Chemistry Lab University of Washington Computer Science & Engineering
 Starting UNIX X Clients From Windows XP - revised June 2007 - Warren Jessop
  CSE Support    Printer Friendly Version (PDF)   CSE Home    About Us    Search    Contact Info 

PuTTY and Reflection X

The procedure described below makes use of the following PC software, which is available free to UW CSE faculty, students, and staff:

The section below titled Creating a Shortcut to Start an X Session shows you how to create a shortcut on your personal machine that does the following when it is selected:

  1. Reflection-X will start (but only if it is not already started).

  2. Putty will start and will pop up a UNIX terminal window for a remote UNIX host - we'll use "attu" for this specific example. It may also pop up a "PuTTY Security Alert" window; if this is the first time you have logged into attu via PuTTY you can safely hit Yes.

  3. You enter your Kerberos password in response to the prompt, which will log you into attu.

  4. You get a UNIX prompt in the "attu - PuTTY" window.

Now, assuming you've gotten this far, you have several choices:

Using PuTTY has these advantages over other methods:

Problems?

If you have problems running X clients or starting an X session, the reason is may be that you are fiddling with the setting of the DISPLAY environment variable in one of your UNIX "dot" files, e.g. .cshrc. The value of your DISPLAY variable should always be

 
localhost:n.0
where n is some number greater than 0.

The important thing to understand is that the UNIX login procedure initiated by PuTTY on Windows or ssh in UNIX sets DISPLAY correctly, so you should not override this setting. If you do, you'll be overriding your secure encrypted connection and your X display data may be on the wire (or in the air) in clear text and snoopable.

Creating a Shortcut to Start an X Session

We'll assume you want to create an icon that will start an X session on a UNIX host, say attu. Attu is just an example; the directions are general and will show you how to create a new shortcut that will start a secure X session on any UNIX host. It does not really matter if you've used either Reflection X (the supported CSE X server for Windows) or PuTTY before---but of course they need to be installed on your computer.

Here's one way to create an icon (shortcut) that will start an X session on attu:

  1. Copy \\ntdfs\cs\nt\dist-area\miscellaneous\reflection\pconnect.cmd to your desktop using one of the Windows tools. (If you need to know more about \\ntdfs\\cs, see http://www.cs.washington.edu/lab/sw/uwcsentdfs.html) You only need to do this once, and you don't necessarily have to copy it to your desktop, but make sure that the full path name of the location you copy it to is entered into the shortcut in step 4 below.
  2. Move the cursor to the desktop and click the right mouse button.
  3. Choose New->Shortcut from the pop-up menus.
  4. Click "Browse...", scroll down to `pconnect.cmd', choose it, then click OK.
  5. Append "attu" (or perhaps the full pathname, "attu.cs.washington.edu", e.g. if this is on your home machine) to the text in the "Type the location of the item:" box. E.g. if the text reads `"C:\Documents and Settings\jouser\Desktop\pconnect.cmd"' then after this step it will read `"C:\Documents and Settings\jouser\Desktop\pconnect.cmd" attu'.
  6. Optional: If you have previously created and saved a PuTTY "session", you can append the name of the session after the hostname. E.g. if your saved session is called "whitebg" you could put this in the "location" box: `"C:\Documents and Settings\jouser\Desktop\pconnect.cmd" attu whitebg'
  7. Click Next.
  8. Type "SSH-X to attu" in the "Type a name for this shortcut:" box.
  9. Click finish. That's it.

Caveats

Use Port Forwarding

If you don't use SSH-style port forwarding, tunneling or IPSec, all X traffic is unencrypted. What this means in plain English is: if you want to start X clients on other UNIX hosts, DON'T use rlogin or telnet or xrsh. Instead, use `ssh -n host xterm &' from one of the existing UNIX shells.

Problems With Tcl and the Tk Toolkit

If you use a UNIX X application that makes use of the "Tk" toolkit and that uses the Tk "send" command, take note. For, example, exmh is such an application, and it uses the "send" command to start xterm or editor X clients, e.g. emacs; in this case the error generated by exmh reads:
 
X server insecure (must use xauth-style authorization); command ignored.
The reasons for this behavior are complex and have to do with the way the Tk "send" command ensures security. We will only deal here with what's needed to get "send" to work and hence get around the problem.

The solution is to give Reflection X a copy of your UNIX .Xauthority file (this is found in your UNIX home directory). This file has what's called a "magic cookie" inside. Note that the magic cookie is only created after your SSH-X session has been established, so Reflection X should not be given the cookie before then.

A Windows program, copyrxauth, has been written that will copy your .Xauthority file to a folder that Reflection expects it to be in---and rename it to RXAUTH, another of Reflection's expectations. Copyrxauth takes one parameter, the name of your UNIX home directory. For example, for a user called "jouser" this would normally be something like /homes/iws/jouser on the instructional UNIX systems, or /homes/gws/jouser for most staff research accounts.

Taking the latter example: once jouser has established an ssh connection to a research UNIX system, she would open up a command window on her Windows workstation and enter:
 
o:\nt\dist-area\miscellaneous\reflection\copyrxauth /homes/gws/jouser

Footnotes

(1)

Previously this documemtation featured SSH Secure Shell (or sshclient.exe), available in the UWICK kit, http://www.washington.edu/computing/software/uwick; however, Sshclient has some drawbacks when used at home, particularly with home routers.


This document was generated on November, 1 2007 using texi2html