I can ssh into a remote machine. I can start X on that machine with startx
How do I then start firefox on that machine (from the ssh prompt) and have it display on my machine in my office.
So I want to be using firefox on the remote machine but displaying the screen output from firefox in my office. Both boxes are running centos 5.
how is that done?
Jerry
Jerry Geis wrote:
I can ssh into a remote machine. I can start X on that machine with startx
How do I then start firefox on that machine (from the ssh prompt) and have it display on my machine in my office.
So I want to be using firefox on the remote machine but displaying the screen output from firefox in my office. Both boxes are running centos 5.
how is that done?
Jerry _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi you dont need to start X on the remote system at all
ssh -X <machine to connect to> firefox
Clint Dilks wrote:
ssh -X <machine to connect to> firefox
you prolly meant -Y :D
On 07/12/2007, Karanbir Singh mail-lists@karan.org wrote:
Clint Dilks wrote:
ssh -X <machine to connect to> firefox
you prolly meant -Y :D
Why? It's less secure and -X is good enough 99% of the time (I always use -X).
--Amos
Clint Dilks wrote:
ssh -X <machine to connect to> firefox
you prolly meant -Y :D
Ok well just double checked and tested it here and -X works here. I knew about -Y but thought you only use that if you absolutely have too :)
the reason I would prefer -Y is that its ( well, the man page says anyway ) more secure than -X. Also, these days a lot of admins will disable -X functionality on machines. Have not come across anywhere -Y didnt work ( and the host OS was installed in the last 5 years ).
I am not doubting that -X will mostly work, but perhaps we should be promoting the idea of -Y a bit more.
Karanbir Singh wrote:
ssh -X <machine to connect to> firefox
you prolly meant -Y :D
Ok well just double checked and tested it here and -X works here. I knew about -Y but thought you only use that if you absolutely have too :)
the reason I would prefer -Y is that its ( well, the man page says anyway ) more secure than -X. Also, these days a lot of admins will disable -X functionality on machines. Have not come across anywhere -Y didnt work ( and the host OS was installed in the last 5 years ).
I am not doubting that -X will mostly work, but perhaps we should be promoting the idea of -Y a bit more.
Coming from a fedora client, you have had to specify -Y for a while for most things to work. But I don't think the man page makes it very clear what the difference is. What's a 'trusted' forwarding mean as opposed to any other kind?
Les Mikesell wrote:
Karanbir Singh wrote:
ssh -X <machine to connect to> firefox
you prolly meant -Y :D
Ok well just double checked and tested it here and -X works here. I knew about -Y but thought you only use that if you absolutely have too :)
the reason I would prefer -Y is that its ( well, the man page says anyway ) more secure than -X. Also, these days a lot of admins will disable -X functionality on machines. Have not come across anywhere -Y didnt work ( and the host OS was installed in the last 5 years ).
I am not doubting that -X will mostly work, but perhaps we should be promoting the idea of -Y a bit more.
Coming from a fedora client, you have had to specify -Y for a while for most things to work. But I don't think the man page makes it very clear what the difference is. What's a 'trusted' forwarding mean as opposed to any other kind?
here is ( a badly formated scrape from the man page )
----8<----
X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user’s X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitor-ing.
----8<----
and the -Y option indicates: -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls.
----8<----
I am not quite sure about the implications of the X11 Security extension controls myself. But, i suppose thats worth some investigation.
On Fri, Dec 07, 2007, Les Mikesell wrote:
Karanbir Singh wrote:
ssh -X <machine to connect to> firefox
you prolly meant -Y :D
Ok well just double checked and tested it here and -X works here. I knew about -Y but thought you only use that if you absolutely have too :)
the reason I would prefer -Y is that its ( well, the man page says anyway ) more secure than -X. Also, these days a lot of admins will disable -X functionality on machines. Have not come across anywhere -Y didnt work ( and the host OS was installed in the last 5 years ).
I am not doubting that -X will mostly work, but perhaps we should be promoting the idea of -Y a bit more.
Coming from a fedora client, you have had to specify -Y for a while for most things to work. But I don't think the man page makes it very clear what the difference is. What's a 'trusted' forwarding mean as opposed to any other kind?
This is controlled by setting ForwardX11Trusted yes|no in the ssh_config file so my guess is that earlier versions of Fedora didn't set this.
I first ran into a problem with this when connecting to a FreeBSD 4.8 system. It took me a while to figure out why X11 clients didn't work from my Linux desktops. The strange thing was that xeyes would work, but xterms would not.
