Unix graphical applications use a network client / server technology known as the X Window System, X11 (the version of the network protocol used) or just X. Unlike many other client / server schemas, X roles are exchanged – the server is on the user machine, while the graphical application may be located anywhere in the world, accessible through the TCP / IP network. To indicate the graphical server where programs should display their output, the environment variable $ DISPLAY is used. Its value is as follows:

address.of.X11.server:display.screen

where:

  • address.of.X11.server — IP address or DNS of the X11 server. This is the address of your machine, except when tunneling X11 through SSH (see below);
  • display — serial number of the display on which the X11 server is running. Most often 0, but there may be another value. It is directly connected to the TCP port number where the X11 server accepts network connections from clients: TCP port = 6000 + display;
  • screen — sequential screen number within one X11 display. Most often 0, but for multi-screen systems (e.g., using Xinerama) there may be several different screens. Using the default value of 0, the whole .screen can be omitted and the value of $DISPLAY acquires the more compact look address.of.X11.server:display.

For client authentication, the X11 provides several different options that depend on the specific conversion. Specifying the authentication mechanism and the necessary data is done in the .xauth file located in your home directory on the machine where the graphical applications are running.

Communication between applications and the X11 server can be done either directly or through an encrypted tunnel using SSH.

Direct connection

Using direct connection, you indicate (manually or automatically in the .bashrc) the address of your X11 server in the variable $DISPLAY. This method has a number of drawbacks:

  • works only if your machine has a public IP address or is located in the merged network of the Atomic Physics department and the Theoretical Physics department of the Faculty of Physics. It does not work if you are behind NAT (Network Address Translation), i.e. if your computer has an IP address of the types 10.x.x.x, 192.168.x.x (exceptions make addresses 192.168.2.x in the AP network and the TP of the Faculty of Physics), 172.16.x.x to 172.31.x.x;
  • you need to make the X11 server visible from the outside if you are using a firewall;
  • you must use a simple access control mechanism to the X11 server based on the Cluster IP address only. Any other user of the system can connect a graphical application to your server, which represents a certain security risk;
  • anyone who has access to the network transport facilities between the cluster and your computer can “eavesdrop” your keyboard input.

If you still choose to use this method, then the commands are:

  • for sh,bash,ksh,zsh:
DISPLAY=server.address:dpy.scr
export DISPLAY

  • for csh и tcsh:

setenv DISPLAY server.address:dpy.scr

You should replace server.address, dpy and scr with their respective values.

SSH tunnel

The SSH protocol works by setting up one or more secure data transfer channels, one of witch channels transfers your interactive session. SSH mechanisms are provided that can be used to redirect random TCP links, both on your machine and on the SSH server side. However, when redirecting X11, a number of server-side automations happen:

  • a file with authentication data is generated in your home directory (~/.xauth);
  • the environment variable $DISPLAY is established.

You can check whether X11 tunneling is successful with the command
echo $DISPLAY

If you get something like localhost: 10.0, redirection is found correctly. If you get an empty line (for sh-like shells) or an undefined variable (for csh-like shells), then tunneling has not worked for some reason.

The tunneling method through SSH works even if your machine is behind NAT or a firewall.

X servers

There is plenty of commercial and free servers running the X11 protocol. Here is a list of the most famous ones:

XFree86

One of the oldest free open source X11 protocol conversions. There are versions for almost all existing operating systems, including Unix and Unix-like Linux, Windows, and even OS/2. If you are using an old version of Linux, your graphic subsystem is probably XFree86.

X.org

A modern XFree86 clone, derived from a conflict of interest regarding the licensing of XFree86. Fully free software under X11 (MIT) license. Most modern Unix-like operating systems and Linux include X.org.

Mac OS X

Apple’s operating system includes an X11 server based on XFree86 4.4 (in Tiger) or X.org (in Leopard). For Tiger, the packet should be selected during installation or put on afterwards. Mac OS X itself uses a different graphics subsystem.

Xming

Xming is a minimalistic but fully functional X11 for Windows. Unlike its full-fledged partners, Xming only includes a graphical server, a font package, and integration tools with the free SSH client PuTTY. It is based on the source code of X.org and as such supports all its extensions that can work on the Windows platform. The package is free and you can download its latest version from Sourceforge.

Xming only works on Windows XP and its next versions of Windows — 2003 and Vista.

Hummingbird Exceed

Popular commercial implementation of X11 for Windows. More complete versions include a built-in SSH client.