I know that ssh will happily tunnel X11 for me.  But, when doing this 
for an X intensive application, it is annoyingly slow.  Usable, but 
aggravating.

I often work at a windows laptop running the xceed xserver and ssh to my 
solaris 8 box.  Inside the xceed configuration, I allow the solaris box 
to display to the Xserver on my laptop and set my DISPLAY variable to 
point directly at the laptop instead of to the tunneled pathway.  This 
works just great.  The info that goes through X is not encrypted, but 
that doesn't bother me, and I only allow my solaris box access.  It's 
just about as fast as sitting directly at the console of the Solaris box.

My problem is, that I can't seem to do a similar thing if I'm working at 
a different seat (like a linux box or mac).  If I'm at one of those and 
display X tunneled through SSH, the slowness is annoying.  However, I 
can't seem to X to bypass ssh and display.  At the linux box or mac I do 
an "xhost <solaris box>" and then set my DISPLAY variable to point 
directly to that location.  But it still is not allowed.  I can only 
seem to get X to work by going through the encryption/decryption process 
in ssh.  I even turned off the firewall on the linux box and still 
couldn't get it to work.

Does anyone know of a way to get this faster, though less secure, method 
of displaying X over the network to work?  Or is there some trick to ssh 
to speed up the tunelling of X?

Thanks.

-Jonathan

On 2007-02-20 18:05:42 +0000, JJ <jj21@cornell.edu> said:

> My problem is, that I can't seem to do a similar thing if I'm working 
> at a different seat (like a linux box or mac).  If I'm at one of those 
> and display X tunneled through SSH, the slowness is annoying.  However, 
> I can't seem to X to bypass ssh and display.  At the linux box or mac I 
> do an "xhost <solaris box>" and then set my DISPLAY variable to point 
> directly to that location.  But it still is not allowed.  I can only 
> seem to get X to work by going through the encryption/decryption 
> process in ssh.  I even turned off the firewall on the linux box and 
> still couldn't get it to work.

From the solaris box (or the X client, anyway), try telnetting to the 
machine with the server on port 6000 + display number (normally 6000).  
If you can't get through something is in the way: either the server 
isn't listening (which seems to be the case for the OS X server by 
default) or thye machine has a firewall or something.

--tim

JJ <jj21@cornell.edu> wrote:
> My problem is, that I can't seem to do a similar thing if I'm working at 
> a different seat (like a linux box or mac).  If I'm at one of those and 
> display X tunneled through SSH, the slowness is annoying.  However, I 
> can't seem to X to bypass ssh and display.  At the linux box or mac I do 
> an "xhost <solaris box>" and then set my DISPLAY variable to point 
> directly to that location.  But it still is not allowed.

What is the message you get?

Some X servers will refuse all external clients by default.  You have to
explicitly allow them to accept clients that are not on localhost.

The SSH stuff would normally work in this situation because the client
is on the local machine.

If this is your problem, then the solution depends on the specific X
server in use.  There's no common way to control them.  

-- 
Darren Dunham                                           ddunham@taos.com
Senior Technical Consultant         TAOS            http://www.taos.com/
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

Darren Dunham wrote:


> 
> What is the message you get?

With the linux box, I don't get a message at all.  When I try to run the 
X application, it just waits.

> Some X servers will refuse all external clients by default.  You have to
> explicitly allow them to accept clients that are not on localhost.

I thought turning off the firewall might do this, but it sounds like 
you're saying it might be some configuration of the X server itself. 
I'll look into this.


> If this is your problem, then the solution depends on the specific X
> server in use.  There's no common way to control

Thanks.

-Jonathan

JJ <jj21@cornell.edu> wrote:
> Darren Dunham wrote:
>> What is the message you get?

> With the linux box, I don't get a message at all.  When I try to run the 
> X application, it just waits.

>> Some X servers will refuse all external clients by default.  You have to
>> explicitly allow them to accept clients that are not on localhost.

> I thought turning off the firewall might do this, but it sounds like 
> you're saying it might be some configuration of the X server itself. 
> I'll look into this.

Right.  On Linux, I might do a 'netstat -an | grep 6000'.  The X server
will run open a LISTEN port on 6000 under normal circumstances.

