{"id":643,"date":"2011-08-16T18:31:44","date_gmt":"2011-08-16T18:31:44","guid":{"rendered":"http:\/\/www.redwireservices.com\/?p=643"},"modified":"2017-06-20T08:41:48","modified_gmt":"2017-06-20T15:41:48","slug":"remote-x11-for-linux-unix","status":"publish","type":"post","link":"https:\/\/www.redwireservices.com\/remote-x11-for-linux-unix","title":{"rendered":"Remote X11 GUI for Linux\/Unix"},"content":{"rendered":"
\"xeyes<\/a>

xeyes displayed from a remote server via Xming on Windows, over ssh, with a PuTTY window in the background<\/p><\/div>\n

 <\/p>\n

The Problem<\/h1>\n

One of my most feared questions from end users is “how can I interact with an X11 GUI application on our remote Linux system if I have no access to the physical console, X11 isn’t installed, and there is no VNC access?” \u00a0After hearing this many times at one site, I wrote a script to automate the server side process, but even that does not address the whole story. \u00a0I’m\u00a0writing\u00a0this post as a quick reference when I field this question in the future, and I hope it helps you, too.<\/p>\n

The problem is that most system administrators do not install X11, Xorg, or other GUI interfaces on Linux and Unix systems as this introduces more packages to manage and patch, more security bugs to fix\/mitigate, and a larger install footprint (more used space). That last point may seem moot today, but with many environments deploying hundreds of virtual machines, 200-400MB of extra space per VM can really add up quickly (see my latest presentation on Open Source Data Deduplication<\/a> for more ideas on saving space in these environments). \u00a0If you consider the overhead of installing a modern desktop\/windowing system such as Gnome<\/a>\u00a0or KDE<\/a>, it could easily more than double the data size footprint of a Linux server.<\/p>\n

OK, many environments don’t install the Linux\/Unix GUI bits (also known as X11 or Xorg server), so who cares, I can just install everything via the command line, right? \u00a0Well, yes, for the most part you can just install applications via the command line and forget this whole issue. \u00a0However, there are a few vendor applications,\u00a0notably\u00a0including Oracle Database and Application Server products, that are difficult if not impossible to install without a GUI.<\/p>\n

The Solution<\/h1>\n

The modern solution to the problem stated above is to tunnel X11 traffic over ssh (securely), and display it on your workstation, whether it be Windows, Mac OS X, or Linux. \u00a0For sake of helping the most folks, we’ll focus on Windows workstations here, but Linux and Mac OS X should work with only the server side changes we write here (just connect with the command line ssh -Y your_username@your_servername.com<\/em>).<\/p>\n

In certain circumstances, it may be\u00a0advantageous\u00a0to setup a VNC server to accomplish the same thing, but that requires more of X11 and an windowing environment be configured on the server side, and we’d like to avoid as many server side changes as possible, as many users won’t have access to make these changes themselves.<\/p>\n

Process Overview<\/h2>\n

In order to obtain the ability to\u00a0interact\u00a0with an X11 GUI remotely, we will follow these general steps:<\/p>\n

    \n
  1. Ensure that the foundational X11 packages are installed<\/li>\n
  2. Ensure that OpenSSH server is configured to forward X11 connections<\/li>\n
  3. Configure a local X11 server on our workstation<\/li>\n
  4. Configure our ssh application to forward X11 requests<\/li>\n
  5. Test with a simple application<\/li>\n
  6. Configured authentication if user changes are needed<\/li>\n
  7. Move on with the task at hand<\/li>\n<\/ol>\n

    \n<\/span><\/span><\/div>\n

    1) Ensure that the foundational X11 packages are installed<\/h2>\n

    In order to use remote X11, you must have a few X11 packages installed on the server. \u00a0In many cases these are already installed, but you may have to ask your System Administrator to install them for you, it’s easy:<\/p>\n

    RHEL\/CentOS\/Fedora (xterm is optional, but\u00a0beneficial\u00a0for testing):<\/p>\n

