This is the mail archive of the
cygwin-xfree@cygwin.com
mailing list for the Cygwin XFree86 project.
SSH Notes
- From: Harold L Hunt II <huntharo at msu dot edu>
- To: cygwin-xfree at cygwin dot com
- Date: Thu, 03 Oct 2002 19:16:42 -0400
- Subject: SSH Notes
- Reply-to: cygwin-xfree at cygwin dot com
X11 tunnelling via SSH has always been somewhat of a mystery to me and
to most other Cygwin/XFree86 users. I knew that the instructions that I
provided in the Cygwin/XFree86 User's Guide worked, but I did not know
what most other methods of starting ssh and Cygwin/XFree86 did not work.
I have now found out what is going on, and I actually think that we
may want to make a patch to openssh for Cygwin to make the system more
fool-proof. Below are my notes on what I found.
Notes on X11 Tunnelling
=======================
1) The key to X11 tunnelling via openssh is to have the ``DISPLAY''
environment variable defined in your Cygwin bash shell BEFORE you ssh
into your remote host. That is, you must run the following command
before you run ssh:
export DISPLAY=127.0.0.1:0.0
2) You do not have to have your X Server (Cygwin/XFree86) running when
you open your ssh session to your remote machine, but you have to have
the DISPLAY variable set to a valid value. Remember, you would open an
ssh session with X11 forwarding like so:
ssh -X -C foo_user@foo_machine
3) The .Xauthority file is created on your remote host. I always
thought that the .Xauthority file was created on your Cygwin host, but I
was wrong. Thus, there are no problems with the .Xauthority file being
stored in the wrong place in your Cygwin file system, as we have
sometimes thought.
4) The instructions in the Cygwin/XFree86 User's Guide for ssh
tunnelling work because you launch ssh from within an xterm, which has
the DISPLAY variable set correctly already.
5) When ssh launches with the ``-X'' paramter (for X11 tunnelling) on
Cygwin, it looks for the DISPLAY environment variable. If DISPLAY is
not defined, ssh assumes that you do not really want X11 tunnelling and
it fails to set the DISPLAY environment variable on the remote host
(which is the key step).
6) You cannot set the DISPLAY environment variable by hand on the remote
host after connecting with ssh when the DISPLAY variable was not set on
the Cygwin host when you launched. You might have seen
DISPLAY=localhost:10.0 in one of your previous sessions on your remote
host and thought that you could just set the DISPLAY variable to that
again, but you can't. It appears that ssh just disables the X11
tunnelling (silent failure, the worst kind) when the DISPLAY variable is
not defined on your Cygwin host.
What to Fix
===========
ssh should assume ``DISPLAY=127.0.0.1:0.0'' when the DISPLAY variable is
not set on the Cygwin host. I am not sure why this is not currently the
case. I can only guess that the lack of this assumption is either do to
1) a whiny security geek on the openssh project, or 2) that the assumed
usage scenario for openssh is more like a Linux/X machine where you have
probably got your X Server running when you connect to your remote
machine with ssh, thus DISPLAY would already be set.
At the very least, we should patch the Cygwin release of openssh to
assume that DISPLAY=127.0.0.1:0.0 when DISPLAY is not defined in the
environment. That would make X11 tunnelling much much easier for 95% of
our users and I either can't see or I don't care about any
pseduo-security hole that this might open up. (Hey, if SSH Secure Shell
makes this assumption, then we can too.)
Stupid Pet Tricks
+++++++++++++++++
NOTE: I can hardly advocate using either of the following commercial
products. But, users continually express interest in how to
interoperate with these products, so I wanted to show that it is
possible and I wanted to document how it is done.
Using SSH Secure Shell with Cygwin/XFree86
==========================================
NOTE: You do not, I repeat, NOT, need to run the xhost command on your
Cygwin host. In fact, that may break things.
1) Edit->Settings->Profile Settings->Tunnelling, check the ``Tunnel X11
connections'' check box.
2) Edit->Settings->Profile Settings->Connection, select ``zlib'' from
the Compression drop-down list box. [optional, but recommended for slow
network connections]
3) File->Save Settings
4) Open a connection to your remote host
5) Launch Cygwin/XFree86 using startxwin.bat, or your favorite method.
[You can actuall do this step at any of the steps up until now.]
6) Launch your X Client from your SSH Secure Shell, for example, ``xterm''.
7) Observe that your X Client has shown up in Cygwin/XFree86.
Using Cygwin's OpenSSH with XWin-32
===================================
1) Launch XWin-32
2) Open XWin-32's X-Config program (usually done by right-clicking on
the blue X icon in the system tray and choosing X-Config from the pop-up
menu)
3) Navigate to the Security tab
4) Check the ``Use XAuth'' check box
5) Click the ``Add'' button and in the ``Add X Host'' window type
``127.0.0.1'', then press ``OK'' on both dialog boxes.
6) Reset XWin-32 (usually done by right-clicking on the blue X icon in
the system tray and choosing Reset from the pop-up menu)
7) Open a Cygwin bash shell by clicking or double-clicking your Cygwin icon.
8) In your Cygwin bash shell, run:
export DISPLAY=127.0.0.1:0.0
9) In your Cygwin bash shell, open an ssh session to your remote host
with X11 tunnelling enabled (and I recommend the -C for compression on
slow network links):
ssh -X -C foo_user@foo_machine
10) Launch your X Client from your ssh session in your Cygwin bash
shell, for example, ``xterm''.
11) Observer that your X Client has shown up in XWin-32.
Neat, eh?
Eventually some of this information will find its way to the
Cygwin/XFree86 User's Guide. Until then, just post a link to the
mailing list archive of this message whenever a user has questions about
ssh and X11 tunnelling.
I hope this helps someone out there,
Harold