Display remote applications on my local X server in Linux

by on December 19, 2006 · 9 comments· LAST UPDATED December 19, 2006

in , ,

By default Linux disallows TCP connections from remote hosts. It prevents applications from running on a remote host and being able to be displayed on the local x server.

To enable the X server to display remote applications open /usr/share/gdm/defaults.conf file. Set DisallowTCP=true to false

# vi /usr/share/gdm/defaults.conf
Set DisallowTCP=true to false
DisallowTCP=false

Setting DisallowTCP to false will allow remote clients to connect.

If you don't know exact location of GDM defaults.conf conf file use find command
find / -name "defaults.conf"

Now restart GNOME aka GDM.
# reboot
OR
# init 3
# init 5

How do I test new setup?

Type any one of the following command on the client
xhost remote-ip
xhost remotehost
xhost remote.server.com

Now SSH into the remote client and type any one of the command:
xeyes -display remote-ip:0
xeyes -display remotehost:0
xeyes -display remoteserver.com:0

xeyes should popup on client system. Enjoy!

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 9 comments… read them below or add one }

1 Thrift December 19, 2006 at 10:52 pm

You may already be aware of this, but a much simpler and more secure way is to just ssh in with the -X (-Y on some Linux distros) flag which will set up an ssh tunnel to allow the same functionally to occur as well as automagically set the DISPLAY variable correctly, so that you don’t have to add -display as a flag to the applications you launch or edit the GDM settings.

This method doesn’t require you to allow the xserver to listen on your ethernet interfaces and doesn’t rely on IP based security.

The only time where I would really think that the way you have mentioned would be a better solution is if you don’t have SSH available, such as for compatibility with VMS or something like that. At which point you’d just use telnet instead of SSH and do everything else just as you have mentioned. You could manually set the DISPLAY variable as opposed to using -display as a flag though, which can be convenient.

Reply

2 nixCraft December 19, 2006 at 11:00 pm

Thrift,

In this specific case GDM was disabled for disallows TCP connections from remote hosts. So I had to edit the file and reload the config. BTW it was RHEL 5.0 beta that developer testing for software compatibility.

Appreciate your post.

Reply

3 Thrift December 21, 2006 at 1:11 am

Try to disallow TCP connections from within the GDM config and then ssh -X, it should work without having X listen for TCP connections.

Reply

4 drewp January 15, 2007 at 3:51 am

Just to elaborate on the last comment (for newbies and search engines):

Check if your X server isn’t even listening like this:
% ps ax | grep X
6081 tty7 SLs+ 204:24 /usr/bin/X :0 -br -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7

To get the -nolisten out of there, edit the file /etc/gdm/gdm.conf which (on ubuntu) ships with line 230 like this:
DisallowTCP=false

Set that to ‘true’ and restart X.

Reply

5 nixCraft January 15, 2007 at 11:54 am

drewp,

Thanks for posting ubuntu hints :)

Reply

6 rajeesh February 27, 2007 at 1:19 pm

really a great help yaar.. thanks a lot..

Reply

7 B!n@ry March 23, 2007 at 8:40 am

nixCraft,

y don’t we just stick with the -X option that is passed to ssh while connecting to a host ?

What is the different between both ?

Reply

8 .yankee August 4, 2009 at 3:30 am

@B!n@ry:
The difference, as Thrift already pointed out, is security – from the user’s viewpoint. If you modify the configuration file, as dectibed in this howto, you end up with an X server open to the network, meaning anyone can run an X aplication on it (hack your box even). That’s because there’s no need of authentication.
When using ssh, you both require authentication and make all the client-server communication encrypted, preventing a potential curious person sniffing your traffic.

Reply

9 Benny Boy September 19, 2011 at 3:49 pm

In natty, it’s /usr/share/gdm/gdm.schemas

I know this is an old post, but I found it searching around for why I could redirect windows back to me, and it was still in the top ten results. Thanks for the post, it put me in the right area, and a quick “find /usr/share/gdm -type f -exec grep -il disallowtcp {} \;” go the updated file name for me.
BennyBoy

Reply

Leave a Comment

Previous post:

Next post: