X11Forwarding from CentOS 6 Linux to Mac OS X Lion via SSH

In my previous post, I wrote about getting gpass (a password manager for the gnome desktop) compiled from source and running on our CentOS 6 platform.  The screenie I took of the welcome screen was a mac-i-fied version.

I had configured my Linux machine to support X11 port-forwarding over a secure shell.  It was surprisingly quick and easy to set-up and execute.

I wanted to remote-display the gpass window to my Mac OS X Lion desktop because I needed to transfer passwords from my 1Password application (running on Lion) to my gpass (Linux) program.  Some of the passwords are pretty gnarly so the only way I can guarantee transferring data without making typos was to set-up a copy-paste-friendly environment.

One quick caveat. I've noticed that, when I terminate an X11 program from my Lion shell, I can no longer use that shell to initialize another X11 applet.  I need to exit and re-start the terminal.  If you know of the work-around for this, please leave a comment/reply to this post.

For all the following commands, it is assumed you have sudo privileges on your Linux system.

The first step I took was to edit the /etc/ssh/ssh_config file.  At the end of the file, past the comments, there is a section labeled:

Host *


ForwardX11Trusted yes X11 Forwarding yes


Make sure that you have those two lines, uncommented and present, in your configuration.

Next, (re)start your sshd server:

# /etc/init.d/sshd restart

Stopping sshd:                                         [ FAILED ] Generating SSH1 RSA host key:         [      OK      ] Generating SSH2 RSA host key:         [      OK      ] Generating SSH2 DSA host key:         [      OK      ] Starting sshd:                                           [      OK      ]


In case you're curious, the FAILED message in the first line of output was generated because I didn't already have sshd running on my system.

My machines run on a 192.168 subnet behind two firewalls - the firewall on my DSL modem, and the firewall on my multi-port router.  Normally, I'm not too concerned about the security of my individual machines.  (e.g.: I'm not running a software firewall on my Mac or my Linux server.)  My subnet is DHCP-served by my router and the router is on it's own subnet DHCP-served by the dsl router/modem.

I need to obtain the current IP address of my linux server which I do so my running the ipconfig command.

Next, I switch over to my Mac and open a terminal -- within the terminal, I enter:

iMac:~ mike$ ssh -X
The authenticity of host ' (' can't be established.
RSA key fingerprint is f9:04:2d:0e:70:3d:a7:8f:92:c0:02:69:8c:f2:e6:51.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (RSA) to the list of known hosts.
mike@'s password:
/usr/bin/xauth: creating new authority file /home/mike/.Xauthority
[mike@codeMonkey ~]$

At the command prompt, I now only have to enter whatever X11 command and that program will be displayed on my Mac Desktop.  I can even open and start an entire desktop session.  I could - but I won't -- my Linux server only has 2gB of Ram...

Instead, I'll open a gnome-terminal.  So, at the prompt, I simply type: gnome-terminal and I get the gnome-terminal to appear on my desktop:

That's pretty much all there is to it, as far as I could tell.  Eazy-peezy.

One last note -- once you have a terminal running on your Lion desktop, then any X11 commands, such as gpass, you enter will all be displayed on your Lion desktop.  This circumvents the one-terminal-one-applet restriction I mentioned at the top of this article.

That's pretty much it for this article -- hope this helps!