If that port is tied to the localhost address:

tcp        0      0 127.0.0.1:6000                0.0.0.0:*                   LISTEN

Then it is *NOT* accepting external clients.  You'd expect 0.0.0.0:6000
if it is listening on all interfaces.

-- 
Darren Dunham                                           ddunham@taos.com
Senior Technical Consultant         TAOS            http://www.taos.com/
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

> > Some X servers will refuse all external clients by default.  You have to
> > explicitly allow them to accept clients that are not on localhost.
>
> I thought turning off the firewall might do this, but it sounds like
> you're saying it might be some configuration of the X server itself.
> I'll look into this.

Google for "DisallowTCP" and "/etc/X11/gdm/gdm.conf" on your Linux
box.

On 2007-02-20, JJ <jj21@cornell.edu> wrote:
>
> I know that ssh will happily tunnel X11 for me.  But, when doing this 
> for an X intensive application, it is annoyingly slow.  Usable, but 
> aggravating.

Did you try enabling compression?

Ceri
-- 
That must be wonderful!  I don't understand it at all.
                                                  -- Moliere

In article <erfd9o$gkl$1@ruby.cit.cornell.edu>, JJ  <jj21@cornell.edu> wrote:
>I know that ssh will happily tunnel X11 for me.  But, when doing this 
>for an X intensive application, it is annoyingly slow.

You could try switching encryption methods, some are much faster than
others.  Blowfish is much faster than 3des.  If top-notch security
isn't necessary you might be able to find something supported on both
sides that is even quicker.

>At the linux box or mac I do 
>an "xhost <solaris box>" and then set my DISPLAY variable to point 
>directly to that location.  But it still is not allowed.

With RedHat/Fedora systems I've run into two problems	
	- the X server starts with "-nolisten tcp" so it doesn't accept
	  remote connections.  This is usually controlled by DisallowTCP
	  in the X startup files (which vary from release to release)
	- they sometimes startup the server with a private XAUTHORITY
	  file instead of ~/.Xauthority (using xauth is somewhat better
	  than using xhost but the private file makes this harder).
-- 
Jim Prescott - Computing and Networking Group	jgp@seas.rochester.edu
School of Engineering and Applied Sciences, University of Rochester, NY

Jonathan,

You can use an VNC Server on the Solaris Box and an VNC Viewer on your 
laptop.  In my experience this is often faster than using the ssh X 
forwarding if ssh is neccessary to access the Solaris Box.

For security reasons configure the VNC Server to only listen to 
localhost and use an ssh tunnel to access the VNC Server.

Another advantage is that you do not loose your open sessions if you 
disconnect the VNC viewer (because the X Server (which is the VNC 
Server) runs on your Solaris box and not on the laptop).


regards

Bernd

JJ wrote:
> 
> I know that ssh will happily tunnel X11 for me.  But, when doing this 
> for an X intensive application, it is annoyingly slow.  Usable, but 
> aggravating.
> 
> I often work at a windows laptop running the xceed xserver and ssh to my 
> solaris 8 box.  Inside the xceed configuration, I allow the solaris box 
> to display to the Xserver on my laptop and set my DISPLAY variable to 
> point directly at the laptop instead of to the tunneled pathway.  This 
> works just great.  The info that goes through X is not encrypted, but 
> that doesn't bother me, and I only allow my solaris box access.  It's 
> just about as fast as sitting directly at the console of the Solaris box.
> 
> My problem is, that I can't seem to do a similar thing if I'm working at 
> a different seat (like a linux box or mac).  If I'm at one of those and 
> display X tunneled through SSH, the slowness is annoying.  However, I 
> can't seem to X to bypass ssh and display.  At the linux box or mac I do 
> an "xhost <solaris box>" and then set my DISPLAY variable to point 
> directly to that location.  But it still is not allowed.  I can only 
> seem to get X to work by going through the encryption/decryption process 
> in ssh.  I even turned off the firewall on the linux box and still 
> couldn't get it to work.
> 
> Does anyone know of a way to get this faster, though less secure, method 
> of displaying X over the network to work?  Or is there some trick to ssh 
> to speed up the tunelling of X?
> 
> Thanks.
> 
> -Jonathan


-- 
Bernd Schemmer                         http://home.arcor.de/bnsmb/index.html