.


You need two items on the Windows box for a Xterm session to work:

- an ssh client that handles X11 forwarding.
I'm pretty sure PuTTY doesn't.

- an X-server running on the Windows box to deal with the forwarded
graphics.

You have two choices:
- find an X-term implementation for Windows. There are both commercial,
e.g. eXceed or OSS, e.g. Cygwin or Xwinlogon.

- install the VNC client on Windows and the VNC server on Linux. VNC
consists of a lightweight client program that talks to a heavily
modified Xterm server on Linux. It works well with the default XFCE
desktop, but if you use Gnome (or KDE?) the colours are awful because
it only uses 256-bit colour, presumably to save bandwidth.


--
martin@ | Martin Gregorie
gregorie. | Essex, UK
org |

Martin Gregorie <(E-Mail Removed)> writes:
> You need two items on the Windows box for a Xterm session to work:
>
> - an ssh client that handles X11 forwarding.
> I'm pretty sure PuTTY doesn't.

PuTTY supports X11 forwarding just fine.

--
http://www.greenend.org.uk/rjk/

Bilbo Warble <(E-Mail Removed)> writes:
> I have set up two slackware boxen, one that handles SSH logins and one
> running X-Windows.
> I would like to set up a Windows workstation to access the X-Windows
> remotely. I am using putty to establish the connection and I have
> enabled tunneling to the X-Windows box for SSH - I can log on to the
> remote session, X-Windows will not play.
>
> I am using xwinlogon - http://www.calcmaster.net/visual-c++/xwinlogon/
>
> I have set the server to localhost:6005 (the redirected port) with a
> connection type of SSH.

What exactly have you fowarded to local port 6005? You shouldn't need
to do that at all.

Xwinlogin (in the mode you describe) expects to connect to an SSH server
which allows X11 forwarding, and then execute a command such as startkde
over that connection. IOW it sets up the forwarding, it does not expect
you to set it up separately. You should provide the address of the
target machine here, not a forwarded connection.


Xwinlogon seems to want to run a whole Linux desktop environment inside
the forwarded session, which may or may not be what you want.

The alternative approach is to start an X server and then connect to
your Linux system with PuTTY with X forwarding enabled and execute
individual applications from within that. Xming seems to be adequately
suited to this (I'm not familiar with the alternatives though).

(Remember: X server = the display, X clients = the applications.)

--
http://www.greenend.org.uk/rjk/

On 12/02/2011 18:42, Martin Gregorie wrote:

>
> You need two items on the Windows box for a Xterm session to work:
>
> - an ssh client that handles X11 forwarding.
> I'm pretty sure PuTTY doesn't.

PuTTY does....

> - an X-server running on the Windows box to deal with the forwarded
> graphics.

I have Xwinlogon.

> You have two choices:
> - find an X-term implementation for Windows. There are both commercial,
> e.g. eXceed or OSS, e.g. Cygwin or Xwinlogon.

I have Xwinlogon...

> - install the VNC client on Windows and the VNC server on Linux. VNC
> consists of a lightweight client program that talks to a heavily
> modified Xterm server on Linux. It works well with the default XFCE
> desktop, but if you use Gnome (or KDE?) the colours are awful because
> it only uses 256-bit colour, presumably to save bandwidth.

I was hoping to avoid the VNC route due exactly to the issues of colour
rendition.

On 12/02/2011 20:26, Richard Kettlewell wrote:
> Bilbo Warble<(E-Mail Removed)> writes:
>> I have set up two slackware boxen, one that handles SSH logins and one
>> running X-Windows.
>> I would like to set up a Windows workstation to access the X-Windows
>> remotely. I am using putty to establish the connection and I have
>> enabled tunneling to the X-Windows box for SSH - I can log on to the
>> remote session, X-Windows will not play.
>>
>> I am using xwinlogon - http://www.calcmaster.net/visual-c++/xwinlogon/
>>
>> I have set the server to localhost:6005 (the redirected port) with a
>> connection type of SSH.
>
> What exactly have you fowarded to local port 6005? You shouldn't need
> to do that at all.

Sorry, I've not made myself clear.

The sshd server is the only server that will accept incoming
connections, the X-Windows server is on the same internal network. I use
PuTTY to connect to the SSH server and I route a connection L6005
R{internalX-WindowsServerIPaddress}:22

I want to keep the sshd server as the only device accepting incoming
connections as the fewer ports open, the lower the risks. It's all set
up to only accept key connections and the users are provided with a USB
stick with the key, putty, etc. in a cheapscate form of 2FA.

> Xwinlogin (in the mode you describe) expects to connect to an SSH server
> which allows X11 forwarding, and then execute a command such as startkde
> over that connection. IOW it sets up the forwarding, it does not expect
> you to set it up separately. You should provide the address of the
> target machine here, not a forwarded connection.

the X server that I am trying to connect to has X11Forwarding set to yes.

> Xwinlogon seems to want to run a whole Linux desktop environment inside
> the forwarded session, which may or may not be what you want.