Bill -- INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
But how is this legal plunder to be identified? Quite simply. See if the law takes from some persons what belongs to them, and gives it to other persons to whom it does not belong. See if the law benefits one citizen at the expense of another by doing what the citizen himself cannot do without committing a crime. -- Frederic Bastiat, The Law
On 07/12/2007, Karanbir Singh mail-lists@karan.org wrote:
I am not doubting that -X will mostly work, but perhaps we should be promoting the idea of -Y a bit more.
I'm totally with you about promoting security, but I got the impression it's the other way around and -X is the more secure one:
-Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls.
--Amos
Amos Shapira wrote:
On 07/12/2007, Karanbir Singh mail-lists@karan.org wrote:
I am not doubting that -X will mostly work, but perhaps we should be promoting the idea of -Y a bit more.
I'm totally with you about promoting security, but I got the impression it's the other way around and -X is the more secure one:
-Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls.
-X is "more secure" in the sense that almost nothing works with it if trusted forwarding is turned off by default as in the more recent openssh packages. I still don't have much of a clue what trusted vs. untrusted forwarding actually means, though.
Jerry Geis wrote:
I can ssh into a remote machine. I can start X on that machine with startx
How do I then start firefox on that machine (from the ssh prompt) and have it display on my machine in my office.
So I want to be using firefox on the remote machine but displaying the screen output from firefox in my office. Both boxes are running centos 5.
don't startx on the REMOTE machine, have it running on the LOCAL machine.
local$ ssh -X remote ...authenticate... remote$ firefox &
and firefox should open on the local...
John R Pierce wrote:
Jerry Geis wrote:
I can ssh into a remote machine. I can start X on that machine with startx
How do I then start firefox on that machine (from the ssh prompt) and have it display on my machine in my office.
So I want to be using firefox on the remote machine but displaying the screen output from firefox in my office. Both boxes are running centos 5.
don't startx on the REMOTE machine, have it running on the LOCAL machine.
local$ ssh -X remote ...authenticate... remote$ firefox &
and firefox should open on the local...
or you can do a port forward if you wanted to just use your local browser.
ssh -L <local-port>:localhost:<remote-port> <user>@<destination>
eg. ssh -L 8080:localhost:80 root@somedomain.com
then, in your local browser, simply type localhost:8080 as the url to display port 80 from the remote server.
More information can be found at http://www.ssh.com/support/documentation/online/ssh/adminguide/32/Port_Forwa...
On 07/12/2007, Ross Cavanagh ross-cavanagh@bm-sms.co.jp wrote:
John R Pierce wrote:
Jerry Geis wrote:
I can ssh into a remote machine. I can start X on that machine with startx
How do I then start firefox on that machine (from the ssh prompt) and have it display on my machine in my office.
So I want to be using firefox on the remote machine but displaying the screen output from firefox in my office. Both boxes are running centos 5.
don't startx on the REMOTE machine, have it running on the LOCAL machine.
local$ ssh -X remote ...authenticate... remote$ firefox &
and firefox should open on the local...
or you can do a port forward if you wanted to just use your local browser.
ssh -L <local-port>:localhost:<remote-port> <user>@<destination>
eg. ssh -L 8080:localhost:80 root@somedomain.com
then, in your local browser, simply type localhost:8080 as the url to display port 80 from the remote server.
That's a good one.
You can take it further (if you have more than one site/port to connect to) - install a proxy on the remote machine (e.g. "squid" or maybe apache's mod_proxy) and forward a tunnel to it as you describe then setup localhost:8080 as your proxy (firefox extensions can allow you to use this proxy only for certain sites).
Cheers,
--Amos
On Dec 6, 2007 11:22 PM, Amos Shapira amos.shapira@gmail.com wrote:
You can take it further (if you have more than one site/port to connect to) - install a proxy on the remote machine (e.g. "squid" or maybe apache's mod_proxy) and forward a tunnel to it as you describe then setup localhost:8080 as your proxy (firefox extensions can allow you to use this proxy only for certain sites).
Or better yet use ssh -d <some local port> and set your local SOCKS proxy to localhost:<that port> in your browser.
On Dec 7, 2007 7:53 AM, Jon Stanley jonstanley@gmail.com wrote:
Or better yet use ssh -d <some local port> and set your local SOCKS proxy to localhost:<that port> in your browser.
Yes, the SOCKS proxy method is indeed handy and you can redirect only selected URLs fairly easily. In my case, there are web sites I can access only from work computers and I need to get to them from home but do not want to redirect all traffic through work.
