Displaying X to a remote host

Introduction

This document tries to explain how to run X applications on DAMTP machines displaying to far away places (e.g. home, or college machines), and answer some of the more common questions about X authentication. Some of the statements in this document are simplified to make them easier to explain, please don't complain about these simplifications.

If you need more detailed information, please contact the departmental computing helpdesk.

Use SSH

The ssh protocol supports what is known as X-forwarding which arranges for the X protocol to be transported automatically over the strongly encrypted SSH connection.

Our ssh clients are mostly configured to enable X-forwarding by default, though on the MacOSX machines this isn't the case. Some distributions of openssh do the same, though sites may have changed the defaults to suit their policies.

Sadly the authors of openssh decided to change the option to enable (normal) X-Forwarding from -X to -Y for version 3.8 with -X now meaning a new kind of X-Forwarding which will work with most applications but by no means all. See openssh FAQ 3.13 for some more information.

Therefore for newer versions of openssh use -Y, and switch to -X if that isn't recognised. e.g.

For openssh 3.8 or later

     ssh -Y mylogin@somehost.ac.uk

For older openssh (up to 3.7)

     ssh -X mylogin@somehost.ac.uk

For more information about ssh please read the ssh in DAMTP page. That also contains links to obtaining ssh clients if you don't already have them installed.

If the remote site doesn't provide SSH clients

Since early 2001 the CMS site firewall has not permitted non-ssh connections to machines, so you will need to obtain ssh clients.