I have used Xwinlogon in a closed environment using XDMCP quite happily,
I was hoping to achieve similar (albeit slower) results over the Internet.

> The alternative approach is to start an X server and then connect to
> your Linux system with PuTTY with X forwarding enabled and execute
> individual applications from within that. Xming seems to be adequately
> suited to this (I'm not familiar with the alternatives though).
>
> (Remember: X server = the display, X clients = the applications.)

As I said, I'm quite happy with Xwinlogon although that does not mean
I'm not open to other (OSS) possibilities. If I have no joy with
Xwinlogon, I'll happily switch to another software.

The big issue is that I'm not sure if the X server is talking through
the tunnel I've created. Unless I've missed something obvious, I'll have
to break out tcpdump to see if I can see what's going on.

In uk.comp.os.linux Bilbo Warble <(E-Mail Removed)> wrote:
> Sorry, I've not made myself clear.
>
> The sshd server is the only server that will accept incoming
> connections, the X-Windows server is on the same internal network. I use
> PuTTY to connect to the SSH server and I route a connection L6005
> R{internalX-WindowsServerIPaddress}:22

Does the X client (yes, client, the one running the programs) have any SSH
server running, even if it's only accessible to the local network? If so
I'd do:

ssh -f -L2222:xwindows.example.com:22 (E-Mail Removed) sleep 1000000

then:

ssh -X -p 2222 xuserid@localhost

The first sets up a tunnel from the machine outside the firewall (listening
on port 2222) to the X windows machine's SSH server (and goes into the
background). Then you just SSH into your local machine which port forwards
it to the X machine, and run whatever X apps you want (or something like
'startkde' if you want a whole desktop)

If you want to use XDMCP, it uses UDP port 177, so it's not easy to tunnel
this with SSH. If you Google 'XDMCP SSH' there are various workarounds,
such as:

http://knol.google.com/k/dirk-h-schu...ee0ik2900p/16#

Theo

Bilbo Warble <(E-Mail Removed)> writes:

> Sorry, I've not made myself clear.
>
> The sshd server is the only server that will accept incoming
> connections, the X-Windows server is on the same internal network. I
> use PuTTY to connect to the SSH server and I route a connection L6005
> R{internalX-WindowsServerIPaddress}:22
>
> I want to keep the sshd server as the only device accepting incoming
> connections as the fewer ports open, the lower the risks. It's all set
> up to only accept key connections and the users are provided with a
> USB stick with the key, putty, etc. in a cheapscate form of 2FA.

I think I'm with you now; you're trying to do X11 tunnelled over SSH
itself tunnelled over SSH, yes?

What I would do to achieve the same thing is have the command supplied
to Xwinlogin be 'ssh -X xwindowserver startkde' (or whatever),
i.e. effectively putting two X11-over-SSH tunnels end to end, rather
than attempt X11-in-SSH-in-SSH.

But as to why what you're actually trying isn't working, no idea l-/

--
http://www.greenend.org.uk/rjk/

On 12/02/2011 21:26, Theo Markettos wrote:
> In uk.comp.os.linux Bilbo Warble<(E-Mail Removed)> wrote:

> Does the X client (yes, client, the one running the programs) have any SSH
> server running, even if it's only accessible to the local network? If so
> I'd do:
>
> ssh -f -L2222:xwindows.example.com:22 (E-Mail Removed) sleep 1000000
>
> then:
>
> ssh -X -p 2222 xuserid@localhost
>
> The first sets up a tunnel from the machine outside the firewall (listening
> on port 2222) to the X windows machine's SSH server (and goes into the
> background). Then you just SSH into your local machine which port forwards
> it to the X machine, and run whatever X apps you want (or something like
> 'startkde' if you want a whole desktop)

Interesting idea, I've played with FreeSSHd under Windows before, I'm
not overly happy with the user management but it appears on the face of
it that this is a workable solution, if a little less elegant.

> If you want to use XDMCP, it uses UDP port 177, so it's not easy to tunnel
> this with SSH. If you Google 'XDMCP SSH' there are various workarounds,
> such as:

I'm trying to avoid XDMCP at this point and force everything over SSH
natively but thanks for the link - one for the bookmarks.

On 12/02/2011 21:39, Richard Kettlewell wrote:

> I think I'm with you now; you're trying to do X11 tunnelled over SSH
> itself tunnelled over SSH, yes?

Explained far better than me

> What I would do to achieve the same thing is have the command supplied
> to Xwinlogin be 'ssh -X xwindowserver startkde' (or whatever),
> i.e. effectively putting two X11-over-SSH tunnels end to end, rather
> than attempt X11-in-SSH-in-SSH.

I'll have a little experiment with that idea and combine it with the
idea from Theo. Hopefully, by using the ssh server to create tunnels in
both directions I think I might be able to establish comms. I'll try
tomorrow...

> But as to why what you're actually trying isn't working, no idea l-/

I think I'll run up tcpdump as an intellectual exercise just to see if I
can work out where things are going wrong.