Here is a brief howto.
ssh -D 1080 <my work IP>
In firefox, Go to Edit -> Preferences -> Advanced -> Network -> Settings
In the Connection Settings box, select "Automatic proxy configuration URL:" and enter:
file:///path/to/proxylist.pac
The proxylist.pac file may look like this:
function FindProxyForURL(url, host) { // Proxy direct connections to these hosts if ( shExpMatch(url, "http://www.jbc.com/*") || shExpMatch(url, "*.sgmjournals.org/*") || shExpMatch(url, "http://www.ncbi.nih.gov/*") ) { return "SOCKS localhost:1080; DIRECT"; } // Otherwise go directly else return "DIRECT"; }
For more details on the pac file and auto config, see
http://en.wikipedia.org/wiki/Proxy_auto-config
Akemi
Akemi Yagi wrote:
ssh -D 1080 <my work IP>
In firefox, Go to Edit -> Preferences -> Advanced -> Network -> Settings
Does firefox honour the Gnome Network Proxy settings ? If so, that might be another way to setup socks for the client side. It would allow you to have a fair few apps 'just work'.
Caveat to using firefox over X11... you will sometimes get corrupted images and icons. This is because firefox (and many other X11 applications) use shared memory to store images. The corruption comes because your local X11 server cant see that memory location and will write whatever it can get to fit that space. There are supposedly ways to fix this.. but I don't know of them off hand.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jerry Geis wrote:
So I want to be using firefox on the remote machine but displaying the screen output from firefox in my office. Both boxes are running centos 5.
how is that done?
First, man ssh, so you can read the ssh manual. Second, make sure on the remote host that this line is in /etc/ssh/sshd_config.
X11Forwarding yes
Then run ssh while forwarding X
[you@office ~]$ ssh -X user@host [you@remote ~]$ /usr/bin/firefox
Regards, Max
I can ssh into a remote machine. I can start X on that machine with startx
No need to start X on the remote machine. You need to do "ssh -X <remotemachine>" so that X is forwarded (back to the machine that you ssh'ed from). Make sure that "X11Forwarding yes" is set in the /etc/ ssh/sshd_config file (restart the sshd if it was not). Then you can simply type "firefox &" and it will appear on the machine you started the ssh from (assuming of course that a X server is running locally). This of course works for any X11 application, not just Firefox.
Alfred
Jerry Geis wrote:
/ I can ssh into a remote machine.
/>/ I can start X on that machine with startx />/ />/ How do I then start firefox on that machine (from the ssh prompt) and />/ have it display on my machine in my office. />/ />/ So I want to be using firefox on the remote machine but displaying the />/ screen output from firefox in my office. />/ Both boxes are running centos 5. / don't startx on the REMOTE machine, have it running on the LOCAL machine.
local$ ssh -X remote ...authenticate... remote$ firefox &
and firefox should open on the local...
I tried the above (without the &) and firefox just returns.
I looked at /etc/ssh/sshd_config and X11Forwarding is yes.
Jerry
On 07/12/2007, Jerry Geis geisj@pagestation.com wrote:
Jerry Geis wrote:
I can ssh into a remote machine. I can start X on that machine with startx
How do I then start firefox on that machine (from the ssh prompt) and have it display on my machine in my office.
So I want to be using firefox on the remote machine but displaying the screen output from firefox in my office. Both boxes are running centos 5.
don't startx on the REMOTE machine, have it running on the LOCAL machine.
local$ ssh -X remote ...authenticate... remote$ firefox &
and firefox should open on the local...
I tried the above (without the &) and firefox just returns.
I looked at /etc/ssh/sshd_config and X11Forwarding is yes.
First - make sure you have "xauth" installed on the remote machine. With CenttOS 5 it comes in xorg-x11-xauth. Ssh needs it to pass over the x11 authentication cookies (e.g. I don't install X environment on my servers so I have to remember to install this package separately).
Secondly - when you login through SSH, type "echo $DISPLAY" and see if you get anything - if not then X11 isn't being forwarded yet.
Also I hope you start ssh after having X11 environment started on your local machine and from a shell which has $DISPLAY set correctly *locally*.
When all these tests are passed I usually try to run a basic X11 program like "xlogo" but you might not have it so just try to run firefox again and see what happens.
--Amos
-
Akemi Yagi -
Alfred von Campe -
Amos Shapira -
Bill Campbell -
Clint Dilks -
Jerry Geis -
John R Pierce -
Jon Stanley -
Karanbir Singh -
Les Mikesell -
Max Hetrick -
Ross Cavanagh -
Stephen John Smoogen