In my previous post, I wrote about getting gpass (a password manager for the gnome desktop) compiled from source and running on our CentOS 6 platform. The screenie I took of the welcome screen was a mac-i-fied version.
I had configured my Linux machine to support X11 port-forwarding over a secure shell. It was surprisingly quick and easy to set-up and execute.
I wanted to remote-display the gpass window to my Mac OS X Lion desktop because I needed to transfer passwords from my 1Password application (running on Lion) to my gpass (Linux) program. Some of the passwords are pretty gnarly so the only way I can guarantee transferring data without making typos was to set-up a copy-paste-friendly environment.
One quick caveat. I've noticed that, when I terminate an X11 program from my Lion shell, I can no longer use that shell to initialize another X11 applet. I need to exit and re-start the terminal. If you know of the work-around for this, please leave a comment/reply to this post.
For all the following commands, it is assumed you have sudo privileges on your Linux system.
The first step I took was to edit the /etc/ssh/ssh_config file. At the end of the file, past the comments, there is a section labeled:
ForwardX11Trusted yes X11 Forwarding yes
Make sure that you have those two lines, uncommented and present, in your configuration.
Next, (re)start your sshd server:
# /etc/init.d/sshd restart
Stopping sshd: [ FAILED ] Generating SSH1 RSA host key: [ OK ] Generating SSH2 RSA host key: [ OK ] Generating SSH2 DSA host key: [ OK ] Starting sshd: [ OK ]
In case you're curious, the FAILED message in the first line of output was generated because I didn't already have sshd running on my system.
My machines run on a 192.168 subnet behind two firewalls - the firewall on my DSL modem, and the firewall on my multi-port router. Normally, I'm not too concerned about the security of my individual machines. (e.g.: I'm not running a software firewall on my Mac or my Linux server.) My subnet is DHCP-served by my router and the router is on it's own subnet DHCP-served by the dsl router/modem.
I need to obtain the current IP address of my linux server which I do so my running the ipconfig command.
Next, I switch over to my Mac and open a terminal -- within the terminal, I enter:
iMac:~ mike$ ssh -X 192.168.0.6 The authenticity of host '192.168.0.6 (192.168.0.6)' can't be established. RSA key fingerprint is f9:04:2d:0e:70:3d:a7:8f:92:c0:02:69:8c:f2:e6:51. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.6' (RSA) to the list of known hosts. firstname.lastname@example.org's password: whassup? /usr/bin/xauth: creating new authority file /home/mike/.Xauthority [mike@codeMonkey ~]$
At the command prompt, I now only have to enter whatever X11 command and that program will be displayed on my Mac Desktop. I can even open and start an entire desktop session. I could - but I won't -- my Linux server only has 2gB of Ram...
Instead, I'll open a gnome-terminal. So, at the prompt, I simply type: gnome-terminal and I get the gnome-terminal to appear on my desktop:
That's pretty much all there is to it, as far as I could tell. Eazy-peezy.
One last note -- once you have a terminal running on your Lion desktop, then any X11 commands, such as gpass, you enter will all be displayed on your Lion desktop. This circumvents the one-terminal-one-applet restriction I mentioned at the top of this article.
That's pretty much it for this article -- hope this helps!