Saturday, August 29, 2020

X11 Forwarding from Linux to Windows

We are discussing here how to set up SSH's X11 Forwarding to forward Linux systems X11's display to a X server on Windows, and discuss a few challenges. Just to be clear, our objective is to run X server on the Windows host, and forward Linux systems' display to the X server on the Window host.

  1. On the Windows host, install a X server, such as, vcXsrv
  2. On the Linux system, install xauth package, e.g., on Debian or Ubunbu, we run
        sudo apt-get install xauth    
    On Fedora Linux, we run
        sudo dnf install xorg-x11-xauth    
  3. On the Linux system, check if SSH daemon (sshd)'s X11 Forwarding feature is enabled. To do this, we open /etc/ssh/sshd_config, and look for the following line,
      X11Forwarding yes  
    If we don't find this line, we must add it. If this is line is commented out, we must uncomment it. After that we reload SSH daemon's configuration, such as,
      sudo systemctl reload sshd
    
  4. On Windows host, we run
    
        ssh -Y the_username@the_linux_system    
    or
        ssh -X the_username@the_linux_system
        

Remarks

If SSH's X11 Forwarding is successfully set up, there isn't a need to set the DISPLAY variable on the Linux system; otherwise, we aren't doing X11 Forwarding, instead, we just display to a display that isn't local.

The preconditions for X11 Forwarding to work is that we need xauth program on both client and server side, i.e., in our case, xauth must be present on both the Windows system and the Linux system. In fact, vcXsrv comes with a copy of xauth. 

Another problem is about access control. In the above set up, we run as a different user from the login user on the Linux system, we will see a "couldn't connect to display" error. For instance, after we log in we can run X11 program without any problem; however, when we run the same program with sudo, we will observe the error. This is actually an access control problem, and this cannot be resolved by running a command like "xhost +" as the login user, because the command like "xhost +" is only about controlling access to the "local" display. This linked post explains very well how we should resolve this, that is, we need to use xhost to add the X11 cookie associated with the remote display set up by the login user to the new user. We repeat the steps outline in the post below,

  1. After we log in with via SSH with X11 Forwarding, e.g.,
    
        ssh -X the_username@the_linux_system
        
  2. On the Linux system, query the X11 cookie using xauth,
    
        xauth list $DISPLAY 
        
    The output looks the following,
    
        the_linux/unix:10  MIT-MAGIC-COOKIE-1  123456989abcdef1000011
        
  3. On the Linux system, show the value of the DISPLAY variable
    
        echo $DISPLAY
        
    The output may be,
    
        the_linux:10.0
        
  4. On the Linux, become the user we wish to run a GUI program, e.g., to become the root user,
    
        sudo -s
        
  5. As the new user, e.g., the root, set the X11 cookie to the one we show in the above, e.g.,
    
        xauth add the_linux/unix:10  MIT-MAGIC-COOKIE-1  123456989abcdef1000011
        
    Note that after "add", we simply copy and paste the X11 cookie value that we list before.
  6. As the new user, check if the DISPLAY is set and if set, it has the same value as the old user. If not, set it, e.g.,
    
        export DISPLAY=the_linux:10.0
        
    It is often that this step isn't necessary because it is often set and the value is identical to the one listed under the older user.

X Server on Windows Host for Linux Virtual Machine Guests

We can run thin Linux (or other UNIX) virtual machine guests systems including Docker containers without GUI. Linux systems often need memory on the order of hundred megabytes to run. Without GUI, we can run more virtual machine instances and run the instances faster. These instances on the VMs or in the containers can still run GUI applications if we install X server on the host. 

For host systems that comes with X natively, this is quite easy, and just need to inform the guest which display to use. However, not all host systems have X natively. For instance, Windows does not come with one natively. Luckily, there are  a few free or inexpensive X Server for Windows available. Below are the simple steps to realize this idea on a Windows host,

  1. Download and install vcXsrv
  2. Launch vcXsrv using the XLaunch shutcut. If you run it on the host for the guest Linux systems on the hosted VMs, and the host has firewall like Windows Defender to prevent outside access to the X server, you can safely check "Disable access control" to allow any X client to display on the server. 
  3. vcXsrv has a tray icon on Windows. Right-click the tray icon, open "Show log", and the log will tell us what host IP addresses the X server is bound to, such as, 192.168.1.101. 
  4. Log in to a Linux guest,  such as, ssh to the Linux guest,
  5. Set the DISPLAY environment variable, e.g., if our host IP address is 192.168.1.101
    export DISPLAY=192.168.1.101:0.0
    
  6. Lanuch a GUI application from the Linux guest, and we shall see it's running and the X server is displaying the GUI.

Very importantly, we are not using SSH's X forwarding feature here. Not everyone can successfully enable SSH's X forwarding feature smoothly. This method is simpler to set up to those who have a problem to set SSH's X forwarding up. 

In next post, we shall discuss what it takes to set up SSH's X forwarding.


Thursday, August 27, 2020

X Servers for Windows

When we run multiple thin Linux/Unix systems on virtual machines on a Windows host, we wish to have X server for windows. There are in fact a few free ones, at least for personal use. Here are some of these X servers.

  • MobaXterm that integrates PuTTY and Cygwin/X with feature-rich GUI
     
  • VcXsrv that is based on from xorg's source code, compiled with Visual Studio (Visual C++, so vc - X - srv)
     
  • Cygwin/X.
     
  • Xming. An older version of Xming is available for free, but new versions require a donation like $20. 

Wednesday, August 5, 2020

My Cat Taught Me Browser Task Manager

My cat walked on my keyboard, and this happened ,



She launched the Microsoft Edge Browser Task Manager that I didn't know existed. Modern Web Browsers like Mozilla Firefox, Google Chrome, and Microsoft Edge are of multiprocess architecture. The Chromium projects have a good introduction about the advantage of this design and that I quote,
"

It's nearly impossible to build a rendering engine that never crashes or hangs. It's also nearly impossible to build a rendering engine that is perfectly secure.

In some ways, the state of web browsers around 2006 was like that of the single-user, co-operatively multi-tasked operating systems of the past. As a misbehaving application in such an operating system could take down the entire system, so could a misbehaving web page in a web browser. All it took is one browser or plug-in bug to bring down the entire browser and all of the currently running tabs.

Modern operating systems are more robust because they put applications into separate processes that are walled off from one another. A crash in one application generally does not impair other applications or the integrity of the operating system, and each user's access to other users' data is restricted.

"

So when a browser runs, it creates multiple processes. However, old fashioned as I am, I wasn't aware that Microsoft Edge browser had a tool to show and to help users manage the processes -- the keyboard shortcut to open Microsoft Edge Browser Task Manager is SHIFT + ESC. The cat must have stepped on the two keys and taught me this.  You can also launch it from the menu as the following screen shot shows, i.e., click at "...", select "More tools", and then "Browser task manager".



Sure enough, FireFox and Chrome browsers have the similar. In FireFox, open the menu, click "More", and select "Task Manager".


In Chrome, open the menu, click "More tools", and then select "Task Manager".

Neat!