    sudo yum install xorg-x11-xauth xterm<\/pre>\n
    2) Ensure that OpenSSH server is configured to forward X11 connections<\/h2>\n
    On RHEL and related RedHat based servers, the file to check is \/etc\/ssh\/sshd_config. \u00a0Review this file for the following line:<\/p>\n
    X11Forwarding yes<\/pre>\n
    If that line is preceded by a comment (#<\/em>) or is set to no<\/em>, update the file to match the above, and restart your ssh server daemon (be careful here — if you made an error you may lock yourself out of the server).<\/p>\n
    sudo \/etc\/init.d\/sshd restart<\/pre>\n
    3)\u00a0Configure a local X11 server on your workstation<\/h2>\n
    Next we need to install and configure a local X11 server, Xming <\/a>or Cygwin\/X<\/a>\u00a0are popular<\/p>\n
    \"\"<\/a>
    Click Xming to start the Xming X11 Server on your Desktop\/Workstation<\/p><\/div>\n
    free choices for Windows. \u00a0Simply download and follow the install instructions for these packages, Xming is by far easier to setup for beginners. \u00a0After the install is complete, and you’ve rebooted your workstation\/desktop (if requested), start the X11 server application from the start menu.<\/p>\n
    4) Configure our ssh application to forward X11 requests<\/h2>\n
    Next, we need to ensure that our ssh client is configured to forward X11 requests from the server. \u00a0If you are using Cygwin\/X, a Mac, or a Linux desktop, simple open up a terminal and preface your ssh command with -Y<\/em>, for example:<\/p>\n
    ssh -Y your_username@your_server.your_domain.com<\/pre>\n
    That will tell SSH to forward all X11 requests to your local desktop. \u00a0For Windows, the most popular client is PuTTY<\/a>. \u00a0To\u00a0achieve\u00a0the same result in PuTTY, load the profile of the server you wish to connect to, or simply fill out the connection details. \u00a0Next expand the Connection<\/em>\u00a0and SSH<\/em>\u00a0options on the left hand side. \u00a0Under SSH <\/em>and then X11, <\/em>ensure that Enable X11 Forwarding<\/em>\u00a0is checked.<\/p>\n
    \"\"<\/a>
    PuTTY Configuration Window Show X11 Forwarding Enabled.<\/p><\/div>\n
    Finally, click the Open<\/em>\u00a0button to connect to the remote server.<\/p>\n
    5) Test with a simple application<\/h2>\n
    If everything has gone according to plan you now have a server configured to allow X11 connections, an ssh client configured likewise, and you are ready to test. \u00a0When connecting to the remote server (last step in part 4 above), you may see a message like this:<\/p>\n
    \/usr\/bin\/xauth:  creating new authority file \/home\/ec2-user\/.Xauthority<\/pre>\n
    This is a normal message, and in fact it tells us that part of our changes are working! \u00a0This file contains an authentication token required to connect with the X11 server. \u00a0Now to test, it’s easy, just enter this command on the remote ssh session:<\/p>\n
    xterm<\/pre>\n
    Wait just a few seconds depending on your internet\/network connection speed, and you should see the following.<\/p>\n
    \"Xterm<\/a>
    xterm displayed on Windows from a remote Linux Server<\/p><\/div>\n
    If you see something similar, congratulations! \u00a0Remote X11 connections are working!<\/p>\n
    6) Configured authentication if user changes are needed<\/h2>\n
    X11 forwarding is working, great! \u00a0These days, however, users are often not allowed to log in as root, which is great for security, but adds yet another step to our process. \u00a0In step 5 we ran xterm as ourselves, which validates our setup is proper. \u00a0Try running the same command as another user, though, via sudo<\/em>\u00a0and you’ll likely see an error like the following.<\/p>\n
    \"X11<\/a>
    X11 Error from Improper Xauth Configuration<\/p><\/div>\n
    The problem here is that a .Xauthority<\/em>\u00a0file is created automatically at log in time for our user, allowing our user access to our local X11 server (on our desktop). \u00a0However, when root tries to access this connection it is denied without the proper permissions.<\/p>\n
    To work around this, simply copy the .Xauthority<\/em>\u00a0file from your user directory to the user you want to work with (root for example). \u00a0Note that this should be done from your user account, not as root:<\/p>\n
    sudo cp ~\/.Xauthority ~root\/<\/pre>\n
    sudo \/bin\/chown root ~root\/.Xauthority<\/pre>\n
    Try running xterm <\/em>again as root, it should work.<\/p>\n
    sudo xterm<\/pre>\n
    7) Move on with the task at hand<\/h2>\n
    There you have it, now that you can login remotely and still access a GUI as any user, you can move on to installing your GUI centric application such as Oracle.<\/p>\n
    sudo cp ~\/.Xauthority ~oracle\/<\/pre>\n
    sudo \/bin\/chown oracle ~oracle\/.Xauthority<\/pre>\n
    sudo su - oracle<\/pre>\n
    .\/runInstaller<\/pre>\n
    Enjoy!<\/p>\n
    Gotchas<\/h1>\n
    When installing or configuring an application, like those from Oracle, keep in mind that a break in your internet connection or other problems with your link may cause the remote program to be closed! \u00a0So while it may be tempting to let an X11 process run overnight, you may have better results sticking around until the process completes. \u00a0If your installer\/application stops to ask you a question and your link does fail, you will likely lose all the work completed to that point and have to start all over again. \u00a0Save early, save often, as they say.<\/p>\n
    Conclusion<\/h1>\n
    If this was helpful, please drop us a line at info at redwireservices.com, @RedWireServices<\/a> on Twitter, or using the contact<\/a>\u00a0page. \u00a0If you have additional tips to add, please add a comment below and I will update the post accordingly to help as many as possible.<\/p>\n
    Finally, if you or your company are in need of IT disaster recovery planning<\/a>, backup system\u00a0assistance<\/a>, storage<\/a>, or\u00a0archival\u00a0help<\/a>, give us a ring at (206) 829-8621<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"
      The Problem One of my most feared questions from end users is “how can I interact with an X11 GUI application on our remote Linux system if I have no access to the physical console, X11 isn’t installed, and … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[11],"tags":[28,17,25,9,30,15,22,26,13,21,27,24,14,20,29,23,18,19,12,16],"_links":{"self":[{"href":"https:\/\/www.redwireservices.com\/wp-json\/wp\/v2\/posts\/643"}],"collection":[{"href":"https:\/\/www.redwireservices.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.redwireservices.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.redwireservices.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.redwireservices.com\/wp-json\/wp\/v2\/comments?post=643"}],"version-history":[{"count":35,"href":"https:\/\/www.redwireservices.com\/wp-json\/wp\/v2\/posts\/643\/revisions"}],"predecessor-version":[{"id":1835,"href":"https:\/\/www.redwireservices.com\/wp-json\/wp\/v2\/posts\/643\/revisions\/1835"}],"wp:attachment":[{"href":"https:\/\/www.redwireservices.com\/wp-json\/wp\/v2\/media?parent=643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.redwireservices.com\/wp-json\/wp\/v2\/categories?post=643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.redwireservices.com\/wp-json\/wp\/v2\/tags?post=643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}