# Remote X Desktop - how? [SOLVED]

## gazR

I would like to be able to access my linux desktop (pc running at home) from a remote computer (windows based with an X-client).  I already access it via ssh but would like to use X.

How do I configure my firewall (iptables) and X (running GDM & Gnome/KDE) to allow remote X?  Also what can I do to make this setup as secure as possible?

Any thought or pointers to a decent HOWTO appreciatedLast edited by gazR on Mon Jan 12, 2004 1:03 pm; edited 1 time in total

----------

## lewk

```

$ emerge vnc

```

This was the best alternative to X forwarding that I have found so far.  With VNC, you can setup a remote session that you can connect and disconnect to as you please.  I use it when I am away from home for a while.  It works fine with a cable connection, but I wouldn't trust anything slower.

As for security, you can eaisly tunnel vnc through SSH using Putty.  All you have to do is go to SSH->Tunnels, then add a tunnel with port 5901 and destination localhost:5901.  Then just connect up to your machine via ssh, then use a vnc client to connect to localhost:1

----------

## gazR

Cheers lewk, vnc is an option but I'd still like to try remote X first.

Bearing in mind that I'd be connecting from a known static IP (so that I could add rules to iptables to allow the traffic ONLY to/from that IP) how do I enable remote X logins and which ports & protocols would I need to make rules for?

Anyone?

----------

## think4urs11

maybe this way

http://csociety.ecn.purdue.edu/%7Esigos/projects/ssh/forwarding/

----------

## waverider202

google for the ssh client called putty.  SSH into your machine with X Forwarding turned on.  Make sure you're X server is running on your Windows box.  when you ssh in, just run any app, and it'll appear on the x server in your windows box.  That'll get any application running.  If you want more...then run a window manager or desktop enviroment, and that'll run in the x server on the windows machine.  This method is faster, more secure, and easier on firewalls than vnc.  Also, remember to turn on compression  :Wink: 

----------

## gazR

OK waverider202 got that working ish...... now how do I set compression  :Confused: 

----------

## vdboor

If you're on a UNIX/Linux machine, run "ssh -X user@hostname". ssh tunnels the X11 connection, and you can start any X11 program. It appears at your own display.

To run a X server under Windows, you can try to use http://www.jcraft.com/weirdx/ It's not the best solution, but it's free.. The WeirdX server launces a display at localhost:2 then start PuTTY, and enable X11 forwarding.

Instead of 'emerge vnc", I'd recommend using tightvnc. It has a better compression rate iirc.

----------

## gazR

umm, nevermind, found it  :Embarassed: 

----------

## trapperjohn

 *Quote:*   

> To run a X server under Windows, you can try to use http://www.jcraft.com/weirdx/ It's not the best solution, but it's free.

 

You can also try Cygwin/XFree86 - I think it's faster than Java (like anything ..) and even install a windowmanager like Windowmaker or fvwm2 in it.

----------

## pedro

The best solution I found to this is to use cygwin with gdm.

To make it work edit "/etc/X11/gdm/gdm.conf" and enable the xdmcp protocol.

You can conect on this server running the following command on cygwin:

```
X -query host
```

Where host is the IP or the hostname of the server.

----------

## vdboor

 *trapperjohn wrote:*   

>  *Quote:*   To run a X server under Windows, you can try to use http://www.jcraft.com/weirdx/ It's not the best solution, but it's free. 
> 
> You can also try Cygwin/XFree86 - I think it's faster than Java (like anything ..) and even install a windowmanager like Windowmaker or fvwm2 in it.

 

yes, it's faster  :Razz:  But not in terms of installation. If the JRE has been installed, I can just download a .jar file from my server, and double click on it.

...also I haven't been able to install xfree from cygwin  :Embarassed:  I got a little confused by the installer.  :Sad: 

----------

## jonnymalm

If you are trying to access the computer over the Internet I would not suggest using XDMCP.  It is slow and very insecure.  If you plan on using it on a local LAN, XDMCP is the way to go.  If you would like the entire desktop and not just X11 forwarding over SSH, VNC is the way to go when connecting over the Internet.  

Here is a good howto for seting up vnc:https://forums.gentoo.org/viewtopic.php?t=72893&highlight=xvnc

If you do go the X route, cygwin/Xfree is the way to go for setting up an x server on windows.  It is fast and more importantly free.  There are some other x servers for windows but they are very pricey, Exceed by Hummingbird...

 *Quote:*   

> ...also I haven't been able to install xfree from cygwin  I got a little confused by the installer. 

 

It really is not that hard, you just select xfree in the installer for cygwin.  There is documentation on installing it on the cygwin site.

Here is a good link for setting up XDMCP:http://www.monkeynoodle.org/comp/remote-x-cygwin-howto

I have set up vnc, x-fowarding over ssh and XDMCP so let me know if you have any questions.

----------

## gazR

Thanks everyone for pitching in with your ideas.  After a bit of playing around I managed to try most of the ideas you have all come up with and decided to go with tightVNC.

Cygwin/X and ssh ( or XDMCP ) offer features which would be nice to have, eg the integration of local & remote apps on one desktop with X & ssh forwarding, but until I get more bandwidth to play with, VNC seems like my best option.

As an afterthought, anyone know how well VNC compares with MS Remote Desktop Protocal or Citrix Metaframe in relation to bandwidth usage?

----------

## gazR

Now I'm trying to secure things by using an SSH tunnel, however when ever I try to connect the vncviewer I get 'Forwarded connection refused by server' in the logs.

vncviewer is running on a win2k box and I'm using Putty as the ssh client.

This is my sshd_config

```

#   $OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $

# This is the sshd server system-wide configuration file.  See

# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented.  Uncommented options change a

# default value.

#Port 22

#Protocol 2,1

#ListenAddress 0.0.0.0

#ListenAddress ::

# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 1h

#ServerKeyBits 768

# Logging

#obsoletes QuietMode and FascistLogging

#SyslogFacility AUTH

#LogLevel INFO

# Authentication:

#LoginGraceTime 2m

#PermitRootLogin yes

#StrictModes yes

#RSAAuthentication yes

#PubkeyAuthentication yes

#AuthorizedKeysFile   .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!

#PasswordAuthentication yes

#PermitEmptyPasswords no

# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes

# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCreds yes

# Set this to 'yes' to enable PAM authentication (via challenge-response)

# and session processing. Depending on your PAM configuration, this may

# bypass the setting of 'PasswordAuthentication'

#UsePAM yes

AllowTcpForwarding yes

#GatewayPorts yes

#X11Forwarding yes

#X11DisplayOffset 1

#X11UseLocalhost yes

#PrintMotd yes

#PrintLastLog yes

#KeepAlive yes

#UseLogin no

#UsePrivilegeSeparation yes

#PermitUserEnvironment no

Compression yes

#ClientAliveInterval 0

#ClientAliveCountMax 3

UseDNS no

#PidFile /var/run/sshd.pid

#MaxStartups 10

# no default banner path

#Banner /some/path

# override default of no subsystems

Subsystem   sftp   /usr/lib/misc/sftp-server

```

everything works fine if I setup a local tunnel on my gentoo box using

```

ssh -L 9000:localhost:5952 localhost -C -2

```

 and the connect using

```

vncviewer localhost:52

```

But as soon as I try the to initialise the ssh connection from my win2k box, the forwarded connection gets refused.  Any ideas anyone?

----------

